search

jetstack / kube-lego

DEPRECATED: Automatically request certificates for Kubernetes Ingress resources from Let's Encrypt
Apache License 2.0
2.16k stars 267 forks source link

nginx example: Secret echoserver/echoserver-tls does not exists #232

Open ngtuna opened 7 years ago

ngtuna commented 7 years ago

Hi hello, I've followed this example on minikube. Checking the log of nginx-ingress-controller pod it's saying:

W0718 07:24:54.649166       1 controller.go:932] Secret echoserver/echoserver-tls does not exists

I think I've missed to create the secret object echoserver/echoserver-tls But I don't see it mentioned somewhere in the README. Do you have any suggestion ?

ngtuna commented 7 years ago

OK it has more clues when I check the log of kube-lego pod:

time="2017-07-18T07:52:55Z" level=info msg="process certificate requests for ingresses" context=kubelego 
time="2017-07-18T07:52:55Z" level=info msg="Attempting to create new secret" context=secret name=echoserver-tls namespace=echoserver 
time="2017-07-18T07:52:55Z" level=info msg="no cert associated with ingress" context="ingress_tls" name=echoserver namespace=echoserver 
time="2017-07-18T07:52:55Z" level=info msg="requesting certificate for echo.example.com" context="ingress_tls" name=echoserver namespace=echoserver 
time="2017-07-18T07:54:24Z" level=warning msg="authorization failed after 1m0s: reachability test failed: Get http://echo.example.com/.well-known/acme-challenge/_selftest: dial tcp: lookup echo.example.com on 10.0.0.10:53: no such host" context=acme domain=echo.example.com 
time="2017-07-18T07:54:24Z" level=error msg="Error while processing certificate requests: no domain could be authorized successfully" context=kubelego 
time="2017-07-18T07:54:24Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=kube-lego-nginx namespace=kube-lego

It seems like the kube-lego controller can't reach echoserver app via echo.example.com URL

munnerz commented 7 years ago

Hi there

What domain are you trying to obtain a certificate for, and is it pointed at your ingress controller?

tcp: lookup echo.example.com on 10.0.0.10:53: no such host indicates that whatever domain you are using is not actually configured with DNS.

Have you changed the domain to obtain a certificate from echo.example.com to one of your own domains? (sorry to state the obvious if you have already!)

ngtuna commented 7 years ago

@munnerz Thanks for the response. Yeah I haven't configured any domain yet. I just tried kube-lego by running the example on minikube. Now if I understand correctly from the log of kube-lego pod, it needs to connect to http://echo.example.com/.well-known/acme-challenge/_selftest. Which target should I point echo.example.com to ? echoserver ?

seivan commented 6 years ago

@ngtuna How are they supposed to reach echo.example.com running on your local machine?