Background: After first searching around there are plenty of tutorials to show how to do this, but none of them just worked w/o modifications, the...
For further actions, you may consider blocking this person and/or reporting abuse
This post it's worth 1.000.000 Hearts. I solved the issue and actually understood it. there are many flavors to get cert-manager on track with kubernetes, on EKS from AWS. Btw never install cert-manager from gitlab. You will end up deleting a entire cluster just to get rid off it. Ingress works like champ on gitlab's. nothing else.. once again thanks bro..
I solved my production problem, thanks :D. but what about let's say. staging-api.mysite.com on my staging namespace it creates the certificate but when on the browser it shows. CN=Fake LE Intermediate X1 and is not trusted and firefox is not opening it. any idea? I've production and staging namespaces with their own ingress copy/paste with different names. (staging this case)
Maybe you just have misinterpreted what staging is reffered to in different contexts:
In context of letsencrypt staging certs:
As far as I know he LetsEncrypt Staging Authority issues exactly those kind of certificates that you mentioned. They are not trusted by browsers, but only used for initially testing if issuing certificates works in general. After that works you need to switch to letsencrypt production authority.
In context of your staging API:
It does not mean that for your staging environment you use the letsencrypt staging authority. Instead you also have to switch this to the production authority.
LetsEncrypt have revoked around 3 million certs last night due to a bug that they found. Are you impacted by this, Check out ?
DevTo
[+] dev.to/dineshrathee12/letsencrypt-...
GitHub
[+] github.com/dineshrathee12/Let-s-En...
LetsEncryptCommunity
[+] community.letsencrypt.org/t/letsen...
I'm trying to apply the above setup in a Vagrant set of machines running Ubuntu 18.04.
Unfortunately, when trying to
kubectl apply -f Service_ingress-nginx.yaml
everything runs well, but then
vagrant@k8smaster:/vagrant/proxy$ kubectl get --all-namespaces service
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
...
ingress-nginx ingress-nginx LoadBalancer 10.102.210.119 80:32550/TCP,443:32197/TCP 22m
...
I tried to add in Service_ingress-nginx.yaml:
externalIPs:
kubectl get --all-namespaces service will show an external IP, but I cannot view any of the domains in browser...
Installing Docker & Kubernetes with this Makefile: github.com/dragoscirjan/configs/bl...
Maybe I'm missing smth.
Would be really greatfull if you could advise.
This is awesome Chris. One question please, is this certificate self renewing?
Hi Adie, yes cert-manager takes care of that job.
At least that's what the cert-manager repo claims: 'It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.'
Though I'll still have to wait some time before being able to really confirm it :-)
Okay, Thank you
Thanks a lot! I went through quite many instructions about let's encrypt with kubernetes but this was the first one with successful result. You saved a lots of my time. Thanks!
nice love to hear that
Thank you so much, this helped me solve my problem with issuing the certificate, your Service_ingress-nginx.yaml file was the key. Awesome article!
Tank you, I'm glad it helped!