3. Set Up Ingress, TLS and DNS

By default, Garden will not install an ingress controller for remote environments. This can be toggled by setting the setupIngressController flag to nginx. Alternatively, you can set up your own ingress controller, e.g. using Traefik, Ambassador or Istio. You can find an example for using Garden with Istio in our examples directory.

You'll also need to point one or more DNS entries to your cluster, and configure a TLS certificate for the hostnames you will expose for ingress.

Templating the ingress to the application enables you to have DNS entries for every developer's namespace.

First, you will make DNS CNAME entry that points to the load balancer in front of your cluster. We recommend setting a wildcard in front of the proper record, e.g. *...com.

If you would like to manage TLS for development environments, we recommend using your cloud provider's certificate management service in combination with a load balancer. You can find the documentation for AWS here and for GCP here.

If you are manually creating or obtaining the certificates (and you have the .crt and .key files), create a Secret for each cert in the cluster so they can be referenced when deploying services:

kubectl create secret tls mydomain-tls-secret --key <path-to-key-file> --cert <path-to-crt-file>

Once you have completed the set up, make note of hostname.

If you're storing certs as Kubernetes Secrets, also make note of their names and namespaces.