Open robeastham opened 5 years ago
@robeastham You have to install Rio on standard ports starting from v0.5.0 if you want to provision letsencrypts certs for your public domain. We are dropping ingress install mode due to a limitation https://github.com/rancher/rio/releases/tag/v0.5.0-rc1. Use `rio install ${args} --http-port 80 --https-port 443).
Thanks @StrongMonkey, so that's what I'm missing :-). Thanks for the super quick reply.
I should do an upgrade by just running:
rio install ${args} --http-port 80 --https-port 443
I tried the above and am now on standard ports, but I still seem to have certs being issued by cert-manager.local
Perhaps since I have nothing important I should uninstall rio and then reinstall with the above command instead?
@robeastham I think if you are using RKE(RKE doesn't support service loadbalancer by default), the install options would be
rio install --mesh-mode istio --mode hostport --http-port 80 --https-port 443
Then run rio info
to check if you have IP addresses assigned as public IP of your worker nodes. if not then try
rio install --mesh-mode istio --mode hostport --http-port 80 --https-port 443 ----ip-address ${worker_ip_1},${worker_ip_2},${worker_ip_3_}
don't have to uninstall and install. If you just change the parameter it should apply to rio controller runtime.
This appears to happen with:
..on v0.5.0-rc1 & v0.5.0-rc2.
I can access my service on
..and it work as expected (demo app that grabs json from github) and the cert for the domain above is from LetsEncrypt.
I then added a public domain, i.e. like this:
I could then access my service on that public domain after adding a CNAME record to point my www subdomain to xxxxx.on-rio.io, so I can access like this:
But when accessing the service using my public domain my browser complains about the cert because it seems to be issued by cert-manager.local
This was not the case when I was using the default install for 0.4.0, LetEncrypt certs were assigned corectly for my own domain and not cert-manager.local. If it makes any difference I'm using:
...and a Riofile to create the service.
Not sure if this is related but I also get this when doing an install check:
.. the output from my most recent logs is as follows:
All was working fine when I was using 0.4.0 on the same cluster. I did use:
...before installed v0.5.0-rc2
Keep up the great work with Rio, it looks like it's going to be a killer product.
P.S. I'm doing all of this on a Rancher Custom RKE cluster.