Question

Can't create SSL for hostname on kubernetes

Posted October 5, 2021 88 views
NginxLet's EncryptKubernetesDigitalOcean Managed Kubernetes

I was trying to create ssl to a hostname connected to a service on kubernetes. Here’s my file i used:

deployment.yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
    service.beta.kubernetes.io/do-loadbalancer-hostname: "test-flask.rytalo.com"
  name: flask-svc
  labels:
    app: flask

spec:
  type: LoadBalancer
  externalTrafficPolicy: Local

  ports:
  - port: 5000
    targetPort: 5000
  selector:
    app: flask
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: flask-test
  labels:
    app: flask
spec:
  replicas: 1
  selector:
    matchLabels:
      app: flask
  template:
    metadata:
      labels:
        app: flask
    spec:
      containers:
        - name: flask
          image: <image>:<VERSION>
          ports:
          - containerPort: 5000
      imagePullSecrets:
        - name: regcred

ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:

  annotations:
   kubernetes.io/ingress.class: nginx
   cert-manager.io/cluster-issuer: letsencrypt-flask
   nginx.ingress.kubernetes.io/rewrite-target: /
   service.beta.kubernetes.io/do-loadbalancer-protocol: "https"
   service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
   service.beta.kubernetes.io/do-loadbalancer-certificate-id: "cert-id"


  name: ingress-tls-flask

spec:
  tls:
  - hosts:
    - test-flask.example.com
    secretName: key-acme

  rules:
  - host: test-flask.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: flask-svc
          servicePort: 5000

issuer.yaml

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-flask

spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory 
    privateKeySecretRef:
      name: key-acme
    solvers:
    - http01:
       ingress:
         #podTemplate:
         #    spec:
         #     nodeSelector:
         #       beta.kubernetes.io/os: linux
         class: nginx

Here’s the events on my certificate:

Events:
  Type    Reason     Age   From          Message
  ----    ------     ----  ----          -------
  Normal  Issuing    13m   cert-manager  Issuing certificate as Secret does not exist
  Normal  Generated  13m   cert-manager  Stored new private key in temporary Secret resource "key-acme-6k4gx"
  Normal  Requested  13m   cert-manager  Created new CertificateRequest resource "key-acme-r94pv"

And here’s the events on the certificateRequest:

Events:
  Type    Reason          Age                From          Message
  ----    ------          ----               ----          -------
  Normal  IssuerNotFound  50m (x5 over 50m)  cert-manager  Referenced "ClusterIssuer" not found: clusterissuer.cert-manager.io "letsencrypt-flask" not found

how can i fix it ?..Thanks in advance

Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!