How to get SSL working with Minikube

README.md

Local Setup

In this docs we will use the following technologies for setup:

• Tilt
• minikube
• Helm
• mkcert

Step 1: Setup minikube

Please follow documentation.

Step 2: Setup Tilt

Please follow documentation.

Step 3: Configure minikube - Tilt

Please follow documentation.

Step 4: install mkcert

Please follow documentation.

After installation, do not forget to run:

$ mkcert -install

Step 5: Add secret:

$ kubectl -n cert-manager create secret tls mkcert \
    --key "$(mkcert -CAROOT)/rootCA-key.pem" \
    --cert "$(mkcert -CAROOT)/rootCA.pem"

Step 6: ingress

Enable ingress:

$ minikube addons enable ingress

Configure ingress (we created the secret kube-system/secret in the last step).

$ minikube addons configure ingress

Now turn it off and on again:

$ minikube addons disable ingress
$ minikube addons enable ingress

Step 7: Install CRDs and cert-manager

Please follow documentation. Make sure CRDs are also installed using either of these options in the documentation.

Step 8: Create a Cluster Issuer

$ kubectl apply -f local-setup/cluster-issuer.yaml

Step 9: DNS / resolving hostnames

Option A. dnsmasq

Please follow documentation for Ubuntu or documentation for macOS.

After installation, please run:

$ echo 'address=/nldoc.local/127.0.0.1' >> "$(brew --prefix)/etc/dnsmasq.conf"

Option B. /etc/hosts

Edit /etc/hosts/ and add new lines:

127.0.0.1 publicatietool.nldoc.local
127.0.0.1 rabbitmq.nldoc.local
127.0.0.1 minio.nldoc.local
127.0.0.1 esc.nldoc.local

Option C. Ingress DNS

I haven't tried this but it's surely possible, please see documentation.

Step 10: minikube tunnel

Now run:

$ minikube tunnel

The services will be exposed to the correct ports.

Warnings

Currently, we are using .local, but we should not.

cluster-issuer.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: mkcert-clusterissuer
spec:
  ca:
    secretName: mkcert