K8s with acme cert-manager problem

Hello,

I am trying cert-manager in k8s, also using nginx-ingress controller with metallb, hope any k8s expert here

Centos version:
CentOS Linux release 7.8.2003 (Core)

Ingress yaml:
[root@sealos01 ingress]# kubectl get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
test testing.hkitblog.com 10.0.10.140 80, 443 53m

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test
spec:
tls:

• secretName: testing-hkitblog-com-tls
  hosts:
  • testing.hkitblog.com
    rules:
• host: testing.hkitblog.com
  http:
  paths:
  • backend:
    serviceName: helloworld-v1
    servicePort: 443

pod and svc yaml:
[root@sealos01 ingress]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
helloworld-v1 LoadBalancer 10.97.91.142 10.0.10.141 443:32280/TCP 53m
kubernetes ClusterIP 10.96.0.1 443/TCP 2d1h
my-release-nginx-ingress LoadBalancer 10.98.35.128 10.0.10.140 80:31159/TCP,443:31789/TCP 2d1h

[root@sealos01 ingress]# kubectl get pod
NAME READY STATUS RESTARTS AGE
my-release-nginx-ingress-5c57477464-lgqrz 1/1 Running 7 2d1h
testing.hkitblog.com 1/1 Running 0 53m

[root@sealos01 ingress]# cat helloworld-v1.yaml
apiVersion: v1
kind: Pod
metadata:
name: testing.hkitblog.com
labels:
app: helloworld-v1
spec:
containers:

• name: k8s-demo
  image: 105552010/k8s-demo:v1
  ports:
  • name: nodejs-port
    containerPort: 3000

apiVersion: v1
kind: Service
metadata:
name: helloworld-v1
spec:
type: LoadBalancer
externalTrafficPolicy: Cluster
loadBalancerIP: 10.0.10.141
ports:

• port: 443
  targetPort: 3000
  protocol: TCP
  selector:
  app: helloworld-v1

metallb yaml:
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
auto-assign: true
addresses:
- 10.0.10.140-10.0.10.145

cert is ready:
[root@sealos01 ingress]# kubectl get cert
NAME READY SECRET AGE
testing-hkitblog-com True testing-hkitblog-com-tls 46h

image734×70 2.36 KB

I have edited /etc/hosts 10.0.10.141 > testing.hkitblog.com in a master node.

when curl -v https://testing.hkitblog.com

• About to connect() to testing.hkitblog.com port 443 (#0)
• Trying 10.0.10.141…
• Connected to testing.hkitblog.com (10.0.10.141) port 443 (#0)
• Initializing NSS with certpath: sql:/etc/pki/nssdb
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• NSS error -5938 (PR_END_OF_FILE_ERROR)
• Encountered end of file
• Closing connection 0
  curl: (35) Encountered end of file

If change to 80 port is no problem, why CApath: none ?

Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.