This project shows how you can configure a TLS certificate to use for local development on Kubernetes.

For the example to work you need to configure a local certificate authority (CA) on your computer for development. We'll use mkcert for this purpose.

Note: The source code for this project can be found at: https://github.com/garden-io/garden/tree/master/examples/local-tls.

Setup

Step 1 - Install mkcert

If you don't have mkcert installed, follow the instructions here.

Step 2 - Generate a certificate

After you've run mkcert -install, run

mkcert garden.dev '*.garden.dev'

Note: You may choose another hostname if you prefer, but you'll need to update the project garden.yml accordingly.

Step 3 - Configure the certificate in your Kubernetes installation

Create a Kubernetes Secret with your generated certificate and key.

kubectl create secret tls tls-garden-dev --key garden.dev+1-key.pem --cert garden.dev+1.pem

The filenames above will be different if you used a different hostname.

Step 4 - Configure the hostname in your hosts file

Add the garden.dev hostname to the hosts file on your machine, and have it point to the IP of your local cluster. If you use Docker for Desktop, the IP will be 127.0.0.1. If you use minikube, you can get the IP by running minikube ip.

We recommend using the hosts tool (or something similar) to modify your hosts file, but you may also edit it directly (it's at /etc/hosts on most platforms).

Usage

Once you've completed the above, you can deploy the example project and the exposed ingress endpoints will be secured with TLS!

Deploy the project:

garden deploy

And then try sending a simple request using:

garden call node-service/hello