#StackBounty: #kubernetes #cert-manager Kubernetes Cert-Manager installation (No helm)

Bounty: 50

I followed this document https://www.scaleway.com/en/docs/how-to-setup-traefikv2-and-cert-manager-on-kapsule/ (no helm) to setup cert-manager with LetsEncrypt on Kubernetes but it didn’t generate certificate. I was expecting to see Certificate issued successfully

This was ClusterIssuer manifest

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    email: admin@example.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-test-key
    solvers:
    - dns01:
        route53:
          region: us-west-2
          hostedZoneID: ######
          accessKeyID: #######
          secretAccessKeySecretRef:
            name: aws-secret
            key: secret_key
      selector:
          dnsZones:
            - "example.com"

Certificate

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: test-cert
  namespace: cert-manager
spec:
  commonName: '*.test.example.com'
  secretName: test-cert
  dnsNames:
    - '*.test.example.com'
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer

Following was the status of certificate test-cert

% kubectl -n cert-manager describe certificate test-cert
Name:         test-cert
Namespace:    cert-manager
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"cert-manager.io/v1alpha2","kind":"Certificate","metadata":{"annotations":{},"name":"test-cert","namespace":"cert-manager"},...
API Version:  cert-manager.io/v1
Kind:         Certificate
Metadata:
  Creation Timestamp:  2020-09-30T18:20:14Z
  Generation:          1
  Resource Version:    114851206
  Self Link:           /apis/cert-manager.io/v1/namespaces/cert-manager/certificates/test-cert
  UID:                 c552c42a-6202-40f8-8e9d-f47387f3cf1c
Spec:
  Common Name:  *.test.example.com
  Dns Names:
    *.test.example.com
  Issuer Ref:
    Kind:       ClusterIssuer
    Name:       letsencrypt
  Secret Name:  test-cert
Status:
  Conditions:
    Last Transition Time:        2020-09-30T18:20:14Z
    Message:                     Issuing certificate as Secret does not exist
    Reason:                      DoesNotExist
    Status:                      True
    Type:                        Issuing
    Last Transition Time:        2020-09-30T18:20:14Z
    Message:                     Issuing certificate as Secret does not exist
    Reason:                      DoesNotExist
    Status:                      False
    Type:                        Ready
  Next Private Key Secret Name:  test-cert-j2bdf
Events:                          <none>

IngressRoute for test app

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: app-external
  namespace: cert-manager
spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`app.test.example.com`)
      kind: Rule
      services:
        - name: nginx
          port: 80
      middlewares:
        - name: https-redirect
          namespace: cert-manager
  tls:
    secretName: test-cert

CertificateRequest

$ kubectl -n cert-manager describe CertificateRequest test-cert-2glmx
Name:         test-cert-2glmx
Namespace:    cert-manager
Labels:       <none>
Annotations:  cert-manager.io/certificate-name: test-cert
              cert-manager.io/certificate-revision: 1
              cert-manager.io/private-key-secret-name: test-cert-j2bdf
              kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"cert-manager.io/v1alpha2","kind":"Certificate","metadata":{"annotations":{},"name":"test-cert","namespace":"cert-manager"},...
API Version:  cert-manager.io/v1
Kind:         CertificateRequest
Metadata:
  Creation Timestamp:  2020-09-30T18:20:14Z
  Generate Name:       test-cert-
  Generation:          1
  Owner References:
    API Version:           cert-manager.io/v1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Certificate
    Name:                  test-cert
    UID:                   c552c42a-6202-40f8-8e9d-f47387f3cf1c
  Resource Version:        114851218
  Self Link:               /apis/cert-manager.io/v1/namespaces/cert-manager/certificaterequests/test-cert-2glmx
  UID:                     d275cb9f-a1d0-417c-a0de-6a1a76193c31
Spec:
  Issuer Ref:
    Kind:   ClusterIssuer
    Name:   letsencrypt
  Request:  LS0t...002b1JBCkZGREU3Mk.....nOFlqQW9......FvWkZhb....NjlzM3RtZm....gvW...0tLUV....0tLS0K
Status:
  Conditions:
    Last Transition Time:  2020-09-30T18:20:14Z
    Message:               Waiting on certificate issuance from order cert-manager/test-cert-2glmx-2027085711: "pending"
    Reason:                Pending
    Status:                False
    Type:                  Ready
Events:
  Type    Reason        Age    From          Message
  ----    ------        ----   ----          -------
  Normal  OrderCreated  6m42s  cert-manager  Created Order resource cert-manager/test-cert-2glmx-2027085711

Why certificate order is pending state

Whats wrong in my setup ?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.