Deploying TLS certificates for local development and production using Kubernetes, cert-manager, mkcert and Let’s Encrypt

Recently with my project, I’ve dived into how to enable TLS on our client-facing infrastructure in production, but also for the development environment.

Here’s how I’ve taken care of this!

Mission statement

As the first iteration for secure communications in my project, my main objective was simply to put TLS termination in place at the edge of our Kubernetes cluster (i.e., at the ingress level), and to present Let’s Encrypt certificates to clients in production.

When I get more time I’ll certainly come back to this to implement full-blown end-to-end encryption but, as the saying goes: “you have to learn to walk before you run” :)

I set two sub-goals to reach for this first iteration:

• Enabling TLS for local development
• Enabling TLS for all the production & production-like environments (e.g., staging & production).

I wanted a similar solution for both cases in order to keep the development environment as realistic as possible, but really couldn’t afford to spend a whole month to implement something.