Error: "exposer-ip" can't be empty string

tnozicka / openshift-acme

ACME Controller for OpenShift and Kubernetes Cluster. (Supports e.g. Let's Encrypt)

Apache License 2.0

319 stars 116 forks source link

Error: "exposer-ip" can't be empty string #71

Closed magick93 closed 6 years ago

magick93 commented 6 years ago

Hello

I have been using openshift-acme for several months without issues.

Today however, I started getting the following error:


I0625 03:53:03.773719       1 cmd.go:147] ACME server url is "https://acme-v01.api.letsencrypt.org/directory"
--
  | I0625 03:53:03.774132       1 cmd.go:154] ACME server loglevel == 8
  | I0625 03:53:03.774144       1 cmd.go:119] No kubeconfig specified, using InClusterConfig.
  | I0625 03:53:03.775687       1 cmd.go:170] Watching all namespaces.
  | I0625 03:53:03.775724       1 cmd.go:190] "selfnamespace" is unspecified, trying inCluster
  | Error: "exposer-ip" can't be empty string

Do you have any ideas as to what might cause this?

Thanks

tnozicka commented 6 years ago

I suspect this might be an issue with update. There has been few way how we have done exposing, 1 requiring Kubernetes Downward API. If you've updated the image, I'd check that you are running with the YAML definition for that deployment.

magick93 commented 6 years ago

If you've updated the image, I'd check that you are running with the YAML definition for that deployment.

Do you mean ensuring that routes that should be https have the following?

metadata:
  annotations:
    kubernetes.io/tls-acme: "true"

tnozicka commented 6 years ago

I meant the Deployment API definition for openshift-acme controller itself. https://github.com/tnozicka/openshift-acme/blob/master/deploy/letsencrypt-live/cluster-wide/deployment.yaml#L27-L30

magick93 commented 6 years ago

Oh ok. I didnt realize there was this environment variable.

Currently it is set to https://acme-v01.api.letsencrypt.org/directory.

Is this the correct value? If not, what should it be?

Thanks

tnozicka commented 6 years ago

The link above is pointing to OPENSHIFT_ACME_EXPOSER_IP variable, I don't suppose the value you've provided https://acme-v01.api.letsencrypt.org/directory is really there as the correct value is:

        - name: OPENSHIFT_ACME_EXPOSER_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP

magick93 commented 6 years ago

Sorry, but I am having trouble understanding.

I don't suppose the value you've provided https://acme-v01.api.letsencrypt.org/directory is really there

Yes, it really is there. download

I tried changing the the DC yaml to:

    spec:
      containers:
        - env:
            - name: OPENSHIFT_ACME_ACMEURL
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: status.podIP

And now I get the following, similar, error:

I0628 23:52:15.639527       1 cmd.go:147] ACME server url is "10.129.0.195"
--
  | I0628 23:52:15.640106       1 cmd.go:154] ACME server loglevel == 8
  | I0628 23:52:15.640120       1 cmd.go:119] No kubeconfig specified, using InClusterConfig.
  | I0628 23:52:15.641761       1 cmd.go:170] Watching all namespaces.
  | I0628 23:52:15.641798       1 cmd.go:190] "selfnamespace" is unspecified, trying inCluster
  | Error: "exposer-ip" can't be empty string

tnozicka commented 6 years ago

I am not sure we are on the same page: I am telling you to set up env named OPENSHIFT_ACME_EXPOSER_IP and you keep talking about OPENSHIFT_ACME_ACMEURL :) Those are 2 distinct env vars - EXPOSER_IP != ACMEURL

Maybe just run

oc apply -fhttps://raw.githubusercontent.com/tnozicka/openshift-acme/master/deploy/letsencrypt-live/cluster-wide/{clusterrole,serviceaccount,imagestream,deployment}.yaml

or just for the deployment

oc apply -fhttps://raw.githubusercontent.com/tnozicka/openshift-acme/master/deploy/letsencrypt-live/cluster-wide/deployment.yaml

magick93 commented 6 years ago

My apologies! Yes, somewhere in my head these two had merged to one.

Thanks for your help. The issue is resolved.