How to solve "All hosts are taken by other resources" on Google Cloud?

12/1/2020

I currently have a Kubernetes cluster running on GCP. In this cluster I have a working NGINX Ingress, but now I'm trying add a certificate to this by using cert-manager.

Everything works fine except the ACME challenge. When I do a kubectl describe challenge I get the following:

Status:
  Presented:   true
  Processing:  true
  Reason:      Waiting for HTTP-01 challenge propagation: failed to perform self check GET request

When the acme challenge creates a solver service I get the follow error message on GCP:

"All hosts are taken by other resources"

Image of the error I'm getting in google cloud

I have tried to create a Issuer and ClusterIssuer but the same problem keeps popping up.

-- Modx
cert-manager
google-cloud-platform
kubernetes
lets-encrypt
nginx-ingress

1 Answer

12/2/2020

After trying to solve the issues and browsing the web, I have figured out the solution. It is possible to add the following annotation:

annotations:
  acme.cert-manager.io/http01-edit-in-place: "true"

After adding this line to my Ingress resource everything seemed to work perfectly. When this annotation is not passed in, cert-manager will create an extra Ingress for the acme challenge

See: Cert-manager, using an Ingress

-- Modx
Source: StackOverflow