This starter kit is designed for local Kubernetes experimentation using Terraform. It provides a preconfigured setup with certificate management, ingress routing, and load balancing, making it easy to test, learn, and prototype cloud-native deployments.
- DevOps Engineers & SREs who want a sandbox for testing infrastructure automation.
- Developers exploring Kubernetes deployments without cloud costs.
- Teams learning Terraform and Kubernetes best practices in a safe, local environment.
envs/local- Local Environment. You can use Docker Desktop for local usage.
Each service is managed as a separate module for better reusability and organization.
- Deploys MetalLB via Helm.
- Configures IP address pools dynamically using
kubectl_manifest.
- Installs Cert-Manager using Helm.
- Deploys Ingress-Nginx as a controller for managing ingress traffic.
- Creates a ClusterIssuer and a self-signed CA certificate.
- Creates a ClusterIssuer that uses letsencrypt .
- Deploys Echo Server using Kubernetes manifests.
- Configures an Ingress resource with self-signed TLS issued by Cert-Manager.
For local usage, for example, in Docker Desktop you might want to use selfsigned certificates. To do that process easy just install the tool mkcert.
# https://github.com/FiloSottile/mkcert?tab=readme-ov-file#installation
brew install mkcert
mkcert -installThe best way is fork the repo. But it's up to you.
-
Set selfsigned CA certificate and key For local usage you have set some TF_VAR
export TF_VAR_cluster_issuer_selfsigned_ca_cert="$(base64 < "$(mkcert -CAROOT)/rootCA.pem")" export TF_VAR_cluster_issuer_selfsigned_ca_key="$(base64 < "$(mkcert -CAROOT)/rootCA-key.pem")"
-
Customizing Variables:
You can override default locals by creating a
envs/local/locals.tffile:locals { kube_config_path = "~/.kube/config" kube_context = "docker-desktop" ingress_class_name = "nginx" cluster_issuer_selfsigned = "selfsigned" cluster_issuer_production = "production" cluster_issuer_production_acme_email = "[email protected]" root_domain = "127.0.0.1.nip.io" metallb_ip_range = ["127.0.0.1-127.0.0.1"] }
-
Initialize Terraform:
make tf-init
-
Plan the deployment:
make tf-plan
-
Apply the changes:
make tf-apply # or you can use -auto-approve option make tf-apply-approve -
Verify resources in Kubernetes:
kubectl get pods -A kubectl get svc -A kubectl get ingress -A
-
Verify resources in Kubernetes:
curl https://echo.127.0.0.1.nip.io
To remove all deployed resources:
make tf-destroy
# or you can use -auto-approve option
make tf-destroy-approveTo delete all deployed resources and create again:
make tf-recreateDelete EVERYTHING, including state and create again:
make tf-resetTo visualize graph install dot app:
brew install graphviz
make tf-graphYou can install pre-commit hooks from .hooks folder for autoformatting files:
make setup-hooksYou can run basic validation for your Terraform configuration:
make tf-test✅ Modular architecture with separate Terraform modules.
✅ Uses Helm for package management.
✅ Configures self-signed certificates with Cert-Manager.
✅ Supports MetalLB for LoadBalancer services in local Kubernetes environments.
✅ Ingress-Nginx handles application routing.
✅ Secure and automated TLS handling via ClusterIssuer.
📢 Contributions & Issues If you encounter any issues or have suggestions for improvements, feel free to contribute or raise an issue! 🚀