№ 10443 В разделе "Sysadmin"
от December 14th, 2019,
В подшивках: cert-manager, Helm, Kubernetes
In ingress resource you created new domain to perform HTTP01 challenge and obtain new LE certificate but something goes wrong in log file:
E1214 14:35:06.644315 1 sync.go:183] cert-manager/controller/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://test.k8s.blindage.org/.well-known/acme-challenge/nmxxZh0K7iXuOnqGRm52PqymHj8YFVpN2MryLfRdVoU': Get http://test.k8s.blindage.org/.well-known/acme-challenge/nmxxZh0K7iXuOnqGRm52PqymHj8YFVpN2MryLfRdVoU: dial tcp: lookup test.k8s.blindage.org on 10.245.0.10:53: no such host" "dnsName"="test.k8s.blindage.org" "resource_kind"="Challenge" "resource_name"="tls-test-k8s-blindage-org-749846670-0" "resource_namespace"="testing" "type"="http-01"
… and this error repeats multiple times without any progress. Its managed Kubernetes in DigitalOcean.
To solve this problem just uncomment these lines in Helm chart of cert-manager to provide your own nameservers:
podDnsPolicy: "None" podDnsConfig: nameservers: - "1.1.1.1" - "8.8.8.8"
Voila! You got new certificate.
№ 10106 В разделе "Sysadmin"
от July 1st, 2019,
В подшивках: cert-manager, Helm, Kubernetes
{{- if .Values.ingress.tls }} {{- range .Values.ingress.tls }} {{- $secretName := .secretName -}} {{- range .hosts }} --- apiVersion: certmanager.k8s.io/v1alpha1 kind: Certificate metadata: name: {{ $fullName }} spec: acme: config: - dns01: provider: route53 domains: - {{ . }} commonName: "" dnsNames: - {{ . }} issuerRef: kind: ClusterIssuer name: letsencrypt secretName: {{ $secretName }} {{- end }} {{- end }} {{- end }}
Fortune cookie: Q: What's the difference between hard and dark? A: It stays dark all night.