https kubernetes deployed application

7/22/2019

I am using following document to implement https on kubernetes deployed application : https://docs.microsoft.com/en-us/azure/aks/ingress-tls

I am getting "Certificate does not exist" . i have used cluster issuer and "letsencrypt-prod" . i have following certificates :

acme-crt
acme-crt-secret
cert-mgr-webhook-ca
cert-mgr-webhook-webhook-tls
tls-secret

why i am getting "certificate does not exist" when i describe certificate ?

`Name:         acme-crt-secret
Namespace:    <name-space>
Labels:       <none>
Annotations:  <none>
API Version:  certmanager.k8s.io/v1alpha1
Kind:         Certificate
Metadata:
  Creation Timestamp:  2019-07-19T07:41:46Z
  Generation:          2
  Owner References:
    API Version:           extensions/v1beta1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Ingress
    Name:                  starc
    UID:                   <Id>
  Resource Version:        <version>
  Self Link:               /apis/certmanager.k8s.io/v1alpha1/namespaces/<name-space>/certificates/acme-crt-secret
  UID:                     <Uid>
Spec:
  Acme:
    Config:
      Domains:
        starcapp.com
      Http 01:
        Ingress:
        Ingress Class:  nginx
  Dns Names:
    starcapp.com
  Issuer Ref:
    Kind:       ClusterIssuer
    Name:       letsencrypt-prod
  Secret Name:  acme-crt-secret
Status:
  Conditions:
    Last Transition Time:  2019-07-19T07:41:46Z
    Message:               Certificate does not exist
    Reason:                NotFound
    Status:                False
    Type:                  Ready
Events:                    <none>`
-- bilal_khan
azure
https
kubernetes
ssl

1 Answer

7/22/2019

Try to specify namespace in your certificate configuration file.

Look at example ertificate configuration file:

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: tls-secret

namespace: ingress-basic

spec:
  secretName: tls-secret-staging
  dnsNames:
  - demo-aks-ingress.eastus.cloudapp.azure.com
  acme:
    config:
    - http01:
        ingressClass: nginx
      domains:
      - demo-aks-ingress.eastus.cloudapp.azure.com
  issuerRef:
    name: letsencrypt-staging
    kind: ClusterIssuer

Then exec command:

$ kubectl apply -f your-certificate-filename.yaml

Make sure the secret is in the cert-manager namespace.

Create a certificate manual as well. Once you 'forced' cert-manager to create a certificate, he was good to go en auto created certificates as well.

-- MaggieO
Source: StackOverflow