Hi guys,

Not sure if we need some new policy on deploying kubernetes 1.18+ but I'm kinda stuck and I don't know what else to do.

I'm trying in the past days to generate letsencrypt ssl for a simple nginx deployment 

I'm deploying Kubernetes 1.19.8 or 1.20.4 cluster on Openstack using Magnum without any ingress controller.

I'm deploying ingress-nginx 0.44 using:

    wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml

Cert-manager 1.2.0

    wget https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml

I'm creating a nginx deployment and service with 2 replicas
https://paste.xinu.at/PWu/

Configure ingress for my host:
https://paste.xinu.at/7c7FH/

Configure the issuer:
https://paste.xinu.at/Bf6/

Reconfigure ingress:
https://paste.xinu.at/o1j5wD/

    kubectl apply -f deploy.yaml
    kubectl apply -f cert-manager.yaml
    kubectl apply -f nginx-deployment.yaml
    kubectl apply -f ioni_ingress.yaml
    kubectl apply -f prod_issuer.yaml
   

Error in events:
Error presenting challenge: pods "cm-acme-http-solver-" is forbidden: PodSecurityPolicy: unable to admit pod: []

Error in kubernetes logs(ssh on node)
https://paste.xinu.at/9aMJ/

--
Ionut Biru - https://fleio.com