search

techno-tim / launchpad

A collection of quick starters for ansible, kubernetes, docker, linux, windows, and more. Great for HomeLabs!
https://technotim.live
1.47k stars 478 forks source link

certs didn't get used by traefik until I upgraded cert-manager from v1.9.1 to v1.13.1 #41

Open edoziw opened 1 year ago

edoziw commented 1 year ago

launchpad/kubernetes/traefik-cert-manager

symptom

after following instructions for staging cert, traefik didn't use the cert

cause

unknown

resolution

upgrade cert-manager

How to upgrade

cert_manager_version='v1.13.1'
kubectl apply -f "https://github.com/cert-manager/cert-manager/releases/download/${cert_manager_version}/cert-manager.crds.yaml"
helm upgrade --version "${cert_manager_version}" cert-manager jetstack/cert-manager --namespace cert-manager
emcniece commented 11 months ago

At what point did you discover this problem? Was it in the second half of https://www.youtube.com/watch?v=G4CmbYL9UPg when deploying the Nginx deployment+ingress+service?

I installed cert-manager v1.13.2 from the start, bypassing v1.9.1 entirely, and encountered a similar hiccup: the Nginx deployment, when accessed in browser, reported the TRAEFIK DEFAULT CERT instead of the staging cert.

This turned out to be a typo on my behalf that is hinted at 34:42: the tls: secretName value in nginx/ingress.yaml must match the secretName value in cert-manager/certificates/staging/local-example-com.yaml.

I have renamed several things in my own deployment. The fix for me was to rename the tls: secretName value in the Nginx ingress spec to match the secretName in the staging certificate spec, then apply. I am curious if you have renamed things in your own deploy, and perhaps it wasn't the version bump that fixed things but rather a fresh deploy with values that matched in all occurrences.