Ingress TLS routes with cert-manager not applied

I have a K8s cluster (v1.12.8-gke.10) in GKE and have a nginx ingress with hosts rules. I am trying to enable TLS using cert-manager for ingress routes. I am using a selfsign cluster issuer. But, when I access the site over HTTPS, I am still getting the default K8s certificate. (The certificate is only valid for the following names: kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local)

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: test
  name: test
  annotations:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/ingress.allow-http: "false"
    nginx.ingress.kubernetes.io/rewrite-target: /
    certmanager.k8s.io/cluster-issuer: selfsign
spec:
  tls:
    - secretName: test
      hosts:
        - test.example.com
  rules:
    - host: test.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test
              servicePort: 80

I have checked the following and is working fine:

  1. A cluster issuer named "selfsign"
  2. A valid self-signed certificate backed by a secret "test"
  3. A healthy and running nginx ingress deployment
  4. A healthy and running ingress service of type load-balancer

1 answer

  • answered 2019-09-10 05:35 Harsh Manvar

    I think it's issue of clusterissuer

    Just have a look at my cluster issuer and check

    apiVersion: certmanager.k8s.io/v1alpha1
    kind: ClusterIssuer
    metadata:
      name: prod
    spec:
      acme:
        # The ACME server URL
        server: https://acme-v02.api.letsencrypt.org/directory
        # Email address used for ACME registration
        email: it-support@something.com
        # Name of a secret used to store the ACME account private key
        privateKeySecretRef:
          name: prod
        # Enable the HTTP-01 challenge provider
        http01: {}
    

    Check for the right url to get production-grade certificates:

    server: https://acme-v02.api.letsencrypt.org/directory

    If your server url is something like this :

    server: https://acme-staging-v02.api.letsencrypt.org/directory

    which means you are applying for the staging certificate which may occur the error.