search

zonca / jupyterhub-deploy-kubernetes-jetstream

Configuration files for my tutorials on deploying JupyterHub on top of Kubernetes on XSEDE Jetstream (Openstack)
https://zonca.dev/categories/#jetstream
23 stars 14 forks source link

Patch cert-manager deployments; See #52 #53

Closed ana-v-espinoza closed 2 years ago

ana-v-espinoza commented 2 years ago

See https://github.com/Unidata/science-gateway/tree/master/vms/jupyter#letsencrypt-versus-certificate-from-a-certificate-authority for our own docs on the steps taken to apply this patch.

Of course feel free to make suggestions on the names/locations of files, or anything else you find lacking.

julienchastang commented 1 year ago

This deployment patch may no longer be necessary and in fact makes the cluster have problems with:

Tolerations:                 node-role.kubernetes.io/master op=Exists
                             node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason            Age   From               Message
  ----     ------            ----  ----               -------
  Warning  FailedScheduling  4m6s  default-scheduler  0/4 nodes are available: 1 node(s) had untolerated taint {node-role.kubernetes.io/control-plane: }, 3 node(s) didn't match Pod's node affinity/selector. preemption: 0/4 nodes are available: 4 Preemption is not helpful for scheduling

May wish to remove the documentation here: https://www.zonca.dev/posts/2020-03-13-setup-https-kubernetes-letsencrypt.html#bind-the-pods-to-the-master-node

I was able to successfully get a letsencrypt cert without the need for the deploymentPatch.

cc: @robertej09

zonca commented 1 year ago

I am going to test this next. Do you mean that you were able to get a certificate even if the certain manager was running on a node and not on master?

julienchastang commented 1 year ago

Do you mean that you were able to get a certificate even if the certain manager was running on a node and not on master?

Not sure actually. It "just works" without the deployment patch. Hopefully, I was not just getting lucky.

zonca commented 1 year ago

@julienchastang you are right, I tested with cert-manager running on a node with no public IP and it worked fine! thanks, this is going to simplify the deployment a lot. I am going to create a new version of the tutorial, so we have the old version for reference.

zonca commented 1 year ago

ok, see https://www.zonca.dev/posts/2023-09-26-https-kubernetes-letsencrypt