Hi,
I try to add TSL on my Kubernetes Service but I do not manage to make it working… I use `cert-manager` for TSL Certificate Management. I have a Service (based on FastAPI deployment) that successfully exposes port 80.
I added a CertificateIssuer and Ingress objects to my cluster but my CertificateOrder always stays in "Pending" status. I am probably missing something but I do not manage to figure out what is wrong.
Thanks for your help
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-cluster-issuer
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: xxxxxxxxxx # removed for OVH post
privateKeySecretRef:
name: letsencrypt-private-key
solvers:
- http01:
ingress:
class: nginx
—
apiVersion: v1
kind: Service
metadata:
name: solfy-api-service
spec:
selector:
app: solfy-api
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
# type: ClusterIP
—
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: solfy-api-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
spec:
rules:
- host: api.solfy.app
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: solfy-api-service
port:
number: 80
tls:
- hosts:
- api.solfy.app
secretName: solfy-tls-secret
> kubectl describe certificaterequest
Status:
Conditions:
Last Transition Time: 2023-09-13T17:58:26Z
Message: Certificate request has been approved by cert-manager.io
Reason: cert-manager.io
Status: True
Type: Approved
Last Transition Time: 2023-09-13T17:58:26Z
Message: Waiting on certificate issuance from order default/solfy-tls-secret-q66cg-3308898219: "pending"
Reason: Pending
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal WaitingForApproval 16m cert-manager-certificaterequests-issuer-acme Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 16m cert-manager-certificaterequests-issuer-ca Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 16m cert-manager-certificaterequests-issuer-venafi Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 16m cert-manager-certificaterequests-issuer-vault Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 16m cert-manager-certificaterequests-issuer-selfsigned Not signing CertificateRequest until it is Approved
Normal cert-manager.io 16m cert-manager-certificaterequests-approver Certificate request has been approved by cert-manager.io
Normal OrderCreated 16m cert-manager-certificaterequests-issuer-acme Created Order resource default/solfy-tls-secret-q66cg-3308898219
Normal OrderPending 16m cert-manager-certificaterequests-issuer-acme Waiting on certificate issuance from order default/solfy-tls-secret-q66cg-3308898219: ""
Hello,
I invite you to ask your question on the following channel:
https://discord.com/channels/850031577277792286/955385102945370122
^FabL