Question
Can't create SSL for hostname on kubernetes
- Posted on October 5, 2021
- DigitalOcean Managed KubernetesKubernetesNginxLet's Encrypt
Asked by ahmednageh
I was trying to create ssl to a hostname connected to a service on kubernetes. Here’s my file i used:
##deployment.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
service.beta.kubernetes.io/do-loadbalancer-hostname: "test-flask.rytalo.com"
name: flask-svc
labels:
app: flask
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- port: 5000
targetPort: 5000
selector:
app: flask
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flask-test
labels:
app: flask
spec:
replicas: 1
selector:
matchLabels:
app: flask
template:
metadata:
labels:
app: flask
spec:
containers:
- name: flask
image: <image>:<VERSION>
ports:
- containerPort: 5000
imagePullSecrets:
- name: regcred
##ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-flask
nginx.ingress.kubernetes.io/rewrite-target: /
service.beta.kubernetes.io/do-loadbalancer-protocol: "https"
service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
service.beta.kubernetes.io/do-loadbalancer-certificate-id: "cert-id"
name: ingress-tls-flask
spec:
tls:
- hosts:
- test-flask.example.com
secretName: key-acme
rules:
- host: test-flask.example.com
http:
paths:
- path: /
backend:
serviceName: flask-svc
servicePort: 5000
##issuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-flask
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: key-acme
solvers:
- http01:
ingress:
#podTemplate:
# spec:
# nodeSelector:
# beta.kubernetes.io/os: linux
class: nginx
Here’s the events on my certificate:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 13m cert-manager Issuing certificate as Secret does not exist
Normal Generated 13m cert-manager Stored new private key in temporary Secret resource "key-acme-6k4gx"
Normal Requested 13m cert-manager Created new CertificateRequest resource "key-acme-r94pv"
And here’s the events on the certificateRequest:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal IssuerNotFound 50m (x5 over 50m) cert-manager Referenced "ClusterIssuer" not found: clusterissuer.cert-manager.io "letsencrypt-flask" not found
how can i fix it ?..Thanks in advance
Submit an answer
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!