Skip to content
This repository has been archived by the owner on Aug 26, 2021. It is now read-only.

Kube-Lego doesn't create service #264

Open
polonel opened this issue Oct 23, 2017 · 2 comments
Open

Kube-Lego doesn't create service #264

polonel opened this issue Oct 23, 2017 · 2 comments

Comments

@polonel
Copy link

polonel commented Oct 23, 2017
edited

Environment
Tectonic Cluster 1.7.3-tectonic.3
Kubernetes 1.7.3+tectonic.3

When deploying Kube-Lego using helm with the rbac.create=true flag; I can see that the deployment is created and the role, role bindings, and service accounts are created with the create permissions.

However the kube-lego pod never seems to create the required service or update the ingresses.
Thus filling the kube-lego with...

time="2017-10-23T04:08:33Z" level=info msg="kube-lego 0.1.6-dev-784fc8fe starting" context=kubelego 
time="2017-10-23T04:08:33Z" level=info msg="connecting to kubernetes api: https://10.3.0.1:443" context=kubelego 
time="2017-10-23T04:08:33Z" level=info msg="successfully connected to kubernetes api v1.7.3+coreos.0" context=kubelego 
time="2017-10-23T04:08:33Z" level=debug msg="start watching ingress objects" context=kubelego 
time="2017-10-23T04:08:33Z" level=info msg="server listening on http://:8080/" context=acme 
time="2017-10-23T04:08:33Z" level=debug msg="CREATE ingress/trudesk-cloud/tdcloud" context=kubelego 
time="2017-10-23T04:08:33Z" level=debug msg="worker: begin processing true" context=kubelego 
time="2017-10-23T04:08:33Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=tectonic-ingress namespace=tectonic-system 
time="2017-10-23T04:08:33Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=tectonic-monitoring-ingress namespace=tectonic-system 
time="2017-10-23T04:08:33Z" level=debug msg=reset context=provider provider=nginx 
time="2017-10-23T04:08:33Z" level=debug msg=finalize context=provider provider=nginx 
time="2017-10-23T04:08:33Z" level=info msg="disable provider no TLS hosts found" context=provider provider=nginx 
time="2017-10-23T04:08:33Z" level=info msg="process certificate requests for ingresses" context=kubelego 
time="2017-10-23T04:08:33Z" level=info msg="Attempting to create new secret" context=secret name=tdcloud-tls-cert namespace=trudesk-cloud 
time="2017-10-23T04:08:33Z" level=info msg="no cert associated with ingress" context="ingress_tls" name=tdcloud namespace=trudesk-cloud 
time="2017-10-23T04:08:33Z" level=info msg="requesting certificate for cloud.trudesk.io" context="ingress_tls" name=tdcloud namespace=trudesk-cloud 
time="2017-10-23T04:08:33Z" level=debug msg="testing reachability of http://cloud.trudesk.io/.well-known/acme-challenge/_selftest" context=acme domain=cloud.trudesk.io 
time="2017-10-23T04:08:36Z" level=debug msg="error while authorizing: waiting for authorization failed: acme: identifier authorization failed" context=acme domain=cloud.trudesk.io 
time="2017-10-23T04:08:36Z" level=debug msg="testing reachability of http://cloud.trudesk.io/.well-known/acme-challenge/_selftest" context=acme domain=cloud.trudesk.io 
time="2017-10-23T04:08:38Z" level=debug msg="error while authorizing: waiting for authorization failed: acme: identifier authorization failed" context=acme domain=cloud.trudesk.io 
time="2017-10-23T04:08:39Z" level=debug msg="testing reachability of http://cloud.trudesk.io/.well-known/acme-challenge/_selftest" context=acme domain=cloud.trudesk.io 
time="2017-10-23T04:08:41Z" level=debug msg="error while authorizing: waiting for authorization failed: acme: identifier authorization failed" context=acme domain=cloud.trudesk.io 
time="2017-10-23T04:08:43Z" level=debug msg="testing reachability of http://cloud.trudesk.io/.well-known/acme-challenge/_selftest" context=acme domain=cloud.trudesk.io

The helm command used to deploy kube-lego is as follows:

helm install \
--set=config.LEGO_EMAIL=${LEGO_EMAIL} \
--set=config.LEGO_URL="https://acme-staging.api.letsencrypt.org/directory" \
--set=config.LEGO_DEFAULT_INGRESS_CLASS=tectonic \
--set=config.LEGO_SUPPORTED_INGRESS_CLASS=tectonic \
--set=config.LEGO_SUPPORTED_INGRESS_PROVIDER=nginx \
--set=config.LEGO_LOG_LEVEL=debug \
--set=rbac.create=true \
--set=image.tag=canary \
--name=tectonic \
--namespace=kube-system \
stable/kube-lego

I'm not sure if I'm over looking something, as there is not much information on getting this to work with a tectonic cluster. Any insight?
@tlyng
Copy link

tlyng commented Nov 1, 2017

I'm having similar issues when supplying custom ingress classes, works fine when not specifying default ingress class, supported ingress class and provider

@eversC
Copy link

eversC commented Dec 19, 2017
edited

I was having the same issue, and after much code trawling I finally found an annotation that's used to specify the ingress provider: "kubernetes.io/ingress.provider"

..which led me to: #189 (comment)

I added that annotation (with value "nginx" ) to my nginx ingress, and it started working. I haven't tried multiple ingress classes yet

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tlyng @polonel @eversC