天道酬勤,学无止境

cert-manager

Cert-Manager JKS Keystores File Path for Spinnaker SSL Config

I am trying to create a certificate with JKS keystore using cert-manager inside my kubernetes cluster for spinnaker to refer to from its ssl configuration. According to the cert-manager documentation, it states that For JKS this adds the files: keystore.jks and truststore.jks to the target spec.secretName However, I cannot seem to find the actual path that jks files are created. My spec.secretName is set to mtlscerts-jks. What should be the path for the keystore for spinnaker ssl configuration? I've also tried creating a kubernetes volume as below but still no file is found from the path

2022-05-02 03:59:08    分类:问答    kubernetes   Spinnaker   cert-manager   spinnaker-halyard

SSL certificates from Let’s Encrypt in your Kubernetes Ingress via cert-manager

I am trying to get ingress with cert-manager v0.16.0 working for lets encrypt certs. I use microk8s and have followed a couple of tutorials, none of them let me to the goal. With this tutorialLink I am stuck at creating the Issuer and get an error message when trying to apply it: kc apply -f clusterIssuer.yaml namespace/cloud unchanged Error from server (InternalError): error when creating "clusterIssuer.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post "https://certmgr-cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": service "certmgr-cert

2022-05-01 22:45:10    分类:问答    kubernetes   certificate   kubernetes-ingress   cert-manager

Cert-Manager Certificate Renewal process - How it is performed?

I am using cert-manager-v0.10.0 installed from its helm chart I am using kong like ingress controller to manage the ingress operations. So I have created a ClusterIssuer resource in order it could be contacted from an Ingress resource via kong-ingress controller. The ClusterIssuer is this: apiVersion: certmanager.k8s.io/v1alpha1 kind: ClusterIssuer metadata: name: letsencrypt-prod spec: acme: # The ACME server URL server: https://acme-v02.api.letsencrypt.org/directory # Email address used for ACME registration email: username@mydomain.org # Name of a secret used to store the ACME account

2022-04-04 02:22:55    分类:问答    ssl   kubernetes-ingress   kong   cert-manager

HTTPS encryption is not active for my domain. My Order certificates is not completed

I am working with cert-manager in my kubernetes cluster, in order to get certificates signed by let'sencrypt CA to my service application inside my cluster. I am performing the following steps in the order presented. I've wanted provide the most details as a possible of my process in order to understand the behavior presented. Install the CustomResourceDefinition resources separately ⟩ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/00-crds.yaml customresourcedefinition.apiextensions.k8s.io/certificates.certmanager.k8s.io created

2022-03-23 19:20:47    分类:问答    https   kubernetes   lets-encrypt   azure-aks   cert-manager

Waiting for HTTP-01 challenge propagation: failed to perform self check GET request - ISTIO

I get this error after waiting for a while ~1 min Waiting for HTTP-01 challenge propagation: failed to perform self check GET request 'http://jenkins.xyz.in/.well-known/acme-challenge/AoV9UtBq1rwPLDXWjrq85G5Peg_Z6rLKSZyYL_Vfe4I': Get "http://jenkins.xyz.in/.well-known/acme-challenge/AoV9UtBq1rwPLDXWjrq85G5Peg_Z6rLKSZyYL_Vfe4I": dial tcp 103.66.96.201:80: connect: connection timed out I am able to access this url in the browser from anywhere (internet) curl -v http://jenkins.xyz.in/.well-known/acme-challenge/AoV9UtBq1rwPLDXWjrq85G5Peg_Z6rLKSZyYL_Vfe4I * Trying 103.66.96.201:80... * Connected to

2022-03-23 08:36:24    分类:问答    kubernetes   istio   cert-manager

Jetstack cert-manager and GKE private cluster (failed to verify ACME account)

I have installed the Jetstack cert-manager within my private GKE cluster. That all went well, but I can't get a certificate issued. The error that I get is: E1101 03:45:15.754642 1 sync.go:184] cert-manager/controller/challenges "msg"="propagation check failed" "error"="wrong status code '404', expected '200'" "dnsName"="[snip]" "resource_kind"="Challenge" "resource_name"="[snip]-certificate-2096248848-189663135-2951658629" "resource_namespace"="default" "type"="http-01" I1101 03:45:15.755017 1 controller.go:135] cert-manager/controller/challenges "level"=0 "msg"="finished processing work item

2022-02-12 00:55:55    分类:问答    google-kubernetes-engine   cert-manager

404 challenge response with cert-manager and Traefik ingress

Good day, i'm newby in kubernetes and try to setup my first environment. I want to following scheme: My organization has public IP (x.x.x.x) This IP routed to server in private LAN (i.e. 192.168.0.10) with win server + IIS. On IIS i have URL rewrite module and it's act as reverse proxy I have kubernetes cluster I have some service deployed to k8s I want to access this service from the internet with SSL, gained from let's encrypt I have already setup k8s cluster, deploy traefik (v1.7) ingress and configure them for let's encrypt (setup http->https redirect, setup acme challenge). This works

2022-02-08 13:12:57    分类:问答    kubernetes   lets-encrypt   traefik-ingress   cert-manager

从订单状态“待定”等待证书颁发(Waiting on certificate issuance from order status "pending")

问题 我在使用 cert-manager 处理 tls 证书时遇到了一个问题,我正在关注文档并添加了一些额外的东西来与Traefik一起工作作为入口。 目前,我有这个YAML文件: 集群issuer.yaml apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: name: letsencrypt-staging namespace: secure-alexguedescom spec: acme: email: user@gmail.com server: https://acme-staging-v02.api.letsencrypt.org/directory privateKeySecretRef: # Secret resource used to store the account's private key. name: letsencrypt-staging # Add a single challenge solver, HTTP01 using nginx solvers: - selector: {} http01: ingress: class: traefik-cert-manager traefik-ingress.yaml apiVersion: extensions

2022-01-16 18:44:11    分类:技术分享    ssl   kubernetes   lets-encrypt   cert-manager   k3s