Comments (10)
Unfortunately, you might have hit the weekly certificate renewal rate limit: https://letsencrypt.org/docs/rate-limits. You'll probably need to wait until next week, or you can use the staging server (with a higher rate limit but the browser will throw a warning).
from kube-linode.
So, if I use a different domain this won't be an issue?
from kube-linode.
Yes the rate limit is per domain.
from kube-linode.
What about my second issue? Do you have an example/sample deployment.
I'm trying to use a single cluster as a staging environment. So, I'll need to create deployments on the fly that work with the treafik (and SSL) to do:
project1.example.com
project2.example.com
Along with all the others created.
I would also like to know how I can deploy in this cluster another domain so if I have project1.example.com I can deploy project1.com (assuming I'll have to create another SSL/TLS).
from kube-linode.
If you look in the manifests folder (for example alertmanager / kubernetes dashboard) you can see how the ingress for those subdomains are deployed.
If you want to serve another domain, you can create corresponding A and CNAME records in the linode dns manager to your new domain pointing to the master node ip, then create a corresponding ingress pointing to the new domain (see https://kubernetes.io/docs/concepts/services-networking/ingress/)
from kube-linode.
I looked at the example for alertmanager and created a deployment but when I did I got the ERR_SSL_PROTOCOL_ERROR
for the new subdomain. At that time all the other subdomains created by script were still working.
When I compare my Ingress I noticed I was missing:
annotations:
kubernetes.io/ingress.class: "traefik"
Is this required? Also are the RoleBinding
s required?
from kube-linode.
You've probably hit the rate limit, the certificate issuing is on demand once an ingress is created. Technically I think you would be fine without that annotation since I've made Traefik the default ingress controller, but it helps in case another ingress controller is deployed. (see https://docs.traefik.io/user-guide/kubernetes/). Yes it's required for access control (see https://kubernetes.io/docs/admin/authorization/rbac/)
from kube-linode.
Same issue here, I get an ERR_SSL_PROTOCOL_ERROR in Chrome. If I port forward Traefik's pod's 8080 port to localhost, I can see it's dashboard, but I can't access any other service (Grafana, kube dashboard etc.). How could I debug deeper? Thank you!
EDIT: I also tried via plain HTTP, but it redirects to HTTPS by default. Any way to disable auto redirect? HTTP would be fine for me as my setup is just for testing and educational purposes. Thanks once more!
from kube-linode.
@pmjohann, could you look at the traefik ingress controller pod logs to see what is happening when the certificate is being created? Not sure if it is the same issue as with #72. To support plain http, you'll need to remove the redirect
[entryPoints.http.redirect]
entryPoint = "https"
in traefik.yaml in the manifests folder (see the Traefik documentation for more details).
The error might be related to the recent TLS-SNI vulnerability (https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996). I'm going to try to see if I can work around this if it is indeed the error, and not due to hitting the rate limit.
from kube-linode.
Ok can confirm that this is an issue, it shows up as "ERR_SSL_PROTOCOL_ERROR" on Chrome, and "SSL_ERROR_INTERNAL_ERROR_ALERT" on Firefox. Closing this issue in favor of #72 since it is a duplicate one.
from kube-linode.
Related Issues (20)
- Kubernetes 1.10
- Private networking question HOT 5
- Stuck on Enter Linode API Key - Urgent Help Needed HOT 13
- SSL_ERROR_INTERNAL_ERROR_ALERT on Ingress services HOT 13
- Allow user to specify SSH key(s) to use
- Clairify what email is used for
- Verify contents of downloaded files
- Validate SSH host keys
- Try out OpenEBS
- Make email address optional HOT 1
- Prompt before deleting any files on teardown HOT 2
- Add a new ssh key HOT 2
- Hangs at "Installing CoreOS" with no PRIVATE_IP for legacy accounts HOT 3
- Let user choose to reuse old settings / create new cluster with new settings
- Guide for arch linux installation - install.sh missing HOT 2
- Old kubernetes version is deployed HOT 1
- Question: Kube Linode Backups? HOT 1
- Issue with rook provisioning HOT 5
- No Config Profile provided HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-linode.