[magnum][ingress-nginx][cert-manager] issuing letsencrypt certs

Ionut Biru ionut at fleio.com
Wed Feb 24 12:04:34 UTC 2021


Hi guys,

Not sure if we need some new policy on deploying kubernetes 1.18+ but I'm
kinda stuck and I don't know what else to do.

I'm trying in the past days to generate letsencrypt ssl for a simple nginx
deployment

I'm deploying Kubernetes 1.19.8 or 1.20.4 cluster on Openstack using Magnum
without any ingress controller.

I'm deploying ingress-nginx 0.44 using:

    wget
https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml

Cert-manager 1.2.0

    wget
https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml

I'm creating a nginx deployment and service with 2 replicas
https://paste.xinu.at/PWu/

Configure ingress for my host:
https://paste.xinu.at/7c7FH/

Configure the issuer:
https://paste.xinu.at/Bf6/

Reconfigure ingress:
https://paste.xinu.at/o1j5wD/

    kubectl apply -f deploy.yaml
    kubectl apply -f cert-manager.yaml
    kubectl apply -f nginx-deployment.yaml
    kubectl apply -f ioni_ingress.yaml
    kubectl apply -f prod_issuer.yaml


Error in events:
Error presenting challenge: pods "cm-acme-http-solver-" is forbidden:
PodSecurityPolicy: unable to admit pod: []

Error in kubernetes logs(ssh on node)
https://paste.xinu.at/9aMJ/

-- 
Ionut Biru - https://fleio.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210224/247a9142/attachment.html>


More information about the openstack-discuss mailing list