Which certificate file types?

[christian-schlichtherle]

First of all, thank you for this amazing project!

I have created server certificate files using Let's Encrypt and Certbot. Now I wonder which files I need to copy into the server.key and server.crt files? The Certbot has created the following files: cert.pem, chain.pem, fullchain.pem and privkey.pem.

[christian-schlichtherle]

So the answer is:

• Copy privkey.pem to server.key
• Copy fullchain.pem to server.crt

HOWEVER...

There is a bug in the manifests. When doing make deploy a secret named ingress-secret is created with the contents of the aforementioned files in the namespace monitoring. However, the manifest file for the grafana etc spells the secretName to be ingress-TLS-secret which doesn't match. The result is a 404 page on the ingress URL.

After manually editing this entry in the manifest file it works like a charm.

[christian-schlichtherle]

I've created a pull request with a fix.

[carlosedp]

Actually found the error. Was in the utils.libsonnet where the secret name was hardcoded. Fixed in https://github.com/carlosedp/cluster-monitoring/commit/b617576d64b1f5da5215facdf872dfc6cd260e3c

Thanks for finding this out.

[christian-schlichtherle]

Hello again,

unfortunately, the latest patch does not work:

$ make deploy
[...]
servicemonitor.monitoring.coreos.com/traefik created
The Secret "ingress-TLS-secret" is invalid: metadata.name: Invalid value: "ingress-TLS-secret": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
make: *** [deploy] Error 1

[carlosedp]

Fixed in https://github.com/carlosedp/cluster-monitoring/commit/b617576d64b1f5da5215facdf872dfc6cd260e3c. Please check.

[christian-schlichtherle]

It works - thanks!