We have setup a Kubernetes cluster on our bare metal server.
We deploy our application where each namespace is an application for the end customer. ie customer1.mydomain.com -> namespace: cust1
We keep on getting the Kubernetes Ingress Controller Face Certificate.
We have purchased our own wildcard certificates *.mydomain.com
#kubectl create secret tls OUR-SECRET --key /path/private.key --cert /path/chain.crt -n ingress-nginx
#kubectl create secret tls OUR-SECRET --key /path/private.key --cert /path/chain.crt -n kube-systemingress.yaml
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: ourcloud
namespace: cert-manager
spec:
secretName: oursecret
issuerRef:
name: letsencrypt-prod
commonName: '*.mydomain.com'
acme:
config:
- dns01:
provider: cf-dns-prod
domains:
- '*.mydomain.com'
kubectl apply -f ingress.yaml
certificate.certmanager.k8s.io/ourcloud createdhttps://cust1.mydomain.com connects with Kubernetes Ingress Controller Face Certificate
If you are using Helm and cert manager, make sure each ingress resource has a different certificate name, these values are usually set from the values file in a helm chart.
tls - secretName: <give certificate name> hosts: example.com
You can check the certificates available using to avoid name collision if you have successfully deployed your ingress resources:
kubectl get certificates
I found the problem. I had the wrong filename in my yaml for the certificate files. Its allways good to look at the ingress logs
kubectl logs nginx-ingress-controller-689498bc7c-tf5 -n ingress-nginx
kubectl get -o yaml ingress --all-namespacesTry to recreate the secrete from files and see if it works.
kubectl delete -n cust4 SECRETNAME
kubectl -n cust4 create secret tls SECRETENAME --key key.key --cert cert.crt