cert-manager: letsencrypt documentation unclear or missing configuration options
Is this a BUG REPORT or FEATURE REQUEST?:
Uncomment only one, leave it on its own line:
/kind bug /kind feature
What happened: I’ve tried to install cert-manager via Helm, following the docs from: https://github.com/jetstack/cert-manager/blob/master/docs/user-guides/deploying.md
Shim pod logs show a lot of these errors:
I0131 16:05:27.006009 1 controller.go:147] ingress-shim controller: syncing item 'infrastructure/grafana-grafana'
E0131 16:05:27.006127 1 controller.go:156] ingress-shim controller: Re-queuing item "infrastructure/grafana-grafana" due to error processing: clusterissuer.certmanager.k8s.io "letsencrypt-staging" not found
What you expected to happen: Automatic Letsencrypt configuration and creation of https certificates.
How to reproduce it (as minimally and precisely as possible):
- Install cert-manager via:
helm install stable/cert-manager --name cert-manager --namespace=infrastructure -f values.yaml - Add “kubernetes.io/tls-acme: ‘true’” to your ingress: controllers.
- Use this values file:
# Optional additional arguments
extraArgs: []
ingressShim:
enabled: true
# Optional additional arguments for ingress-shim
extraArgs: ['--default-issuer-name=letsencrypt-staging', '--default-issuer-kind=ClusterIssuer']
createCustomResource: true
rbac:
# Specifies whether RBAC resources should be created
create: true
serviceAccount:
# Specifies whether a service account should be created
create: true
Anything else we need to know?: Coming from kube-lego i know that there should be a place where the letsencrypt registration email and api url are configured, but the docs are not saying a word about this.
Imho the cluster-issuer for letsencrypt should more look like this one: https://github.com/jetstack/cert-manager/blob/master/docs/examples/cluster-issuer.yaml
But the one i get from “helm get cert-manager” is:
# Source: cert-manager/templates/clusterissuer-crd.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterissuers.certmanager.k8s.io
labels:
app: cert-manager
chart: cert-manager-0.2.1
release: cert-manager
heritage: Tiller
spec:
group: certmanager.k8s.io
version: v1alpha1
names:
kind: ClusterIssuer
plural: clusterissuers
scope: Cluster
If i miss some configuration for this the documentation should be extended. If there is no way to configure this via the values.yaml i consider this a missing feature.
Environment:
- Kubernetes version (use
kubectl version): 1.8.5 - Cloud provider or hardware configuration**: Google
- Install tools: Helm 2.7.2
- Others:
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 20 (9 by maintainers)
Commits related to this issue
- added cahnges of https://github.com/jetstack/cert-manager/issues/289#issuecomment-362668008 — committed to monotek/cert-manager by monotek 6 years ago
I had exactly the same problem, I found the docs really unclear, that’s why immediately I managed to make it work I put down a how-to https://amasucci.com/post/2018/03/17/how-to-generate-tls-certificates-with-cert-manager-and-lets-encrypt-in-kubernetes/ feel free to reference or copy it. I think this is a cool project but docs deserve more love. Hope this helps.
@orian you only need to specify an
ingressin the Certificate if you want a particular Ingress resource to be modified. And you only need to specifydomainsif you what different domain challenges handled differently.No idea about the godoc issue sorry.