Open mrsimonemms opened 3 months ago
Just to add this to be true on MacOs as well. If possible, could you publish a work around in the meantime?
Eventually corrects, but not sure what the process of going from using letcencrypt to mkcert certificate is, whether is it restarting machine, browser, running something like sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain metaphor-development-tls.pem
, no idea.
Which version of kubefirst are you using?
2.4.10
Which cloud provider?
k3d (local)
Which DNS?
Cloud ones (default)
Which installation type?
CLI
Which distributed Git provider?
GitHub
Did you use a fork of
gitops-template
?No
Which Operating System?
Linux
What is the issue?
By default, the Metaphor app for dev/staging/prod seems to use the
letsencrypt-prod
cert issuer for creating the certificate formetaphor-<env>.kubefirst.dev
. The DNS record for this URL is127.0.0.1
which means that the ACME bot will always look to itself rather than our cluster meaning that the certificate will never be issued.For k3d deployments, this should use the certificate generated with
mkcert
rather than using LetsEncrypt.EDIT: I've just been notified of the
kubefirst k3d mkcert
command which seems to solve this. This is an acceptable workaround for the moment, although adding the CA to cert-manager and creating a TLS cert from there is a better long-term solution.Code of Conduct