0

I just will describe how it configured on my side. I've installed cert-manger on my Kubernetes by using this tutorial :

https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html

I've checked is it installed and it is :

enter image description here

Also I have ingress-resource with the next config: 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/acme-http01-edit-in-place: "true"
    certmanager.k8s.io/cluster-issuer: letsencrypt-issuer
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
  name: boonotes-ingress-resource
  namespace: default
spec:
  rules:
  - host: www.bnsfun.com
    http:
      paths:
      - backend:
          serviceName: booknotes-front-end-service
          servicePort: 80
        path: /?(.*)
  - host: www.bnsfun.com
    http:
      paths:
      - backend:
          serviceName: booknotes-back-end-service
          servicePort: 3000
        path: /api/?(.*)
  tls:
  - hosts:
    - www.bnsfun.com
    secretName: letsencrypt-certs
status:
  loadBalancer:
    ingress:
    - ip: some ip

Also, I've configured the certificate :

kubectl describe certificate booknotes-certificate

Name:         booknotes-certificate
Namespace:    default
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"certmanager.k8s.io/v1alpha1","kind":"Certificate","metadata":{"annotations":{},"name":"booknotes-certificate","namespace":"...
API Version:  certmanager.k8s.io/v1alpha1
Kind:         Certificate
Metadata:
  Creation Timestamp:  2019-11-17T04:51:57Z
  Generation:          2
  Resource Version:    7257970
  Self Link:           /apis/certmanager.k8s.io/v1alpha1/namespaces/default/certificates/booknotes-certificate
  UID:                 fbe1d9c0-08f5-11ea-82b3-42010a80017a
Spec:
  Acme:
    Config:
      Domains:
        www.bnsfun.com
      http01:
        Ingress:  boonotes-ingress-resource
  Common Name:    www.bnsfun.com
  Dns Names:
    www.bnsfun.com
  Issuer Ref:
    Kind:       ClusterIssuer
    Name:       letsencrypt-issuer
  Secret Name:  letsencrypt-certs
Events:         <none>

I've also created a secret:

enter image description here

Here is my sevice & ingress section:

enter image description here

I've used this tutorial to configure it : https://medium.com/@betandr/kubernetes-ingress-with-tls-on-gke-744efd37e49e

and official documentation of cert-manager to install cert managed. What do I wrong? How can I check why this doesn't work? I've tried a lot of stuff, but all doesn't work for me. For sure I do something wrong. But what? I've understood that I need cert-manager for updating my lets-encrypt certificate, also I need to create secret to store it, then I need configure my ingress in tls and annotaions. Pls could you help me to find out more what should happen there and what are the main steps to complete it? If you need more info , pls let me know

Here is my issuer: 

apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
  name: letsencrypt-issuer
spec:
  acme:
    email: email
    http01: {}
    privateKeySecretRef:
      name: letsencrypt
    server: "https://acme-v02.api.letsencrypt.org/directory"

enter image description here

Andrey Radkevich
  • 3,012
  • 5
  • 25
  • 57
  • Have installed the cluster issuer named letsencrypt-issuer ? – Michael Johann Nov 17 '19 at 09:22
  • yes, I've also attached , pls check it – Andrey Radkevich Nov 17 '19 at 09:31
  • Sorry, didn't saw this on my tiny phone ^^. – Michael Johann Nov 18 '19 at 10:04
  • Did you check the logs of the cert-manager pod? Usually this is the place to start troubleshooting. – Michael Johann Nov 18 '19 at 10:07
  • Regarding your just-deleted question about JSX: There are a couple of JSX compilers out there, Babel is just one of them (others are hard to find now though). By default, Babel's JSX support assumes the "maker" function for JSX components should be `React.createElement`, but you can use the [`pragma` option](https://babeljs.io/docs/en/babel-preset-react#pragma) to make it anything you want. So if your builder function is called `foo`, set the pragma to `foo` and `Hi there` will be converted to `foo(Example, {props: { className: "x"}}, "Hi there");`. – T.J. Crowder Dec 08 '19 at 17:29

1 Answers1

2

let's take an another path, Letsencrypt official docs say that they won't be supporting any longer for below 0.8 versions, so I recommend you to install cert-manager provided by Jetstack, that you can find here, to install the helm chart for it.

The follow this stackoverflow post, for configurations, note that if the api version mentioned in that post doesn't support in case of cluster issuer, then rather use 

apiVersion: cert-manager.io/v1alpha2

Note that , the tls secret name mentioned in the certificate will be auto-generated by cert-manager, and it automatically starts an acme-challenge to validate the domain, once you patch that secret name to the TLS in your ingress rule.

It shall solve the issue and the certificate's status will change to ready after the domain verification

Tushar Mahajan
  • 2,044
  • 1
  • 7
  • 18