search

konstructio / kubefirst

The Kubefirst Open Source Platform
https://docs.kubefirst.io
MIT License
1.78k stars 140 forks source link

Metaphor app in k3d gets the cert from letsencrypt-prod preventing deployment #2217

Open mrsimonemms opened 3 months ago

mrsimonemms commented 3 months ago

Which version of kubefirst are you using?

2.4.10

Which cloud provider?

k3d (local)

Which DNS?

Cloud ones (default)

Which installation type?

CLI

Which distributed Git provider?

GitHub

Did you use a fork of gitops-template?

No

Which Operating System?

Linux

What is the issue?

By default, the Metaphor app for dev/staging/prod seems to use the letsencrypt-prod cert issuer for creating the certificate for metaphor-<env>.kubefirst.dev. The DNS record for this URL is 127.0.0.1 which means that the ACME bot will always look to itself rather than our cluster meaning that the certificate will never be issued.

For k3d deployments, this should use the certificate generated with mkcert rather than using LetsEncrypt.

EDIT: I've just been notified of the kubefirst k3d mkcert command which seems to solve this. This is an acceptable workaround for the moment, although adding the CA to cert-manager and creating a TLS cert from there is a better long-term solution.

Code of Conduct

shlapolosa commented 3 months ago

Just to add this to be true on MacOs as well. If possible, could you publish a work around in the meantime?

Eventually corrects, but not sure what the process of going from using letcencrypt to mkcert certificate is, whether is it restarting machine, browser, running something like sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain metaphor-development-tls.pem, no idea.