Let's Encrypt on load balancer and Ingress (K8S)

June 25, 2019 278 views
Kubernetes Load Balancing Let's Encrypt

Hello,

I have a Kubernetes cluster with a simple static page container serving for now, and the site on http:// shows up just fine. I set up LetsEncrypt in the load balancer admin panel according to this instruction: https://www.digitalocean.com/docs/networking/load-balancers/how-to/lets-encrypt, but on https:// it returns default backend - 404, and in the Ingress controller logs there are errors:

│ W0625 00:07:48.175103       6 backend_ssl.go:49] error obtaining PEM from secret default/key-name: error retrieving secret default/key-name: secret default/key-name was not found                                                                            │
│ W0625 00:07:48.175270       6 controller.go:1020] ssl certificate "default/key-name" does not exist in local store              

I don't know the actual key location or the files to try to manually configure that, only the name in the admin panel.

ingress.yml fragment

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-main
  annotations:
     kubernetes.io/ingress.class: nginx
     kubernetes.io/tls-acme: "true"
spec:
  tls:
  - hosts:
    - mydomain.com
    secretName: key-name

What is the issue, and how to fix this, what am I missing here? Thank you very much for your help.
Jakub

2 Answers

Secret "key-name" and ingress need to be in the same namespace.

There is a working script you can run to provision K8s on Digital Ocean (DOKS) complete with A record, LoadBalancer, Ingress with LetsEncrypt TLS termination. If you look at the Harbor or Jenkins ingresses after the installation you might be able to compare it with yours.

Kubernetes with CI/CD, Provisioning Script for DigitalOcean (DOKS)

Thank you for your response.
Since by your recommendation I dropped to not using the UI for issuing certificate, I just went through this tutorial https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-on-digitalocean-kubernetes-using-helm and it worked perfectly.

Cheerz.

by Dusko Savic
Kubernetes Ingresses offer you a flexible way of routing traffic from beyond your cluster to internal Kubernetes Services. Helm https://helm.sh/ is a package manager for managing Kubernetes. In this guide, you'll set up the Kubernetes-maintained Nginx Ingress Controller using Helm. You'll then create an Ingress Resource to route traffic from your domains to example Hello World back-end services.
Have another answer? Share your knowledge.