Question
Can't create SSL for hostname on kubernetes
- Posted October 5, 2021
- DigitalOcean Managed KubernetesKubernetesNginxLet's Encrypt
I was trying to create ssl to a hostname connected to a service on kubernetes. Here’s my file i used:
##deployment.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
service.beta.kubernetes.io/do-loadbalancer-hostname: "test-flask.rytalo.com"
name: flask-svc
labels:
app: flask
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- port: 5000
targetPort: 5000
selector:
app: flask
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flask-test
labels:
app: flask
spec:
replicas: 1
selector:
matchLabels:
app: flask
template:
metadata:
labels:
app: flask
spec:
containers:
- name: flask
image: <image>:<VERSION>
ports:
- containerPort: 5000
imagePullSecrets:
- name: regcred
##ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-flask
nginx.ingress.kubernetes.io/rewrite-target: /
service.beta.kubernetes.io/do-loadbalancer-protocol: "https"
service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
service.beta.kubernetes.io/do-loadbalancer-certificate-id: "cert-id"
name: ingress-tls-flask
spec:
tls:
- hosts:
- test-flask.example.com
secretName: key-acme
rules:
- host: test-flask.example.com
http:
paths:
- path: /
backend:
serviceName: flask-svc
servicePort: 5000
##issuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-flask
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: key-acme
solvers:
- http01:
ingress:
#podTemplate:
# spec:
# nodeSelector:
# beta.kubernetes.io/os: linux
class: nginx
Here’s the events on my certificate:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 13m cert-manager Issuing certificate as Secret does not exist
Normal Generated 13m cert-manager Stored new private key in temporary Secret resource "key-acme-6k4gx"
Normal Requested 13m cert-manager Created new CertificateRequest resource "key-acme-r94pv"
And here’s the events on the certificateRequest:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal IssuerNotFound 50m (x5 over 50m) cert-manager Referenced "ClusterIssuer" not found: clusterissuer.cert-manager.io "letsencrypt-flask" not found
how can i fix it ?..Thanks in advance
Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign in to Answer
