Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
services
README.md
garden.yml

README.md

Local TLS example project

This project shows how you can configure a TLS certificate to use for local development on Kubernetes.

For the example to work you need to configure a local CA on your computer for development. We'll use mkcert for this purpose.

Setup

Step 1 - Install mkcert

If you don't have mkcert installed, follow the instructions here.

Step 2 - Generate a certificate

After you've run mkcert -install, run

mkcert garden.dev '*.garden.dev'

Note: You may choose another hostname if you prefer, but you'll need to update the project garden.yml accordingly.

Step 3 - Configure the certificate in your Kubernetes installation

Create a Kubernetes Secret with your generated certificate and key.

kubectl create secret tls tls-garden-dev --key garden.dev+1-key.pem --cert garden.dev+1.pem

The filenames above will be different if you used a different hostname.

Step 4 - Configure the hostname in your hosts file

Add the garden.dev hostname to the hosts file on your machine, and have it point to the IP of your local cluster. If you use Docker for Desktop, the IP will be 127.0.0.1. If you use minikube, you can get the IP by running minikube ip.

We recommend using the hosts tool (or something similar) to modify your hosts file, but you may also edit it directly (it's at /etc/hosts on most platforms).

Usage

Once you've completed the above, you can deploy the example project and the exposed ingress endpoints will be secured with TLS!

Deploy the project:

garden deploy

And then try sending a simple request using:

garden call node-service/hello