# GKE : use local domain ###### tags: `gke` `SSL` Sometime you need to test SSL on localhost I have a GKE cluster & I want to try ingress with a fake localhost dns like https://main.local ## set a local dns to your ingress external IP /etc/hosts : ``` ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost docker.for.mac.localhost 255.255.255.255 broadcasthost ::1 localhost xx.xxx.xxx.xx santa.local ``` ## Generate SSL cert with letsencrypt: e.g : ssl for https://playmo.local ``` openssl req -x509 -out main.crt -keyout main.key \ -newkey rsa:2048 -nodes -sha256 \ -subj '/CN=main.local' -extensions EXT -config <( \ printf "[dn]\nCN=main.local\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:main.local\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") ``` ## Create Secret TLS on K8S ``` kubectl create secret tls tls-main --key main.key --cert main.crt ``` ## Set cert trust on OSX - Launch Application/Utilities/Keychain Access.app & upload your main.crt - set trusted always see [tuto](https://tosbourn.com/getting-os-x-to-trust-self-signed-ssl-certificates)