ankon
commented
7 years ago Unless I'm missing something: LEGO_EMAIL is a required field, and kube-lego fails if it is not set (https://github.com/jetstack/kube-lego/blob/master/pkg/kubelego/kubelego.go#L224). It looks to me like the problem is in the helm chart itself, which provides a completely bogus value as a default (if it wanted to provide a default, then it should use an example.com domain, at least!). If the chart were not to provide any value, you'd get the behavior you're looking for: early failure.
munnerz
chepurko
If LEGO_EMAIL is not overridden by a user from the default value of
my@email.tld, there should be an early fail message to the user before even reaching out to Let's Encrypt. A valid email address allows the a Let's Encrypt subscriber to receive certificate expiry notifications which are crucial to the proper operation of an encrypted web :+1: . The default ofmy@email.tldwon't allow send the subscriber that email, hence the early fail message. Even in a subscribers staging environment, the expiry notification email is useful to experience and be aware of :+1: .For more details on that, please see https://letsencrypt.org/docs/expiration-emails/
Significantly,
my@email.tldis the default value set in thekubernetes/chartsrepository located at https://github.com/kubernetes/charts/blob/master/stable/kube-lego/values.yaml.