jenkinsx cert-manager fails

bygui86 commented 5 years ago

Summary

After successfully create a GKE cluster, I would like to secure ingresses with HTTPS. The upgrade ingress (jx upgrade ingress) should end without errors and the cert-manager should get and properly associate certificates to ingresses.

Steps to reproduce the behavior

create a GKE cluster using jx create cluster gke
run jx upgrade ingress --verbose

Here logs from jx upgrade ingress --verbose:

looking for existing ingress rules in current namespace jx
? Existing ingress rules found in current namespace.  Confirm to delete and recreate them Yes
? Expose type Ingress
? Domain: john.doe.com
? If your network is publicly available would you like to enable cluster wide TLS? Yes

? Use LetsEncrypt staging or production? production
? Email address to register with LetsEncrypt: john@doe.com
? Using config values {john@doe.com john.doe.com letsencrypt-prod Ingress true}, ok? Yes

Looking for cert-manager deployment in namespace cert-manager...
Deleting ingress jx/nexus
Deleting ingress jx/tide
Deleting ingress jx/chartmuseum
Deleting ingress jx/deck
Deleting ingress jx/docker-registry
Deleting ingress jx/hook
Deleting ingress jx/monocular
Using helmBinary helm with feature flag: none
Updating Helm repository...
Helm repository update done.
Upgrading Chart 'upgrade --namespace jx --install --force --timeout 6000 --version 2.3.82 --set config.exposer=Ingress --set config.domain=john.doe.com --set config.tlsacme=true expose-jackalapple jenkins-x/exposecontroller'
Previous webhook endpoint https://hook.jx.john.doe.com/hook
Updated webhook endpoint https://hook.jx.john.doe.com/hook
? Do you want to update all existing webhooks? Yes

Updating all webHooks from https://hook.jx.john.doe.com/hook to https://hook.jx.john.doe.com/hook
? Which organisation do you want to use? interdiscount
Found 87 repos
Checking hooks for repository React-Redux-Boilerplate
Checking hooks for repository graphql-sample
Checking hooks for repository kafka-sample
Checking hooks for repository spring-profiles-sample
Checking hooks for repository spring-actuator-sample
Checking hooks for repository spring-boot-admin-sample
Checking hooks for repository docker-docs
Checking hooks for repository cloud-native-labs
Checking hooks for repository showcase-catalog-service
Checking hooks for repository showcase-gateway
Checking hooks for repository showcase-web-nodejs
Checking hooks for repository showcase-inventory-service
Checking hooks for repository showcase-admin-tool
Checking hooks for repository spring-tracing-sample
Checking hooks for repository micros-templates
Checking hooks for repository benchmark-python-client-for-kafka
Checking hooks for repository spring-kafka-commons
Checking hooks for repository spring-kafka-consumer
Checking hooks for repository spring-kafka-producer
Checking hooks for repository inventory-service
Checking hooks for repository boilerplate-with-nextjs
Checking hooks for repository id-microservice-doc
Checking hooks for repository inventory-producer-service
Checking hooks for repository sap-adapter-service
Found matching hook for url https://hook.jx.john.doe.com/hook
Found existing webhook for url https://hook.jx.john.doe.com/hook
Updating GitHub webhook for interdiscount/sap-adapter-service for url https://hook.jx.john.doe.com/hook
Checking hooks for repository ...
...
Found matching hook for url https://hook.jx.john.doe.com/hook
Found existing webhook for url https://hook.jx.john.doe.com/hook
Updating GitHub webhook for interdiscount/environment-interdiscount-dev-staging for url https://hook.jx.john.doe.com/hook
Checking hooks for repository environment-interdiscount-dev-production
Found matching hook for url https://hook.jx.john.doe.com/hook
Found existing webhook for url https://hook.jx.john.doe.com/hook
Updating GitHub webhook for interdiscount/environment-interdiscount-dev-production for url https://hook.jx.john.doe.com/hook
Ingress rules recreated
It can take around 5 minutes for Cert Manager to get certificates from Lets Encrypt and update Ingress rules
Use the following commands to diagnose any issues:
jx logs cert-manager -n cert-manager
kubectl describe certificates
kubectl describe issuers

Here logs from jx logs cert-manager -n cert-manager:

Waiting for a running pod in namespace cert-manager with labels app=cert-manager,release=cert-manager
Found newest pod: cert-manager-59c884d44d-pknlz
I0116 12:18:05.310288       1 start.go:79] starting cert-manager v0.5.2 (revision 9e8c3ad899c5aafaa360ca947eac7f5ba6301035)
I0116 12:18:05.311240       1 controller.go:126] Using the following nameservers for DNS01 checks: [10.47.240.10:53]
I0116 12:18:05.312080       1 leaderelection.go:175] attempting to acquire leader lease  cert-manager/cert-manager-controller...
I0116 12:18:05.312674       1 server.go:84] Listening on http://0.0.0.0:9402
I0116 12:18:05.334603       1 leaderelection.go:184] successfully acquired lease cert-manager/cert-manager-controller
I0116 12:18:05.342663       1 controller.go:68] Starting certificates controller
I0116 12:18:05.342779       1 controller.go:68] Starting clusterissuers controller
I0116 12:18:05.342816       1 controller.go:68] Starting ingress-shim controller
I0116 12:18:05.342872       1 controller.go:68] Starting issuers controller
I0116 12:18:10.373931       1 controller.go:168] ingress-shim controller: syncing item 'jx/docker-registry'
E0116 12:18:10.373978       1 controller.go:198] ingress 'jx/docker-registry' in work queue no longer exists
I0116 12:18:10.373996       1 controller.go:182] ingress-shim controller: Finished processing work item "jx/docker-registry"
I0116 12:18:10.374006       1 controller.go:168] ingress-shim controller: syncing item 'jx/deck'
E0116 12:18:10.374020       1 controller.go:198] ingress 'jx/deck' in work queue no longer exists
I0116 12:18:10.374042       1 controller.go:168] ingress-shim controller: syncing item 'jx/monocular'
E0116 12:18:10.374056       1 controller.go:198] ingress 'jx/monocular' in work queue no longer exists
I0116 12:18:10.374074       1 controller.go:168] ingress-shim controller: syncing item 'jx/hook'
E0116 12:18:10.374086       1 controller.go:198] ingress 'jx/hook' in work queue no longer exists
I0116 12:18:10.374103       1 controller.go:168] ingress-shim controller: syncing item 'jx/chartmuseum'
E0116 12:18:10.374116       1 controller.go:198] ingress 'jx/chartmuseum' in work queue no longer exists
I0116 12:18:10.374132       1 controller.go:168] ingress-shim controller: syncing item 'jx/nexus'
E0116 12:18:10.374145       1 controller.go:198] ingress 'jx/nexus' in work queue no longer exists
I0116 12:18:10.375061       1 controller.go:182] ingress-shim controller: Finished processing work item "jx/deck"
I0116 12:18:10.375196       1 controller.go:168] ingress-shim controller: syncing item 'jx/tide'
E0116 12:18:10.375238       1 controller.go:198] ingress 'jx/tide' in work queue no longer exists
I0116 12:18:10.376168       1 controller.go:182] ingress-shim controller: Finished processing work item "jx/monocular"
I0116 12:18:10.377270       1 controller.go:182] ingress-shim controller: Finished processing work item "jx/hook"
I0116 12:18:10.378393       1 controller.go:182] ingress-shim controller: Finished processing work item "jx/chartmuseum"
I0116 12:18:10.379489       1 controller.go:182] ingress-shim controller: Finished processing work item "jx/nexus"
I0116 12:18:10.380581       1 controller.go:182] ingress-shim controller: Finished processing work item "jx/tide"
I0116 12:18:13.375042       1 controller.go:141] issuers controller: syncing item 'jx/letsencrypt-prod'
I0116 12:18:13.375174       1 setup.go:73] letsencrypt-prod: generating acme account private key "letsencrypt-prod"
I0116 12:18:13.888452       1 logger.go:88] Calling GetAccount
I0116 12:18:14.464023       1 logger.go:83] Calling CreateAccount
I0116 12:18:14.638582       1 setup.go:181] letsencrypt-prod: verified existing registration with ACME server
I0116 12:18:14.638610       1 helpers.go:100] Setting lastTransitionTime for Issuer "letsencrypt-prod" condition "Ready" to 2019-01-16 12:18:14.638604746 +0000 UTC m=+9.339702805
I0116 12:18:14.642979       1 controller.go:155] issuers controller: Finished processing work item "jx/letsencrypt-prod"
I0116 12:18:23.888146       1 controller.go:141] issuers controller: syncing item 'jx/letsencrypt-prod'
I0116 12:18:23.888362       1 setup.go:144] Skipping re-verifying ACME account as cached registration details look sufficient.
I0116 12:18:23.888397       1 controller.go:155] issuers controller: Finished processing work item "jx/letsencrypt-prod"
I0116 12:18:30.316414       1 controller.go:168] ingress-shim controller: syncing item 'jx/hook'
E0116 12:18:30.316492       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/hook" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:30.335521       1 controller.go:168] ingress-shim controller: syncing item 'jx/chartmuseum'
E0116 12:18:30.335597       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/chartmuseum" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:30.352407       1 controller.go:168] ingress-shim controller: syncing item 'jx/nexus'
E0116 12:18:30.352575       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/nexus" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:30.491731       1 controller.go:168] ingress-shim controller: syncing item 'jx/deck'
E0116 12:18:30.491814       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/deck" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:30.894429       1 controller.go:168] ingress-shim controller: syncing item 'jx/tide'
E0116 12:18:30.894515       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/tide" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:31.294289       1 controller.go:168] ingress-shim controller: syncing item 'jx/docker-registry'
E0116 12:18:31.294342       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/docker-registry" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:31.696995       1 controller.go:168] ingress-shim controller: syncing item 'jx/monocular'
E0116 12:18:31.697268       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/monocular" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:40.316734       1 controller.go:168] ingress-shim controller: syncing item 'jx/hook'
E0116 12:18:40.316788       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/hook" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:40.335906       1 controller.go:168] ingress-shim controller: syncing item 'jx/chartmuseum'
E0116 12:18:40.336028       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/chartmuseum" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:40.352829       1 controller.go:168] ingress-shim controller: syncing item 'jx/nexus'
E0116 12:18:40.352888       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/nexus" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:40.492076       1 controller.go:168] ingress-shim controller: syncing item 'jx/deck'
E0116 12:18:40.492161       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/deck" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:40.894788       1 controller.go:168] ingress-shim controller: syncing item 'jx/tide'
E0116 12:18:40.894834       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/tide" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:18:41.294595       1 controller.go:168] ingress-shim controller: syncing item 'jx/docker-registry'
E0116 12:18:41.294671       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/docker-registry" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:19:00.317125       1 controller.go:168] ingress-shim controller: syncing item 'jx/hook'
E0116 12:19:00.317253       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/hook" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:19:00.336308       1 controller.go:168] ingress-shim controller: syncing item 'jx/chartmuseum'
E0116 12:19:00.336389       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/chartmuseum" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:19:00.353169       1 controller.go:168] ingress-shim controller: syncing item 'jx/nexus'
E0116 12:19:00.353233       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/nexus" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:19:00.492419       1 controller.go:168] ingress-shim controller: syncing item 'jx/deck'
E0116 12:19:00.492471       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/deck" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:19:00.895067       1 controller.go:168] ingress-shim controller: syncing item 'jx/tide'
E0116 12:19:00.895119       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/tide" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:19:01.294902       1 controller.go:168] ingress-shim controller: syncing item 'jx/docker-registry'
E0116 12:19:01.295040       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/docker-registry" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:19:11.697542       1 controller.go:168] ingress-shim controller: syncing item 'jx/monocular'
E0116 12:19:11.697601       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/monocular" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:20:00.317545       1 controller.go:168] ingress-shim controller: syncing item 'jx/hook'
E0116 12:20:00.317599       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/hook" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:20:00.336660       1 controller.go:168] ingress-shim controller: syncing item 'jx/chartmuseum'
E0116 12:20:00.336713       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/chartmuseum" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:20:00.353467       1 controller.go:168] ingress-shim controller: syncing item 'jx/nexus'
E0116 12:20:00.353516       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/nexus" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:20:00.492691       1 controller.go:168] ingress-shim controller: syncing item 'jx/deck'
E0116 12:20:00.492740       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/deck" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:20:00.895327       1 controller.go:168] ingress-shim controller: syncing item 'jx/tide'
E0116 12:20:00.895584       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/tide" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:20:01.295270       1 controller.go:168] ingress-shim controller: syncing item 'jx/docker-registry'
E0116 12:20:01.295333       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/docker-registry" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:20:11.697867       1 controller.go:168] ingress-shim controller: syncing item 'jx/monocular'
E0116 12:20:11.697954       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/monocular" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:21:00.317788       1 controller.go:168] ingress-shim controller: syncing item 'jx/hook'
E0116 12:21:00.317858       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/hook" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:21:00.337189       1 controller.go:168] ingress-shim controller: syncing item 'jx/chartmuseum'
E0116 12:21:00.337308       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/chartmuseum" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:21:00.353842       1 controller.go:168] ingress-shim controller: syncing item 'jx/nexus'
E0116 12:21:00.353935       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/nexus" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:21:00.492952       1 controller.go:168] ingress-shim controller: syncing item 'jx/deck'
E0116 12:21:00.493472       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/deck" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:21:00.895969       1 controller.go:168] ingress-shim controller: syncing item 'jx/tide'
E0116 12:21:00.896035       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/tide" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:21:01.295549       1 controller.go:168] ingress-shim controller: syncing item 'jx/docker-registry'
E0116 12:21:01.295665       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/docker-registry" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:21:11.698793       1 controller.go:168] ingress-shim controller: syncing item 'jx/monocular'
E0116 12:21:11.698852       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/monocular" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:22:00.318120       1 controller.go:168] ingress-shim controller: syncing item 'jx/hook'
E0116 12:22:00.318403       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/hook" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:22:00.337623       1 controller.go:168] ingress-shim controller: syncing item 'jx/chartmuseum'
E0116 12:22:00.337742       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/chartmuseum" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:22:00.354263       1 controller.go:168] ingress-shim controller: syncing item 'jx/nexus'
E0116 12:22:00.354330       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/nexus" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:22:00.493839       1 controller.go:168] ingress-shim controller: syncing item 'jx/deck'
E0116 12:22:00.494805       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/deck" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:22:00.896284       1 controller.go:168] ingress-shim controller: syncing item 'jx/tide'
E0116 12:22:00.896361       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/tide" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:22:01.295899       1 controller.go:168] ingress-shim controller: syncing item 'jx/docker-registry'
E0116 12:22:01.295953       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/docker-registry" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:22:11.699064       1 controller.go:168] ingress-shim controller: syncing item 'jx/monocular'
E0116 12:22:11.699116       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/monocular" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:23:00.318679       1 controller.go:168] ingress-shim controller: syncing item 'jx/hook'
E0116 12:23:00.318755       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/hook" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:23:00.338023       1 controller.go:168] ingress-shim controller: syncing item 'jx/chartmuseum'
E0116 12:23:00.338172       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/chartmuseum" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:23:00.354592       1 controller.go:168] ingress-shim controller: syncing item 'jx/nexus'
E0116 12:23:00.354791       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/nexus" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:23:00.495473       1 controller.go:168] ingress-shim controller: syncing item 'jx/deck'
E0116 12:23:00.495537       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/deck" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:23:00.896678       1 controller.go:168] ingress-shim controller: syncing item 'jx/tide'
E0116 12:23:00.897271       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/tide" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:23:01.296216       1 controller.go:168] ingress-shim controller: syncing item 'jx/docker-registry'
E0116 12:23:01.296272       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/docker-registry" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:23:11.699356       1 controller.go:168] ingress-shim controller: syncing item 'jx/monocular'
E0116 12:23:11.699404       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/monocular" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:24:00.318973       1 controller.go:168] ingress-shim controller: syncing item 'jx/hook'
E0116 12:24:00.319025       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/hook" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:24:00.338545       1 controller.go:168] ingress-shim controller: syncing item 'jx/chartmuseum'
E0116 12:24:00.338606       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/chartmuseum" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:24:00.355107       1 controller.go:168] ingress-shim controller: syncing item 'jx/nexus'
E0116 12:24:00.355163       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/nexus" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:24:00.495741       1 controller.go:168] ingress-shim controller: syncing item 'jx/deck'
E0116 12:24:00.495806       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/deck" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:24:00.897770       1 controller.go:168] ingress-shim controller: syncing item 'jx/tide'
E0116 12:24:00.897912       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/tide" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:24:01.296604       1 controller.go:168] ingress-shim controller: syncing item 'jx/docker-registry'
E0116 12:24:01.296686       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/docker-registry" due to error processing: issuer.certmanager.k8s.io "" not found
I0116 12:24:11.699725       1 controller.go:168] ingress-shim controller: syncing item 'jx/monocular'
E0116 12:24:11.699797       1 controller.go:177] ingress-shim controller: Re-queuing item "jx/monocular" due to error processing: issuer.certmanager.k8s.io "" not found
...

Jx version

1.3.733

Kubernetes cluster

GKE version 1.10.9-gke.5

Operating system / Environment

MacOsX 10.14.2

Expected behavior

The upgrade ingress should end without errors and the cert-manager should get and properly associate certificates to ingresses.

Actual behavior

The upgrade ingress ends without errors, but the cert-manager seems not able to get and properly associate certificates to ingresses.

ccojocar commented 5 years ago

It looks like a dup of #2488. The CRDs are not created when the cert-manager chart is installed.

It should work with --no-tiller options.

ccojocar commented 5 years ago

@bygui86 Is the issuer resource created jx/letsencrypt-prod?

bygui86 commented 5 years ago

@ccojocar honestly I'm not sure to understand your question :( how can I retrieve this info for you?

ccojocar commented 5 years ago

Try to check if the issuer resource was created in the cluster with the following command:

kubectl get issuer -n jx kubectl describe issue -n jx letsencrypt-prod

Check if the CRDs are created with:

kubectl get crd  | grep certmanager
certificates.certmanager.k8s.io         2019-01-16T11:34:20Z
clusterissuers.certmanager.k8s.io       2019-01-16T11:34:20Z
issuers.certmanager.k8s.io              2019-01-16T11:34:20Z

I want to check if the cert-manager chart installation failed or the setup after the installation.

bygui86 commented 5 years ago

Ok now I understand :) sorry!

Here the output you need:

kubectl get issuer -n jx

NAME                     CREATED AT
letsencrypt-prod   1d

kubectl describe issuer -n jx letsencrypt-prod

Name:         letsencrypt-prod
Namespace:    jx
Labels:       <none>
Annotations:  <none>
API Version:  certmanager.k8s.io/v1alpha1
Kind:         Issuer
Metadata:
  Cluster Name:
  Creation Timestamp:  2019-01-16T13:30:09Z
  Generation:          1
  Resource Version:    21791
  Self Link:           /apis/certmanager.k8s.io/v1alpha1/namespaces/jx/issuers/letsencrypt-prod
  UID:                 d87d8525-1992-11e9-921f-42010a9c01ba
Spec:
  Acme:
    Email:  john@doe.com
    Http 01:
    Private Key Secret Ref:
      Key:
      Name:  letsencrypt-prod
    Server:  https://acme-v02.api.letsencrypt.org/directory
Status:
  Acme:
    Uri:  https://acme-v02.api.letsencrypt.org/acme/acct/49622302
  Conditions:
    Last Transition Time:  2019-01-16T13:30:15Z
    Message:               The ACME account was registered with the ACME server
    Reason:                ACMEAccountRegistered
    Status:                True
    Type:                  Ready
Events:                    <none>

kubectl get crd | grep certmanager

certificates.certmanager.k8s.io           2019-01-16T12:17:59Z
clusterissuers.certmanager.k8s.io         2019-01-16T12:17:59Z
issuers.certmanager.k8s.io                2019-01-16T12:17:59Z

ccojocar commented 5 years ago

any certs? kubectl get certs -n jx? and also describe to check if there are any errors in the certs.

bygui86 commented 5 years ago

Unfortunately none :(

kubectl get certs -n jx

No resources found.

bygui86 commented 5 years ago

Here is also a screenshot of Google Chrome certificate description

ccojocar commented 5 years ago

The issue should be fixed soon. The cert-manager annotation was not applied to the services. Apparently we introduced the problem recently when we resolved a merge conflict.

bygui86 commented 5 years ago

Ok thanks :) Quick question: should I completely recreate the cluster I'm working on or can I just run again jx upgrade ingress?

amuniz commented 5 years ago

jx upgrade ingress should do the work.

romilpunetha commented 5 years ago

during jx upgrade ingress, it asks for Which organisation do you want to use? and its not showing my own repo

jenkins-x / jx