Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Self-referential Ingress and Certificate must be done in order #661

Closed
tamalsaha opened this issue Oct 24, 2017 · 3 comments

Comments

Projects
None yet
1 participant
@tamalsaha
Copy link
Member

commented Oct 24, 2017

@tamalsaha

This comment has been minimized.

Copy link
Member Author

commented Oct 24, 2017

Essentially the issue is HAProxy can't start since the cert is not present. Since HAProxy can't start the cert can't be issued.

Workaround: First create the Ingress without the TLS section. Then create the Certificate object. This will issue the cert and create tls secret. Now, update Ingress to add TLS section.

daemon.err: Oct 24 01:25:06 reloader: I1024 01:50:22.160104      23 util.go:40] calling boot file to execute
daemon.err: Oct 24 01:25:06 reloader: I1024 01:50:22.168251      23 util.go:43] Output:
daemon.err: Oct 24 01:25:06 reloader:  [ALERT] 296/015022 (6046) : parsing [/etc/haproxy/haproxy.cfg:57] : 'bind *:443' : unable to load SSL private key from PEM file '/etc/ssl/private/haproxy/tls/tls-kitecicom.pem'.
daemon.err: Oct 24 01:25:06 reloader: [ALERT] 296/015022 (6046) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
daemon.err: Oct 24 01:25:06 reloader: [ALERT] 296/015022 (6046) : Fatal errors found in configuration.
daemon.err: Oct 24 01:25:06 reloader: I1024 01:50:22.168279      23 util.go:45] failed to run cmd

@tamalsaha

This comment has been minimized.

Copy link
Member Author

commented Oct 29, 2017

For a fully worked out example, see here: https://github.com/tamalsaha/voyager-http-cert

@tamalsaha

This comment has been minimized.

Copy link
Member Author

commented Feb 7, 2018

This is now documented.

@tamalsaha tamalsaha closed this Feb 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.