Closed bygui86 closed 5 years ago
It looks like a dup of #2488. The CRDs are not created when the cert-manager chart is installed.
It should work with --no-tiller
options.
@bygui86 Is the issuer resource created jx/letsencrypt-prod
?
@ccojocar honestly I'm not sure to understand your question :( how can I retrieve this info for you?
Try to check if the issuer
resource was created in the cluster with the following command:
kubectl get issuer -n jx
kubectl describe issue -n jx letsencrypt-prod
Check if the CRDs are created with:
kubectl get crd | grep certmanager
certificates.certmanager.k8s.io 2019-01-16T11:34:20Z
clusterissuers.certmanager.k8s.io 2019-01-16T11:34:20Z
issuers.certmanager.k8s.io 2019-01-16T11:34:20Z
I want to check if the cert-manager
chart installation failed or the setup after the installation.
Ok now I understand :) sorry!
Here the output you need:
kubectl get issuer -n jx
NAME CREATED AT
letsencrypt-prod 1d
kubectl describe issuer -n jx letsencrypt-prod
Name: letsencrypt-prod
Namespace: jx
Labels: <none>
Annotations: <none>
API Version: certmanager.k8s.io/v1alpha1
Kind: Issuer
Metadata:
Cluster Name:
Creation Timestamp: 2019-01-16T13:30:09Z
Generation: 1
Resource Version: 21791
Self Link: /apis/certmanager.k8s.io/v1alpha1/namespaces/jx/issuers/letsencrypt-prod
UID: d87d8525-1992-11e9-921f-42010a9c01ba
Spec:
Acme:
Email: john@doe.com
Http 01:
Private Key Secret Ref:
Key:
Name: letsencrypt-prod
Server: https://acme-v02.api.letsencrypt.org/directory
Status:
Acme:
Uri: https://acme-v02.api.letsencrypt.org/acme/acct/49622302
Conditions:
Last Transition Time: 2019-01-16T13:30:15Z
Message: The ACME account was registered with the ACME server
Reason: ACMEAccountRegistered
Status: True
Type: Ready
Events: <none>
kubectl get crd | grep certmanager
certificates.certmanager.k8s.io 2019-01-16T12:17:59Z
clusterissuers.certmanager.k8s.io 2019-01-16T12:17:59Z
issuers.certmanager.k8s.io 2019-01-16T12:17:59Z
any certs? kubectl get certs -n jx
? and also describe to check if there are any errors in the certs.
Unfortunately none :(
kubectl get certs -n jx
No resources found.
Here is also a screenshot of Google Chrome certificate description
The issue should be fixed soon. The cert-manager annotation was not applied to the services. Apparently we introduced the problem recently when we resolved a merge conflict.
Ok thanks :)
Quick question: should I completely recreate the cluster I'm working on or can I just run again jx upgrade ingress
?
jx upgrade ingress
should do the work.
during jx upgrade ingress
, it asks for Which organisation do you want to use?
and its not showing my own repo
Summary
After successfully create a GKE cluster, I would like to secure ingresses with HTTPS. The upgrade ingress (
jx upgrade ingress
) should end without errors and the cert-manager should get and properly associate certificates to ingresses.Steps to reproduce the behavior
jx create cluster gke
jx upgrade ingress --verbose
Here logs from
jx upgrade ingress --verbose
:Here logs from
jx logs cert-manager -n cert-manager
:Jx version
1.3.733
Kubernetes cluster
GKE version 1.10.9-gke.5
Operating system / Environment
MacOsX 10.14.2
Expected behavior
The upgrade ingress should end without errors and the cert-manager should get and properly associate certificates to ingresses.
Actual behavior
The upgrade ingress ends without errors, but the cert-manager seems not able to get and properly associate certificates to ingresses.