<div dir="ltr">Hi guys,<div><br></div><div>Not sure if we need some new policy on deploying kubernetes 1.18+ but I'm kinda stuck and I don't know what else to do.</div><div><br></div><div>I'm trying in the past days to generate letsencrypt ssl for a simple nginx deployment <br><br>I'm deploying Kubernetes 1.19.8 or 1.20.4 cluster on Openstack using Magnum without any ingress controller.<br><br>I'm deploying ingress-nginx 0.44 using:<br><br>    wget <a href="https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml">https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml</a><br><br>Cert-manager 1.2.0<br><br>    wget <a href="https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml">https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml</a><br><br>I'm creating a nginx deployment and service with 2 replicas<br><a href="https://paste.xinu.at/PWu/">https://paste.xinu.at/PWu/</a><br><br>Configure ingress for my host:<br><a href="https://paste.xinu.at/7c7FH/">https://paste.xinu.at/7c7FH/</a><br><br>Configure the issuer:<br><a href="https://paste.xinu.at/Bf6/">https://paste.xinu.at/Bf6/</a><br><br>Reconfigure ingress:<br><a href="https://paste.xinu.at/o1j5wD/">https://paste.xinu.at/o1j5wD/</a><br><br>    kubectl apply -f deploy.yaml <br>    kubectl apply -f cert-manager.yaml<br>    kubectl apply -f nginx-deployment.yaml<br>    kubectl apply -f ioni_ingress.yaml<br>    kubectl apply -f prod_issuer.yaml<br>   <br><br>Error in events:<br>Error presenting challenge: pods "cm-acme-http-solver-" is forbidden: PodSecurityPolicy: unable to admit pod: []<br><br>Error in kubernetes logs(ssh on node)<br><a href="https://paste.xinu.at/9aMJ/">https://paste.xinu.at/9aMJ/</a><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Ionut Biru - <a href="https://fleio.com" target="_blank">https://fleio.com</a><br></div></div></div></div>