Hi, I have followed the code from here <https://gi...
# general
f
Hi, I have followed the code from here https://github.com/pulumi/cert-manager-examples to facilitate certs adding certs to a particular namespace. Everything works as expected. Now I am trying to add another ingress in a different namespace using a different subdomnain; the subdomains follow a pattern like this
*.<http://working.domain.com|working.domain.com>
and
*.<http://notworking.domain.com|notworking.domain.com>
The first issue I ran into was the clusterrole already existed and this was causing pulumi to fail. I fixed this by changing this line https://github.com/pulumi/cert-manager-examples/blob/master/examples/letsencrypt/index.ts#L56 so that
nginxName
is unqiue. this allows pulumi to successfully run but then I end up with the following error when describing the
<http://orders.acme.cert-manager.io|orders.acme.cert-manager.io>
that gets created
Copy code
Warning  Solver  31s   cert-manager  Failed to determine a valid solver configuration for the set of domains on the Order: no configured challenge solvers can be used for this challenge
Any clues about what other changes might be required in order to make this work would be great? Thanks
b
cert manager is sorta complex, so it could be quite a few things unfortunately 😞
these examples aren't really tailored for a multi ingress environment
can you share more code, perhaps?
f
Thanks for the fast reply
Copy code
export function deployIngress(commonName: string, namespace: k8s.core.v1.Namespace, provider: k8s.Provider, webhookSvc: k8s.core.v1.Service) {

    // =============================================================================
    // Deploy the Nginx Ingress Controller.
    // =============================================================================
    const wildcardName = `*.${commonName}`;
    const nginxName = pulumi.interpolate `nginx-${namespace.metadata.name}`;
    const namespaceName = namespace.metadata.name;
    const nginxSvcNsName = pulumi.interpolate `${namespaceName}/${nginxName}`;

    const nginx = nginxName.apply(nginxName => new k8s.helm.v3.Chart(nginxName,
        {
            namespace: namespaceName,
            chart: "ingress-nginx",
            version: "3.4.1",
            fetchOpts: {repo: "<https://kubernetes.github.io/ingress-nginx>"},
            values: {
                controller: {
                    publishService: {enabled: true, pathOverride: nginxSvcNsName},
                    service: {enabled: false},
                    admissionWebhooks: {enabled: false},
                },
            },
        },
        {provider: provider},
    ));

    // Create a LoadBalancer Service for the NGINX Deployment
    const labels = nginxName.apply((nginxName)=>
        {return {
            "<http://app.kubernetes.io/instance|app.kubernetes.io/instance>": nginxName,
            "<http://app.kubernetes.io/component|app.kubernetes.io/component>": "controller", 
            "<http://app.kubernetes.io/name|app.kubernetes.io/name>": "ingress-nginx"
        }});
    const nginxSvc = pulumi.all([nginxName,labels]).apply(([nginxName, labels]) => new k8s.core.v1.Service(nginxName,
        {
            metadata: {labels, namespace: namespaceName, name: nginxName},
            spec: {
                type: "LoadBalancer",
                ports: [{name:"https", port: 443, targetPort: "https"}],
                selector: labels,
            },
        },{provider: provider}
    ));
    const lbEndpoint = nginxSvc.status.loadBalancer.ingress.apply(ingress => ingress[0].hostname);

    // =============================================================================
    // Create a cert-manager Issuer and Certificate for the Demo App to use.
    // =============================================================================

    // Deploy cert-manager using the DNS provider in the ACME challenge
    // for the R53 hosted zones.
    const regionName = pulumi.output(aws.getRegion({}, {async: true})).name;
    const certMgrName = pulumi.interpolate `cert-manager-${namespaceName}`;
    const secretName = config.get("tlsCertificateName") || "letsencrypt-cert"

    // Create a Issuer for cert-manager in the namespace.
    const issuer = certMgrName.apply(certMgrName => new certmgr.crds.certmanager.v1.Issuer(certMgrName, {
        metadata: {name: certMgrName, namespace: namespaceName, annotations: {"webhook": webhookSvc.id}},
        spec: {
            acme: {
                server: acmeServerUrl,
                email: acmeEmail,
                privateKeySecretRef: {
                    name: issuerKeySecretName,
                },
                solvers: [{
                    selector: {
                        dnsZones: [wildcardName],

                    },
                    dns01: {
                        route53: {
                            region: regionName,
                        },
                    },
                }],
            }
        },
    }, {provider: provider}));

    const certificate = certMgrName.apply(certMgrName => new certmgr.crds.certmanager.v1.Certificate(certMgrName, {
        metadata: {namespace: namespaceName},
        spec: {
            secretName:secretName,
            commonName: commonName,
            dnsNames: [wildcardName, commonName],
            issuerRef: {name: certMgrName, kind: issuer.kind},
        },
    }, {provider: provider}));

    return {
        endpoint: lbEndpoint,
        secretName: secretName
    };
}
I have just added the line
"<http://app.kubernetes.io/instance|app.kubernetes.io/instance>": nginxName
redeploying now to see if that fixes it
and then add the routes like this
Copy code
// Add routes
    const ingress = new k8s.networking.v1.Ingress("global-ingress",
        {
            metadata: { namespace: args.ns.metadata.name,
                annotations: {"<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "nginx"},
            },
            spec: {
                tls: [
                    {
                        hosts: [wildcardZone],
                        secretName: lbInfo.secretName,
                    },
                ],
                rules: args.services.map((service) => {
                    return {
                        host: `${service.subdomainName}.${dnsZone}`,
                        http: {
                            paths: [{
                                path: "/",
                                pathType: "Prefix",
                                backend: {
                                    service: {
                                        name: service.serviceName, 
                                        port: {name: "http"}
                                    }
                                }
                            }],
                        },
                    }
                })
            }
        },
        {provider: args.k8sProvider},
    );
na, still stuck with
Failed to determine a valid solver