Unable to use cert-manager and nginx ingress controller with SSL termination

8/20/2018

I am trying out nginx-ingress on GKE with SSL termination for use cases. I've traveled to millions of blogs on this process which uses cert-manager with nginx ingress controller but none of them worked in my case.

This certainly means I am doing something wrong. But I am not sure what. Here's what I did:

  1. Create sample app exposed on ClusterIP
  2. Deploy nginx-ingress
  3. Create issuer
  4. Create nginx ingress with issuer.

Result:

After describing the nginx ingress, the events areas shows none. That means everything is completely blank. Not a single thing happened for requesting certs, http validation, etc.

nginx ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
    name: my-ingress
    annotations:
        kubernetes.io/ingress.class: nginx
        certmanager.k8s.io/cluster-issuer: letsencrypt-staging
        kubernetes.io/tls-acme: 'true'
spec:
    rules:
        -
            host: wptls.ml
            http: {paths: [{path: /, backend: {serviceName: web, servicePort: 80}}]}
    tls:
        -
            secretName: tls-staging-cert
            hosts: [wptls.ml]

clusterissuer.yml:

apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
    name: letsencrypt-staging
spec:
    acme:
        server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
        email: xyz@gmail.com
        privateKeySecretRef:
            name: letsencrypt-sec-staging
        http01: {}

I am not sure if there's anything else which needs to be done.

-- Shantanu Deshpande
kubernetes
kubernetes-ingress
nginx-ingress

1 Answer

2/5/2019

Try Ingress extra annotation likes

nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"

https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
-- Harsh Manvar
Source: StackOverflow