Terrakube can be installed in minikube as a sandbox environment with HTTPS, using terrakube with HTTPS will allow to use the Terraform registry and the Terraform remote state backend to be used locally without any issue.
Please follow these instructions:
Requirements:
Install mkcert to generate the local certificates.
We will be using following domains in our test installation:
mkcert -install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox trust store (requires browser restart)! 🦊
Local CA certificate path
mkcert -CAROOT
/home/myuser/.local/share/mkcert
Local CA certificate content
Generate certificate for *.minikube.net
These command will generate two files key.pem and cert.pem that we will be using later.
Now we have all the necessary to install Terrakube with HTTPS
Setup Helm Repository
Setup Minikube
Copy the minikube ip address ( Example: 192.168.59.100)
Create Kubernetes secret with local certificate
Setup Terrakube namespace
Setup DNS records
Setup Ingress Certificates
Helm Values.
We need to generate a file called values.yaml with the following using the content of our rootCa.pem from the previous step:
If you are following this guild for Terrakube 4.2.5 or lower, you will also have to mount the CA certs explicitly. For more information, see Custom CA certs
Install Terrakube with local HTTPS support
If you found the following message "Snippet directives are disabled by the Ingress administrator", please update the ingres-nginx-controller configMap in namespace ingress-nginx adding the following:
Using Terrakube
The environment has some users, groups and sample data so you can test it quickly.
Visit https://terrakube-ui.minikube.net and login using [email protected] with password admin
We should be able to use the UI using a valid certificate.
Mac Networking
When using mac there is an additional step to access terrakube please check the following tool to access the app
Using terraform we can connect to the terrakube api and the private registry using the following command with the same credentials that we used to login to the UI.
mkcert -key-file key.pem -cert-file cert.pem minikube.net *.minikube.net
Created a new certificate valid for the following names 📜
- "minikube.net"
- "*.minikube.net"
Reminder: X.509 wildcards only go one level deep, so this won't match a.b.minikube.net ℹ️
The certificate is at "cert.pem" and the key at "key.pem" ✅
It will expire on 19 January 2026 🗓
$ terraform init
Initializing Terraform Cloud...
No workspaces found.
There are no workspaces with the configured tags (example, myplayground)
in your Terraform Cloud organization. To finish initializing, Terraform needs at
least one workspace available.
Terraform can create a properly tagged workspace for you now. Please enter a
name to create a new Terraform Cloud workspace.
Enter a value: simple
Initializing provider plugins...
- Finding latest version of hashicorp/null...
- Finding latest version of hashicorp/time...
- Installing hashicorp/null v3.2.1...
- Installed hashicorp/null v3.2.1 (signed by HashiCorp)
- Installing hashicorp/time v0.9.1...
- Installed hashicorp/time v0.9.1 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
$ terraform apply
Running apply in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will cancel the remote apply if it's still pending. If the apply started it
will stop streaming the logs, but will not stop the apply running remotely.
Preparing the remote apply...
To view this run in a browser, visit:
https://terrakube-api.minikube.net/app/simple/simple/runs/40
Waiting for the plan to start...
***************************************
Running Terraform PLAN
***************************************
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# null_resource.next will be created
+ resource "null_resource" "next" {
+ id = (known after apply)
}
# null_resource.previous will be created
+ resource "null_resource" "previous" {
+ id = (known after apply)
}
# time_sleep.wait_5_seconds will be created
+ resource "time_sleep" "wait_5_seconds" {
+ create_duration = "5s"
+ id = (known after apply)
}
Plan: 3 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ creation_time = "5s"
Do you want to perform these actions in workspace "simple"?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
null_resource.previous: Creating...
null_resource.previous: Creation complete after 0s [id=6182221597368620892]
time_sleep.wait_5_seconds: Creating...
time_sleep.wait_5_seconds: Creation complete after 5s [id=2023-10-19T20:25:22Z]
null_resource.next: Creating...
null_resource.next: Creation complete after 0s [id=9093191930998774410]
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
