Invalid certificate for binderhub #21
Comments
ltetrel
added
bug
|
Related to this issue : |
|
This seems to be related to this : |
|
This issue prevent binderhub from creating new users : |
|
Important documentation on lets encrypt limit rate, which could explain our certificate issue : |
|
What I used so far to replace |
|
external IP from |
|
@anibalsolon gave me some details, thanks to him ! He will try following this tuto : |
|
Here was the reply I got from Darne Boss (compute canada). Basically he is saying that the Load balancer cannot work on carbutus instances: |
|
Interesting. So from my understanding, it is not possible from within the Kubernetes? Even with nginx load balancer. |
|
@anibalsolon that's kinda the solution, deploying an external load balancer and placing it in front of the k8 BinderHub cluster. We just cannot describe this in config files, it won't work out of the box because the OpenStack API available to CC is missing the functionality. |
|
If I remember correctly, we also need to migrate from kube-lego to cert-manager. Yeah, @ltetrel already gave this a shot #21 (comment). |
|
usefull ressource that helped me for debugging k8s networking : https://www.digitalocean.com/community/tutorials/how-to-inspect-kubernetes-networking |
|
important reference if we don't have load balancer available: |
|
I gave metalb a brief try, after I saw it on one of the Gitter threads, could not get it running in the first try but would be a useful tool if CC is going to be the only option available. There was one more alternative to that, I’ll check my notes. |
|
On my side I read/try intensively load balancing on k8s last week. I had lot of exchanges with Darren from compute canada, trying to debug the current configuration.. |
|
On Arbutus or on the new OpenStack? Are you trying to debug the Helm Chart or the previous installation? P.S. I installed Metallb using helm (https://github.com/helm/charts/tree/master/stable/metallb) instead of using manifest, trying to avoid direct k8s interaction as much as possible. If you are using Helm, you can just add it as a dependency and it'll bring that up. |
|
On Arbutus, |
|
some additionnal clues on why |
|
Issue when trying to achieve the I think this is due to some cloudflare protections because I did a huge number of http request these weeks (every time I create a binderhub infrastructure). |
|
Arbutus? I was wondering if you gave it a try with the Helm chart (https://github.com/agahkarakuzu/neurolibre-helm) with your new settings? 😆I would not imagine that attempts would arouse DDoS attack suspicion on cloudfare's end. Crazy. |
|
You have other suggestions why this error ? |
|
I don’t think that I can have any with my questions unanswered. I did not run into any of these issues with the Helm chart I used. |
|
So this issue is finally resolved. I updated the instructions in consequence. |
|
It would be useful to summarize these issues in a blog post, to share with the mybinder community. |
|
Yeah good idea I was working on it |
|
Another issue came up with the cert-manage webhook: |
|
Issue with resolver: |
Sometimes, when destroying/creating an instance few times, we have a certificate error on the binderhub instance. As an effect we cannot use https..
The text was updated successfully, but these errors were encountered: