from @david-baylibre:
I installed the operator from the repo dist/install.yaml, this is great, devs don't have to deal with Helm and permissions.
I can now have annotations on my ingresses.
However, I'm getting errors when enabling cert-manager with Let'sEncrypt, it tries to get a cert for the local domain:
describe cert jumpstarter-controller-tls
Warning Failed 36s cert-manager-certificates-issuing The certificate request has failed to complete and will be retried: Failed to wait for order resource "jumpstarter-controller-tls-1-1511209746" to become ready: order is in "errored" state: Failed to create Order: 400 urn:ietf:params:acme:error:rejectedIdentifier: Invalid identifiers requested :: Cannot issue for "jumpstarter-controller": Domain name needs at least one dot (and 3 more problems. Refer to sub-problems for more information.); subproblems:
urn:ietf:params:acme:error:malformed: [dns: jumpstarter-controller] Invalid identifiers requested :: Domain name needs at least one dot
urn:ietf:params:acme:error:malformed: [dns: jumpstarter-controller.jumpstarter-dev01] Invalid identifiers requested :: Domain name does not end with a valid public suffix (TLD)
urn:ietf:params:acme:error:malformed: [dns: jumpstarter-controller.jumpstarter-dev01.svc] Invalid identifiers requested :: Domain name does not end with a valid public suffix (TLD)
urn:ietf:params:acme:error:malformed: [dns: jumpstarter-controller.jumpstarter-dev01.svc.cluster.local] Invalid identifiers requested :: Domain name does not end with a valid public suffix (TLD)
On the ingress side, it does not try to get a cert because secretName is missing (unlike login which gets a cert). Adding tls:certSecret: does not help.
If I had secretName, I do get a cert from LetsEncrypt but back to the original problem: tls: first record does not look like a TLS handshake in Jumpstarter.
Should certs be obtained by ingresses (through secretName and annotations), then be used by Jumpstarter only, not ingresses which are supposed to do SSL passthrough?
from @david-baylibre:
I installed the operator from the repo dist/install.yaml, this is great, devs don't have to deal with Helm and permissions.
I can now have annotations on my ingresses.
However, I'm getting errors when enabling cert-manager with Let'sEncrypt, it tries to get a cert for the local domain:
On the ingress side, it does not try to get a cert because secretName is missing (unlike login which gets a cert). Adding tls:certSecret: does not help.
If I had secretName, I do get a cert from LetsEncrypt but back to the original problem: tls: first record does not look like a TLS handshake in Jumpstarter.
Should certs be obtained by ingresses (through secretName and annotations), then be used by Jumpstarter only, not ingresses which are supposed to do SSL passthrough?