Skip to content

Instantly share code, notes, and snippets.

@bzinoun

bzinoun/gist:90266d46a4cd2ed531b3c3987097d6a6

Last active May 8, 2019 16:01
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bzinoun/90266d46a4cd2ed531b3c3987097d6a6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bzinoun/90266d46a4cd2ed531b3c3987097d6a6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.md

Needs : Secure Domaine through ingress

Ingress config :

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: frontend-ingress
  namespace: prod
  annotations:
    certmanager.k8s.io/cluster-issuer: letsencrypt-staging
    certmanager.k8s.io/acme-challenge-type: http01
    kubernetes.io/ingress.class: nginx
spec:
  tls:
  - hosts:
    - XXXXXXX.eu-de.containers.appdomain.cloud
    secretName: tls-staging-cert2
  rules:
  - host: XXXXXXX.eu-de.containers.appdomain.cloud
    http:
      paths:
      - path: /
        backend:  
          serviceName: frontend-service
          servicePort: 5000

kubectl describe ingress

Name:             frontend-ingress
Namespace:        prod
Address:          169.50.55.30
Default backend:  default-http-backend:80 (<none>)
TLS:
  tls-staging-cert2 terminates XXXXXXX.eu-de.containers.appdomain.cloud
Rules:
  Host                                       Path  Backends
  ----                                       ----  --------
  digiserv.eu-de.containers.appdomain.cloud
                                             /   frontend-service:5000 (<none>)
Annotations:
  certmanager.k8s.io/acme-challenge-type:            http01
  certmanager.k8s.io/cluster-issuer:                 letsencrypt-staging
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"certmanager.k8s.io/acme-challenge-type":"http01","certmanager.k8s.io/cluster-issuer":"letsencrypt-staging","kubernetes.io/ingress.class":"nginx"},"name":"frontend-ingress","namespace":"prod"},"spec":{"rules":[{"host":"digiserv.eu-de.containers.appdomain.cloud","http":{"paths":[{"backend":{"serviceName":"frontend-service","servicePort":5000},"path":"/"}]}}],"tls":[{"hosts":["digiserv.eu-de.containers.appdomain.cloud"],"secretName":"tls-staging-cert2"}]}}

  kubernetes.io/ingress.class:  nginx
Events:
  Type     Reason               Age   From                                                             Message
  ----     ------               ----  ----                                                             -------
  Normal   CreateCertificate    29m   cert-manager                                                     Successfully created Certificate "tls-staging-cert2"
  Warning  TLSSecretNotFound    29m   public-cr113b34239ca647178afc3f47ddf14225-alb1-667cb6d6f6-mbfpf  Failed to apply ingress resource.
  Warning  TLSSecretNotFound    29m   public-cr113b34239ca647178afc3f47ddf14225-alb1-667cb6d6f6-f2cpn  Failed to apply ingress resource.
  Warning  ConfigReloadFailure  29m   public-cr113b34239ca647178afc3f47ddf14225-alb1-667cb6d6f6-f2cpn  Invalid nginx configuration detected, not reloading: Command nginx -t stdout: ""
stderr: "nginx: [emerg] PEM_read_bio_X509_AUX(\"/etc/nginx/ssl/prod-tls-staging-cert2.pem\") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n"
finished with error: exit status 1
  Warning  ConfigReloadFailure  29m  public-cr113b34239ca647178afc3f47ddf14225-alb1-667cb6d6f6-mbfpf  Invalid nginx configuration detected, not reloading: Command nginx -t stdout: ""
stderr: "nginx: [emerg] PEM_read_bio_X509_AUX(\"/etc/nginx/ssl/prod-tls-staging-cert2.pem\") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n"
finished with error: exit status 1
  Warning  ConfigReloadFailure  42s  public-cr113b34239ca647178afc3f47ddf14225-alb1-667cb6d6f6-f2cpn  Invalid nginx configuration detected, not reloading: Command nginx -t stdout: ""
stderr: "nginx: [emerg] PEM_read_bio_X509_AUX(\"/etc/nginx/ssl/prod-tls-staging-cert2.pem\") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n"
finished with error: exit status 1
  Warning  ConfigReloadFailure  42s  public-cr113b34239ca647178afc3f47ddf14225-alb1-667cb6d6f6-mbfpf  Invalid nginx configuration detected, not reloading: Command nginx -t stdout: ""
stderr: "nginx: [emerg] PEM_read_bio_X509_AUX(\"/etc/nginx/ssl/prod-tls-staging-cert2.pem\") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n"
finished with error: exit status 1

Cert Manager logs


I0508 15:20:46.770528       1 controller.go:173] ingress-shim controller: syncing item 'prod/frontend-ingress'
I0508 15:20:46.770667       1 sync.go:177] Certificate "tls-staging-cert2" for ingress "frontend-ingress" already exists
I0508 15:20:46.770699       1 sync.go:180] Certificate "tls-staging-cert2" for ingress "frontend-ingress" is up to date
I0508 15:20:46.770707       1 controller.go:179] ingress-shim controller: Finished processing work item "prod/frontend-ingress"
I0508 15:20:46.784182       1 controller.go:183] orders controller: syncing item 'prod/tls-staging-cert2-3541212626'
I0508 15:20:46.784668       1 logger.go:38] Calling CreateOrder
E0508 15:20:46.795609       1 controller.go:147] certificates controller: Re-queuing item "prod/tls-staging-cert2" due to errorprocessing: Operation cannot be fulfilled on certificates.certmanager.k8s.io "tls-staging-cert2": the object has been modified;please apply your changes to the latest version and try again
I0508 15:20:46.795848       1 controller.go:145] certificates controller: syncing item 'prod/tls-staging-cert2'
I0508 15:20:46.796784       1 issue.go:154] Order prod/tls-staging-cert2-3541212626 is not in 'valid' state. Waiting for Order to transition before attempting to issue Certificate.
I0508 15:20:46.796949       1 controller.go:151] certificates controller: Finished processing work item "prod/tls-staging-cert2"
E0508 15:20:47.345959       1 controller.go:185] orders controller: Re-queuing item "prod/tls-staging-cert2-3541212626" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:20:51.796016       1 controller.go:145] certificates controller: syncing item 'prod/tls-staging-cert2'
I0508 15:20:51.797073       1 issue.go:154] Order prod/tls-staging-cert2-3541212626 is not in 'valid' state. Waiting for Order to transition before attempting to issue Certificate.
I0508 15:20:51.797240       1 controller.go:151] certificates controller: Finished processing work item "prod/tls-staging-cert2"
I0508 15:20:52.346298       1 controller.go:183] orders controller: syncing item 'prod/tls-staging-cert2-3541212626'
I0508 15:20:52.346610       1 logger.go:38] Calling CreateOrder
E0508 15:20:52.891098       1 controller.go:185] orders controller: Re-queuing item "prod/tls-staging-cert2-3541212626" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:21:02.891723       1 controller.go:183] orders controller: syncing item 'prod/tls-staging-cert2-3541212626'
I0508 15:21:02.892401       1 logger.go:38] Calling CreateOrder
E0508 15:21:03.438490       1 controller.go:185] orders controller: Re-queuing item "prod/tls-staging-cert2-3541212626" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:21:23.438853       1 controller.go:183] orders controller: syncing item 'prod/tls-staging-cert2-3541212626'
I0508 15:21:23.439346       1 logger.go:38] Calling CreateOrder
E0508 15:21:24.147044       1 controller.go:185] orders controller: Re-queuing item "prod/tls-staging-cert2-3541212626" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:22:04.147429       1 controller.go:183] orders controller: syncing item 'prod/tls-staging-cert2-3541212626'
I0508 15:22:04.147835       1 logger.go:38] Calling CreateOrder
E0508 15:22:04.697714       1 controller.go:185] orders controller: Re-queuing item "prod/tls-staging-cert2-3541212626" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:23:24.698266       1 controller.go:183] orders controller: syncing item 'prod/tls-staging-cert2-3541212626'
I0508 15:23:24.698513       1 logger.go:38] Calling CreateOrder
E0508 15:23:25.243367       1 controller.go:185] orders controller: Re-queuing item "prod/tls-staging-cert2-3541212626" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:26:05.243780       1 controller.go:183] orders controller: syncing item 'prod/tls-staging-cert2-3541212626'
I0508 15:26:05.244259       1 logger.go:38] Calling CreateOrder
E0508 15:26:05.796701       1 controller.go:185] orders controller: Re-queuing item "prod/tls-staging-cert2-3541212626" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:29:33.106150       1 controller.go:183] orders controller: syncing item 'prod/tls-staging-cert-3541212626'
I0508 15:29:33.106638       1 logger.go:38] Calling CreateOrder
E0508 15:29:33.676414       1 controller.go:185] orders controller: Re-queuing item "prod/tls-staging-cert-3541212626" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:31:25.797002       1 controller.go:183] orders controller: syncing item 'prod/tls-staging-cert2-3541212626'
I0508 15:31:25.797539       1 logger.go:38] Calling CreateOrder
E0508 15:31:26.444772       1 controller.go:185] orders controller: Re-queuing item "prod/tls-staging-cert2-3541212626" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:38:38.751382       1 controller.go:183] orders controller: syncing item 'prod/letsencrypt-staging-private-key-3736043707'
I0508 15:38:38.751706       1 logger.go:38] Calling CreateOrder
E0508 15:38:39.313870       1 controller.go:185] orders controller: Re-queuing item "prod/letsencrypt-staging-private-key-3736043707" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:42:06.445224       1 controller.go:183] orders controller: syncing item 'prod/tls-staging-cert2-3541212626'
I0508 15:42:06.445640       1 logger.go:38] Calling CreateOrder
E0508 15:42:07.012343       1 controller.go:185] orders controller: Re-queuing item "prod/tls-staging-cert2-3541212626" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:malformed: JWS verification error
I0508 15:49:33.250599       1 controller.go:173] ingress-shim controller: syncing item 'prod/frontend-ingress'
I0508 15:49:33.251223       1 sync.go:177] Certificate "tls-staging-cert2" for ingress "frontend-ingress" already exists
I0508 15:49:33.251347       1 sync.go:180] Certificate "tls-staging-cert2" for ingress "frontend-ingress" is up to date
I0508 15:49:33.251585       1 controller.go:179] ingress-shim controller: Finished processing work item "prod/frontend-ingress"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment