Comments (15)
simonswine
commented on May 14, 2024
The GCE has probably still a few problems...
@devth: can you provide me this:
- ingress yaml
- kubectl describe of the ingress
- a screenshot of the forwarding rule in gce console
from kube-lego.
devth
commented on May 14, 2024
Ingress
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: foo
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.class: "gce"
spec:
tls:
- secretName: foo-tls
hosts:
- foo.redacted.com
rules:
- host: foo.redacted.com
http:
paths:
- path: /*
backend:
serviceName: foo
servicePort: 80kubectl describe
Name: foo
Namespace: default
Address: 130.x.x.x
Default backend: default-http-backend:80 (10.0.1.3:8080)
TLS:
foo-tls terminates foo.redacted.com
Rules:
Host Path Backends
---- ---- --------
foo.redacted.com
/* foo:80 (<none>)
Annotations:
backends: {"k8s-be-30314--c2cd235f2196d4d5":"HEALTHY","k8s-be-31354--c2cd235f2196d4d5":"HEALTHY"}
forwarding-rule: k8s-fw-default-foo--c2cd235f2196d4d5
target-proxy: k8s-tp-default-foo--c2cd235f2196d4d5
url-map: k8s-um-default-foo--c2cd235f2196d4d5
No events.
from kube-lego.
simonswine
commented on May 14, 2024
Your screenshot shows the firewall rule and not the forwarding rule. Should be here: https://console.cloud.google.com/networking/loadbalancing/list
Another thing: if you could give me the output of kubectl get ingress/foo -o yaml instead of the one provided. It should contain a path with /.well-known/acme-challenge/*
from kube-lego.
devth
commented on May 14, 2024
It doesn't contain a path with .well-known/acme-challenge/* so I'm guessing that is the problem.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/backends: '{"k8s-be-30314--c2cd235f2196d4d5":"HEALTHY","k8s-be-31354--c2cd235f2196d4d5":"HEALTHY"}'
ingress.kubernetes.io/forwarding-rule: k8s-fw-default-foo--c2cd235f2196d4d5
ingress.kubernetes.io/target-proxy: k8s-tp-default-foo--c2cd235f2196d4d5
ingress.kubernetes.io/url-map: k8s-um-default-foo--c2cd235f2196d4d5
kubernetes.io/ingress.class: gce
kubernetes.io/tls-acme: "true"
creationTimestamp: 2016-08-14T16:59:07Z
generation: 1
name: foo
namespace: default
resourceVersion: "476436"
selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/foo
uid: 69e5e281-6240-11e6-bdc9-42010af00120
spec:
rules:
- host: foo.redacted.com
http:
paths:
- backend:
serviceName: foo
servicePort: 80
path: /*
tls:
- hosts:
- foo.redacted.com
secretName: foo-tls
status:
loadBalancer:
ingress:
- ip: 130.x.x.x
from kube-lego.
simonswine
commented on May 14, 2024
That could be something really buggy in kube-lego. Can you give me the exact version of kube-lego. Should be in the log output:
$ kubectl logs --namespace kube-lego kube-lego-2628658575-3xejo | head -n1
time="2016-08-15T10:38:31Z" level=info msg="kube-lego 0.0.4-910cebed starting" context=kubelego
from kube-lego.
devth
commented on May 14, 2024
kubectl logs kube-lego-3701810767-k5qf3 | head -n1
time="2016-08-15T16:40:55Z" level=info msg="kube-lego 0.0.4-910cebed starting" context=kubelego
I'm running kube-lego in the default namespace instead.
from kube-lego.
ram-argus
commented on May 14, 2024
I found that when I add the kube-lego-svc back, things start to work right (nginx in my case).
it seems that the challenge forwarding rule needs the kube-lego-svc to route to.
from kube-lego.
simonswine
commented on May 14, 2024
You are both sure that you are using Version 0.1.0 of Kube-Lego? (Image tag in Kube-Lego Deployment)
from kube-lego.
ram-argus
commented on May 14, 2024
I was using the latest example version (0.0.4)
from kube-lego.
simonswine
commented on May 14, 2024
That's the problem then can you try the 0.1.0 tag. I will fix the docs in a minute
from kube-lego.
ram-argus
commented on May 14, 2024
confirming it works as expected with image tag 0.1.0 on an nginx controller
Thanks!
also, the logs still shows "kube-lego 0.0.4-de70b08f starting" with the 0.1.0 image. a little confusing...
and btw, had to cleanup older ingress after switching images, as the old one was shadowing the new one
from kube-lego.
simonswine
commented on May 14, 2024
Seems like I need a release script to not forget the necessary steps around automation 😆. I will release 0.1.1 later with both issues (wrong docs + wrong output) fixed
from kube-lego.
simonswine
commented on May 14, 2024
@ram-argus ok released 0.1.1 and pushed to docker hub. Thanks a lot for spotting this versioning issues. It is really a big blocker for new users.
time="2016-08-16T10:36:52Z" level=info msg="kube-lego 0.1.1-81604d11 starting" context=kubelego
Feel free to create new issues as soon you hit them! Cheers
from kube-lego.
simonswine
commented on May 14, 2024
@devth let me know if 0.1.1 works for you
from kube-lego.
devth
commented on May 14, 2024
@simonswine thanks, it works!
I had to delete my existing kube-lego deployment, the service it created, and my ingress. After re-creating I waited about 5 minutes, saw a bunch of 404 errors in the reachability attempt, then it started working.
from kube-lego.
Related Issues (20)
- The tls-sni challenge has been disabled due to strong credibility of a vulnerability report HOT 4
- Adding heptio/contour support HOT 1
- Wildcard Certificate Support HOT 2
- Pull the complete certificate chain HOT 1
- Unsupported ingress class HOT 1
- renewal expiry date is incorrect HOT 1
- Support for Letsencrypt wildcard certificate HOT 1
- Let's Encrypt Wildcard Support HOT 9
- How safe is it to use Kube Lego in producation on v1.9+ of Kubernetes? HOT 2
- If one of the domains in an ingress fails reachability, kube-lego should not try to authorize any of the domains
- Pod kube-lego not starting HOT 4
- read udp i/o timeout HOT 4
- Does not seem to work on k8s 1.8.8-gke.0 HOT 6
- Failed to list *v1beta1.Ingress HOT 1
- creating new secret
- Auto-renewal of certificates is not being triggered in 0.1.6 HOT 2
- Memory Leak?
- kubernetes 1.10 on GCP cant create a GCE loadbalancer ingress without secret
- Add: kubernetes.io/tls-acme: 'true' annotation
- Archive the kube-lego repository
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-lego.