This message was deleted.
# generals
sparse-intern-71089
05/25/2021, 12:39 AMThis message was deleted.
b
billowy-army-68599
05/25/2021, 12:48 AM
cert manager is sorta complex, so it could be quite a few things unfortunately 😞
billowy-army-68599
05/25/2021, 12:48 AM
these examples aren't really tailored for a multi ingress environment
billowy-army-68599
05/25/2021, 12:54 AM
can you share more code, perhaps?
f
fresh-hospital-81544
05/25/2021, 1:21 AMThanks for the fast reply
Copy code
export function deployIngress(commonName: string, namespace: k8s.core.v1.Namespace, provider: k8s.Provider, webhookSvc: k8s.core.v1.Service) {
// =============================================================================
// Deploy the Nginx Ingress Controller.
// =============================================================================
const wildcardName = `*.${commonName}`;
const nginxName = pulumi.interpolate `nginx-${namespace.metadata.name}`;
const namespaceName = namespace.metadata.name;
const nginxSvcNsName = pulumi.interpolate `${namespaceName}/${nginxName}`;
const nginx = nginxName.apply(nginxName => new k8s.helm.v3.Chart(nginxName,
{
namespace: namespaceName,
chart: "ingress-nginx",
version: "3.4.1",
fetchOpts: {repo: "<https://kubernetes.github.io/ingress-nginx>"},
values: {
controller: {
publishService: {enabled: true, pathOverride: nginxSvcNsName},
service: {enabled: false},
admissionWebhooks: {enabled: false},
},
},
},
{provider: provider},
));
// Create a LoadBalancer Service for the NGINX Deployment
const labels = nginxName.apply((nginxName)=>
{return {
"<http://app.kubernetes.io/instance|app.kubernetes.io/instance>": nginxName,
"<http://app.kubernetes.io/component|app.kubernetes.io/component>": "controller",
"<http://app.kubernetes.io/name|app.kubernetes.io/name>": "ingress-nginx"
}});
const nginxSvc = pulumi.all([nginxName,labels]).apply(([nginxName, labels]) => new k8s.core.v1.Service(nginxName,
{
metadata: {labels, namespace: namespaceName, name: nginxName},
spec: {
type: "LoadBalancer",
ports: [{name:"https", port: 443, targetPort: "https"}],
selector: labels,
},
},{provider: provider}
));
const lbEndpoint = nginxSvc.status.loadBalancer.ingress.apply(ingress => ingress[0].hostname);
// =============================================================================
// Create a cert-manager Issuer and Certificate for the Demo App to use.
// =============================================================================
// Deploy cert-manager using the DNS provider in the ACME challenge
// for the R53 hosted zones.
const regionName = pulumi.output(aws.getRegion({}, {async: true})).name;
const certMgrName = pulumi.interpolate `cert-manager-${namespaceName}`;
const secretName = config.get("tlsCertificateName") || "letsencrypt-cert"
// Create a Issuer for cert-manager in the namespace.
const issuer = certMgrName.apply(certMgrName => new certmgr.crds.certmanager.v1.Issuer(certMgrName, {
metadata: {name: certMgrName, namespace: namespaceName, annotations: {"webhook": webhookSvc.id}},
spec: {
acme: {
server: acmeServerUrl,
email: acmeEmail,
privateKeySecretRef: {
name: issuerKeySecretName,
},
solvers: [{
selector: {
dnsZones: [wildcardName],
},
dns01: {
route53: {
region: regionName,
},
},
}],
}
},
}, {provider: provider}));
const certificate = certMgrName.apply(certMgrName => new certmgr.crds.certmanager.v1.Certificate(certMgrName, {
metadata: {namespace: namespaceName},
spec: {
secretName:secretName,
commonName: commonName,
dnsNames: [wildcardName, commonName],
issuerRef: {name: certMgrName, kind: issuer.kind},
},
}, {provider: provider}));
return {
endpoint: lbEndpoint,
secretName: secretName
};
}"<http://app.kubernetes.io/instance|app.kubernetes.io/instance>": nginxNamefresh-hospital-81544
05/25/2021, 1:24 AMand then add the routes like this
Copy code
// Add routes
const ingress = new k8s.networking.v1.Ingress("global-ingress",
{
metadata: { namespace: args.ns.metadata.name,
annotations: {"<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "nginx"},
},
spec: {
tls: [
{
hosts: [wildcardZone],
secretName: lbInfo.secretName,
},
],
rules: args.services.map((service) => {
return {
host: `${service.subdomainName}.${dnsZone}`,
http: {
paths: [{
path: "/",
pathType: "Prefix",
backend: {
service: {
name: service.serviceName,
port: {name: "http"}
}
}
}],
},
}
})
}
},
{provider: args.k8sProvider},
);fresh-hospital-81544
05/25/2021, 1:30 AMna, still stuck with
Failed to determine a valid solver13 Views