All,
I followed this tutorial: https://github.com/ahmetb/gke-letsencrypt. I have an ingress setup for kubernetes in Google Cloud, I have a static IP address and the secrets are created. This is my ingress config:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: helloweb
annotations:
kubernetes.io/ingress.global-static-ip-name: helloweb-ip
certmanager.k8s.io/acme-http01-edit-in-place: "true"
labels:
app: hello
spec:
backend:
serviceName: helloweb-backend
servicePort: 8080
tls:
- secretName: dogs-com-tls
hosts:
- app-solidair-vlaanderen.com
I can access http://app-solidair-vlaanderen.com, but not the https url.
If I call describe ingress I get this output:
Name: helloweb
Namespace: default
Address: 35.190.68.173
Default backend: helloweb-backend:8080 (10.32.0.17:8080)
TLS:
dogs-com-tls terminates app-solidair-vlaanderen.com
Rules:
Host Path Backends
---- ---- --------
app-solidair-vlaanderen.com
/.well-known/acme-challenge/Q8kcFSZ0ZUJO58xZyVbK6s-cJIWu-EgwPcDd8NFyoXQ cm-acme-http-solver-mhqnf:8089 (<none>)
Annotations:
url-map: k8s-um-default-helloweb--17a833239f9491d9
backends: {"k8s-be-30819--17a833239f9491d9":"Unknown","k8s-be-32482--17a833239f9491d9":"HEALTHY"}
forwarding-rule: k8s-fw-default-helloweb--17a833239f9491d9
target-proxy: k8s-tp-default-helloweb--17a833239f9491d9
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ADD 45m loadbalancer-controller default/helloweb
Normal CREATE 44m loadbalancer-controller ip: 35.190.68.173
Warning Sync 7m (x22 over 28m) loadbalancer-controller Error during sync: error while evaluating the ingress spec: could not find service "default/cm-acme-http-solver-mhqnf"
Does someone know what I'm missing?
You have some mess up in your ingress definition, why the hosts is under the tls? Here is an example that is working for me:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ .Values.ingressName }}-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: {{ .Values.staticIpName }}-static-ip
kubernetes.io/ingress.allow-http: "false"
labels:
...
spec:
tls:
- secretName: sslcerts
rules:
- host: {{ .Values.restApiHost }}
http:
paths:
- backend:
serviceName: rest-api-internal-service
servicePort: 80