Closed mmailhos closed 7 years ago
So this should be possible using the nginx ingress controller, provided the nginx ingress controller is configured correctly to use NodePort. From looking at your kube-lego logs, specifically time="2017-06-12T22:08:31Z" level=warning msg="authorization failed after 1m0s: reachability test failed: Get http://my-domain.com/.well-known/acme-challenge/_selftest: dial tcp 104.199.9.245:80: getsockopt: connection refused" context=acme domain=my-domain.com
, it appears that either the Google Cloud firewall, or instances network settings are refusing the connection to the local nginx-ingress instance.
The official nginx-ingress helm chart supports NodePort as a Service type, so have a go getting set up with that first. Once you can successfully access your service without TLS via the instances IP address, you should be okay to enable kube-lego and all should behave as normal.
I'm going to close this issue for now, as it appears to be related to the nginx-ingress controller itself and not kube-lego. If you feel this has been closed in haste, please feel free to re-open and ping me!
Hello,
Initial problem
I'd like to skip the need of using a load balancer to avoid paying those quiet huge traffic fees from the provider (for a simple non-production application). I decided to start with this attempt on a single node cluster with the Nginx Ingress Controller
Issue
Unable to issue a certificate
Configuration / Environment
I am using the exact same configuration as in
examples/nginx
directory but changing https://github.com/jetstack/kube-lego/blob/master/examples/nginx/nginx/service.yaml#L7 withNodePort
.I am using GKE . I created a static IP to my single node cluster with a A record on it. Finally I enabled inbound HTTP and HTTPS on the firewall of the instance (GCP).
I also tried with
externalIPs
. I ended up with the following services:Logs Here is a round of logs from the Lego pod and one from the Nginx Ingress Controller:
In the case of
NodePort
:In the case of
externalIPs
:Beside this specific issue with
NodePort
, would you have any idea on how to expose my service (calledmy-app
here) without the need of an external load balancer while keeping the kube-lego benefits about certificates management?Thanks a lot