This project shows how you can configure a TLS certificate to use for local development on Kubernetes.
For the example to work you need to configure a local certificate authority (CA) on your computer for development. We'll use mkcert for this purpose.
Note: The source code for this project can be found at: https://github.com/garden-io/garden/tree/master/examples/local-tls.
If you don't have mkcert installed, follow the instructions here.
After you've run
mkcert -install, run
mkcert garden.dev '*.garden.dev'
Note: You may choose another hostname if you prefer, but you'll need to update the project
Create a Kubernetes Secret with your generated certificate and key.
kubectl create secret tls tls-garden-dev --key garden.dev+1-key.pem --cert garden.dev+1.pem
The filenames above will be different if you used a different hostname.
garden.dev hostname to the hosts file on your machine, and have it point to the IP of your local cluster. If you use Docker for Desktop, the IP will be
127.0.0.1. If you use minikube, you can get the IP by running
We recommend using the hosts tool (or something similar) to modify your hosts file, but you may also edit it directly (it's at
/etc/hosts on most platforms).
Once you've completed the above, you can deploy the example project and the exposed ingress endpoints will be secured with TLS!
Deploy the project:
And then try sending a simple request using:
garden call node-service/hello