How to modify certmanager to let the ingress accept cluster-issuer annotations ?

hasura / hasura-k8s-stack

A feature-complete Hasura stack on Kubernetes

MIT License

138 stars 26 forks source link

How to modify certmanager to let the ingress accept cluster-issuer annotations ? #1

Closed sachaarbonel closed 5 years ago

sachaarbonel commented 5 years ago

Hi guys, I'm quite new to kubernetes and I've never written CRDs before so I wonder how to deal with the error ClusterIssuer resource "letsencrypt-prod" not found?

coco98 commented 5 years ago

Did you run through these steps: https://github.com/hasura/hasura-k8s-stack#cert-manager?

sachaarbonel commented 5 years ago

Yes and it was deployed properly (apart from the certificates, I had to add an exception to firefox to access the hasura console). So I changed https://github.com/hasura/hasura-k8s-stack/blob/f05e8a95e38a2a774b27ab3c652e0376b9672edc/cert-manager/le-prod-issuer.yaml#L2 to ClusterIssuer. And https://github.com/hasura/hasura-k8s-stack/blob/f05e8a95e38a2a774b27ab3c652e0376b9672edc/hasura/ingress.yaml#L7 to certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"

coco98 commented 5 years ago

@shahidhk Thoughts?

sachaarbonel commented 5 years ago

The reason why I did is because I previously successfully deployed other stuff on my cluster like they explain in this article with proper certificates

shahidhk commented 5 years ago

ClusterIssuer resource "letsencrypt-prod" not found

I am not familiar with ClusterIssuer, but the included file is of kind Issuer: https://github.com/hasura/hasura-k8s-stack/blob/master/cert-manager/le-prod-issuer.yaml#L2

https://github.com/hasura/hasura-k8s-stack/blob/master/README.md#L212-213 should create the Issuers and https://github.com/hasura/hasura-k8s-stack/blob/master/README.md#L255-266 should issue the actual SSL certs.

I did a Twitch stream on setting this up: https://www.twitch.tv/videos/388115439 Let me know if you have any suggestions. We're always online at https://discord.gg/hasura

sachaarbonel commented 5 years ago

Thank's nervermind. I think I might have a chance with cert-manager helm chart I'll keep you updated of my progress.

sachaarbonel commented 5 years ago

Basically I followed the instructions of cert-manager. Then I made the same changes like I said here :

Yes and it was deployed properly (apart from the certificates, I had to add an exception to firefox to access the hasura console). So I changed

hasura-k8s-stack/cert-manager/le-prod-issuer.yaml

Line 2 in f05e8a9 kind: Issuer to ClusterIssuer. And

hasura-k8s-stack/hasura/ingress.yaml

Line 7 in f05e8a9 certmanager.k8s.io/issuer: "letsencrypt-staging" to certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"

The only things that I did differently (except for certain tools that was updated during the process like webhook in certmanager and nginx controller in mandatory) was to change https://github.com/hasura/hasura-k8s-stack/blob/f05e8a95e38a2a774b27ab3c652e0376b9672edc/hasura/ingress.yaml#L15

to letsencrypt-prod

sachaarbonel commented 5 years ago

EDIT: That's odd I changed back to whatever-app-name-tls and it worked too. I must have done something wrong in the first place