Home > Blockchain >  Kubernetes cert-manager certificate is created but can not get vertified
Kubernetes cert-manager certificate is created but can not get vertified

Time:12-25

I am working on a DO kubernetes cluster and install ingress nginx and argocd on it, All seems fine and I can easily use the ingress as long as they are accessing the services via http.

I have also installed certmanager and here are the main files regarding my ingress, certificate and issuer:

Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rancher-demo
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
    certmanager.k8s.io/cluster-issuer: "letsencrypt-production"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  tls:
  - hosts:
      - {sub-domain}
    secretName: ssl-cert-production
  rules:
  - host: {sub-domain}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service: 
            name: rancher-demo
            port:
              number: 80

Issuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
  namespace: default
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: {my-email}
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
    - selector: {}
      http01:
        ingress:
          class: nginx

Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: ssl-cert-production
  namespace: default
spec:
  secretName: ssl-cert-production
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  commonName: {sub-domain}
  dnsNames:
  - {sub-domain}

I went through some other samples on github and questions on stackoverflow and unfortunetly I can not figure out where I am doing it wrong.

Thank you in advance for your attentions

CodePudding user response:

I finally managed to fix the issue, what I have done was as follow:

  1. creating a new kubernete instance
  2. installing cert-manager manaully
  3. installing ingress-nginx manaully
  4. creating the issuer (waiting for it to complete)
  5. creating deployment and cluster
  6. creating ingress config for my application
  7. creating the certificate (waiting for it to complete)

I was working on ArgoCD and had to first do these setups myself before handling CD with Argo. It was my own fault that I did not properly go through their documentations. The order is important, but the way I sat up Argo, it was provisioing everything in parallel so for example certificate was being provision before ingress be up or issuer be in place

Also for anyone who is interested in a detailed version please checkout the github repo I created below:

https://github.com/mehdiamenein/cert-manager-nginx-ingress-do

I hope this can be helpful to someone else as well :)

Huge thanks to marcel.dempers for his wonderful video https://www.youtube.com/watch?v=hoLUigg4V18

and many thanks to @justin and @harsh-manvar for their comments

Page link:https//www.codepudding.com/Blockchain/240299.html

Prev:start-iap-tunnel unable to connect to a listening port
Next:Empty SESSION Table in Keycloak H2 Database
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding