Open jwaldrip opened 7 years ago
yup, seeing the same issue too
Seeing the same issue as well :-(
For a brief moment I've thought I had the same issue. Please notice that:
ingress.yaml
I think that might be a problem, with the log level not high enough. Can you try running the kube-lego pod with debug flags:
env:
- name: LEGO_LOG_LEVEL
value: debug
@FourSigma @rimusz @jwaldrip
Not sure if mine is the same issue, but it seems that the secret is getting created incorrectly, since after creating the secret, I get the following error:
Error while process certificate requests: Secret \"app-dev-tls\" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]" context=kubelego
@huysamen please enable debug logging and provide a bit more info (K8S objects, ...)
So this is related to #77 and #62 I hit the same issue.
I activated debug, but not much more help:
time="2017-02-24T16:20:59Z" level=debug msg="worker: begin processing true" context=kubelego
time="2017-02-24T16:20:59Z" level=info msg="ignoring as has no annotiation 'kubernetes.io/tls-acme'" context=ingress name=kube-lego-nginx namespace=nginx
time="2017-02-24T16:20:59Z" level=debug msg=reset context=provider provider=gce
time="2017-02-24T16:20:59Z" level=debug msg=finialize context=provider provider=gce
time="2017-02-24T16:20:59Z" level=debug msg=reset context=provider provider=nginx
time="2017-02-24T16:20:59Z" level=debug msg=finialize context=provider provider=nginx
time="2017-02-24T16:21:00Z" level=info msg="process certificates requests for ingresses" context=kubelego
time="2017-02-24T16:21:00Z" level=info msg="creating new secret" context=secret name=tls namespace=production
time="2017-02-24T16:21:00Z" level=info msg="no cert associated with ingress" context="ingress_tls" name=app namespace=production
time="2017-02-24T16:21:00Z" level=info msg="requesting certificate for ***domainname***" context="ingress_tls" name=app namespace=production
time="2017-02-24T16:21:00Z" level=info msg="creating new secret" context=secret name=kube-lego-account namespace=nginx
time="2017-02-24T16:21:00Z" level=info msg="creating new secret" context=secret name=tls namespace=production
time="2017-02-24T16:21:01Z" level=error msg="Error while process certificate requests: Secret \"tls\" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]" context=kubelego
time="2017-02-24T16:21:01Z" level=debug msg="worker: done processing true" context=kubelego
Here is my ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app
annotations:
kubernetes.io/tls-acme: 'true'
kubernetes.io/ingress.class: nginx
spec:
tls:
- secretName: tls
hosts:
- ***domainname***
rules:
- host: ***domainname***
http:
paths:
- path: /
backend:
serviceName: app
servicePort: 3000
I did one suggestion, I added one container to the lego pod, exec'ed inside it and run the following:
ping 8.8.8.8
wget https://acme-v01.api.letsencrypt.org
And it worked as expected. I couldn't try inside the lego container itself. (It reminds me unikernel :) )
For information, I'm running on GKE, and I installed everything with helm:
helm install --namespace nginx --name nginx stable/nginx-ingress
helm install --namespace nginx --name lego -f k8s/values-lego.yml stable/kube-lego
(The values are just the lego API endpoint and my email)
Is there anything I can do to help debug this? Thanks a lot for your work!
Edit:
I found my issue:
here was the value of :
LEGO_URL: Lhttps://acme-v01.api.letsencrypt.org/directory
You got it? Yes, me too... Lost 2 hours...
It would be a nice to have to have it slightly more verbose :)
Everything is working on my side! Have a wonderful week-end!
It seems that because one certificate failed, kube-lego went into a loop and hit the rate limit in my case.
I had the same problem.. forgot to update my email address in the template.. a better error would have saved me some time. :)
Secrets are not getting created. My logs keep looping over the following messages:
Any idea why this would be happening?