K
Q

Example app "helloworld-go" on Knative (GKE) with cert-manager gives status IngressNotConfigured

11/26/2019

I am trying to run the helloworld-go example with cert-manager on GKE.
I installed Istio without sidecar injection, cert-manager 0.11 and setup Auto SSL and DNS. When I run kubectl get ksvc it shows IngressNotConfigured. Any idea why?

$ kubectl get ksvc
NAME            URL                                           LATESTCREATED         LATESTREADY           READY     REASON
helloworld-go   https://helloworld-go.default.redhost.cloud   helloworld-go-mc27h   helloworld-go-mc27h   Unknown   IngressNotConfigured
$ kubectl describe ksvc helloworld-go
Status:
  Address:
    URL:  http://helloworld-go.default.svc.cluster.local
  Conditions:
    Last Transition Time:        2019-11-26T15:19:51Z
    Status:                      True
    Type:                        ConfigurationsReady
    Last Transition Time:        2019-11-26T15:31:25Z
    Message:                     Ingress has not yet been reconciled.
    Reason:                      IngressNotConfigured
    Status:                      Unknown
    Type:                        Ready
    Last Transition Time:        2019-11-26T15:31:25Z
    Message:                     Ingress has not yet been reconciled.
    Reason:                      IngressNotConfigured
    Status:                      Unknown
    Type:                        RoutesReady
  Latest Created Revision Name:  helloworld-go-mc27h
  Latest Ready Revision Name:    helloworld-go-mc27h
  Observed Generation:           1
  Traffic:
    Latest Revision:  true
    Percent:          100
    Revision Name:    helloworld-go-mc27h
  URL:                https://helloworld-go.default.redhost.cloud
Events:
  Type    Reason   Age                From                Message
  ----    ------   ----               ----                -------
  Normal  Created  23m                service-controller  Created Configuration "helloworld-go"
  Normal  Created  23m                service-controller  Created Route "helloworld-go"
  Normal  Updated  11m (x7 over 23m)  service-controller  Updated Service "helloworld-go"

Adding the label serving.knative.dev/visibility=cluster-local makes the problem go away, but then it is only accessible internally without SSL.

-- Nick
google-kubernetes-engine
knative
kubernetes

Similar Questions

how to enable admission controller plugin on k8s where API server is deployed as a systemd service?
Istio Ingress Regex Negation
Minikube not pull image from local docker container registry
Prometheus PostgresSQL exporter without SSL and with password from Kubernetes secret

1 Answer

11/27/2019

Problem was I had installed regular Istio, where you specifically need Istio with SDS. https://knative.dev/docs/serving/using-auto-tls/

Also be sure to use cert-manager 0.10.0 as 0.11.0 is currently unsupported. https://github.com/knative/serving/issues/6011

Once I did these everything works:

NAME            URL                                           LATESTCREATED         LATESTREADY           READY   REASON
helloworld-go   https://helloworld-go.default.redhost.cloud   helloworld-go-mc27h   helloworld-go-mc27h   True```
-- Nick
Source: StackOverflow