Question

Can't create SSL for hostname on kubernetes

I was trying to create ssl to a hostname connected to a service on kubernetes. Here’s my file i used:

##deployment.yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
    service.beta.kubernetes.io/do-loadbalancer-hostname: "test-flask.rytalo.com"
  name: flask-svc
  labels:
    app: flask

spec:
  type: LoadBalancer
  externalTrafficPolicy: Local

  ports:
  - port: 5000
    targetPort: 5000
  selector:
    app: flask
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: flask-test
  labels:
    app: flask
spec:
  replicas: 1
  selector:
    matchLabels:
      app: flask
  template:
    metadata:
      labels:
        app: flask
    spec:
      containers:
        - name: flask
          image: <image>:<VERSION>
          ports:
          - containerPort: 5000
      imagePullSecrets:
        - name: regcred

##ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:

  annotations:
   kubernetes.io/ingress.class: nginx
   cert-manager.io/cluster-issuer: letsencrypt-flask
   nginx.ingress.kubernetes.io/rewrite-target: /
   service.beta.kubernetes.io/do-loadbalancer-protocol: "https"
   service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
   service.beta.kubernetes.io/do-loadbalancer-certificate-id: "cert-id"
  

  name: ingress-tls-flask

spec:
  tls:
  - hosts:
    - test-flask.example.com
    secretName: key-acme
  
  rules:
  - host: test-flask.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: flask-svc
          servicePort: 5000

##issuer.yaml

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-flask

spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory 
    privateKeySecretRef:
      name: key-acme
    solvers:
    - http01:
       ingress:
         #podTemplate:
         #    spec:
         #     nodeSelector:
         #       beta.kubernetes.io/os: linux
         class: nginx

Here’s the events on my certificate:

Events:
  Type    Reason     Age   From          Message
  ----    ------     ----  ----          -------
  Normal  Issuing    13m   cert-manager  Issuing certificate as Secret does not exist
  Normal  Generated  13m   cert-manager  Stored new private key in temporary Secret resource "key-acme-6k4gx"
  Normal  Requested  13m   cert-manager  Created new CertificateRequest resource "key-acme-r94pv"

And here’s the events on the certificateRequest:

Events:
  Type    Reason          Age                From          Message
  ----    ------          ----               ----          -------
  Normal  IssuerNotFound  50m (x5 over 50m)  cert-manager  Referenced "ClusterIssuer" not found: clusterissuer.cert-manager.io "letsencrypt-flask" not found

how can i fix it ?..Thanks in advance


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer