Conteneurs et Orchestration - Activate TSL for my Kubernertes Service
... / Activate TSL for my Kuber...
< Previous question   -   Next question >
BMPCreated with Sketch.BMPZIPCreated with Sketch.ZIPXLSCreated with Sketch.XLSTXTCreated with Sketch.TXTPPTCreated with Sketch.PPTPNGCreated with Sketch.PNGPDFCreated with Sketch.PDFJPGCreated with Sketch.JPGGIFCreated with Sketch.GIFDOCCreated with Sketch.DOC Error Created with Sketch.
Frage

Activate TSL for my Kubernertes Service

A
Von
AnicetB
Erstellungsdatum 2023-09-14 07:15:58 (edited on 2024-09-04 12:00:47) in Conteneurs et Orchestration

Hi,

I try to add TSL on my Kubernetes Service but I do not manage to make it working... I use `cert-manager` for TSL Certificate Management. I have a Service (based on FastAPI deployment) that successfully exposes port 80.

I added a CertificateIssuer and Ingress objects to my cluster but my CertificateOrder always stays in "Pending" status. I am probably missing something but I do not manage to figure out what is wrong.

Thanks for your help

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-cluster-issuer
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: xxxxxxxxxx # removed for OVH post
privateKeySecretRef:
name: letsencrypt-private-key
solvers:
- http01:
ingress:
class: nginx
---
apiVersion: v1
kind: Service
metadata:
name: solfy-api-service
spec:
selector:
app: solfy-api
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
# type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: solfy-api-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
spec:
rules:
- host: api.solfy.app
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: solfy-api-service
port:
number: 80
tls:
- hosts:
- api.solfy.app
secretName: solfy-tls-secret


> kubectl describe certificaterequest
Status:
Conditions:
Last Transition Time: 2023-09-13T17:58:26Z
Message: Certificate request has been approved by cert-manager.io
Reason: cert-manager.io
Status: True
Type: Approved
Last Transition Time: 2023-09-13T17:58:26Z
Message: Waiting on certificate issuance from order default/solfy-tls-secret-q66cg-3308898219: "pending"
Reason: Pending
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal WaitingForApproval 16m cert-manager-certificaterequests-issuer-acme Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 16m cert-manager-certificaterequests-issuer-ca Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 16m cert-manager-certificaterequests-issuer-venafi Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 16m cert-manager-certificaterequests-issuer-vault Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 16m cert-manager-certificaterequests-issuer-selfsigned Not signing CertificateRequest until it is Approved
Normal cert-manager.io 16m cert-manager-certificaterequests-approver Certificate request has been approved by cert-manager.io
Normal OrderCreated 16m cert-manager-certificaterequests-issuer-acme Created Order resource default/solfy-tls-secret-q66cg-3308898219
Normal OrderPending 16m cert-manager-certificaterequests-issuer-acme Waiting on certificate issuance from order default/solfy-tls-secret-q66cg-3308898219: ""
Positive Bewertungen (0)
934 Ansichten

Related questions

An Diskussion teilnehmen