Given: I want to run a web application with letsencrypt certs via cert manager
Problem I can access the site with http but https doesnt work even I can see that cert-manager created a certificate which is also saved as a secret.
What I did
1.) I installed cert-manager with helm
helm install --name cert-manager --namespace kube-system stable/cert-manager rbac.create=false
then i applied my k8s yaml.
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: myEmail
privateKeySecretRef:
name: letsencrypt-staging
http01: {}
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: myEmail
privateKeySecretRef:
name: letsencrypt-prod
http01: {}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: api-runtime
labels:
name: api-runtime
app: api-runtime
spec:
replicas: 1
template:
metadata:
labels:
app: api-runtime
spec:
containers:
- name: clickouts-api-host
image: microsoft/dotnet-samples:aspnetapp
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: api-host-svc
labels:
app: api-runtime
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: api-runtime
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.class: "gce"
kubernetes.io/ingress.global-static-ip-name: api
kubernetes.io/tls-acme: "true"
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- mydomain.comt
secretName: api-tls
rules:
- host: mydomain.com
http:
paths:
- path: /*
backend:
serviceName: api-host-svc
servicePort: 80
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: api-tls
spec:
secretName: api-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: mydomain.com
dnsNames:
- mydomain.com
acme:
config:
- http01:
ingress: nginx-ingress
domains:
- mydomain.com
What am I missing to get also an https route?
I spot a typo in tls: - hosts: - mydomain.comt