Hi, I have followed the code from here <https://gi...
# general
Hi, I have followed the code from here https://github.com/pulumi/cert-manager-examples to facilitate certs adding certs to a particular namespace. Everything works as expected. Now I am trying to add another ingress in a different namespace using a different subdomnain; the subdomains follow a pattern like this
The first issue I ran into was the clusterrole already existed and this was causing pulumi to fail. I fixed this by changing this line https://github.com/pulumi/cert-manager-examples/blob/master/examples/letsencrypt/index.ts#L56 so that
is unqiue. this allows pulumi to successfully run but then I end up with the following error when describing the
that gets created
Copy code
Warning  Solver  31s   cert-manager  Failed to determine a valid solver configuration for the set of domains on the Order: no configured challenge solvers can be used for this challenge
Any clues about what other changes might be required in order to make this work would be great? Thanks
cert manager is sorta complex, so it could be quite a few things unfortunately 😞
these examples aren't really tailored for a multi ingress environment
can you share more code, perhaps?
Thanks for the fast reply
Copy code
export function deployIngress(commonName: string, namespace: k8s.core.v1.Namespace, provider: k8s.Provider, webhookSvc: k8s.core.v1.Service) {

    // =============================================================================
    // Deploy the Nginx Ingress Controller.
    // =============================================================================
    const wildcardName = `*.${commonName}`;
    const nginxName = pulumi.interpolate `nginx-${namespace.metadata.name}`;
    const namespaceName = namespace.metadata.name;
    const nginxSvcNsName = pulumi.interpolate `${namespaceName}/${nginxName}`;

    const nginx = nginxName.apply(nginxName => new k8s.helm.v3.Chart(nginxName,
            namespace: namespaceName,
            chart: "ingress-nginx",
            version: "3.4.1",
            fetchOpts: {repo: "<https://kubernetes.github.io/ingress-nginx>"},
            values: {
                controller: {
                    publishService: {enabled: true, pathOverride: nginxSvcNsName},
                    service: {enabled: false},
                    admissionWebhooks: {enabled: false},
        {provider: provider},

    // Create a LoadBalancer Service for the NGINX Deployment
    const labels = nginxName.apply((nginxName)=>
        {return {
            "<http://app.kubernetes.io/instance|app.kubernetes.io/instance>": nginxName,
            "<http://app.kubernetes.io/component|app.kubernetes.io/component>": "controller", 
            "<http://app.kubernetes.io/name|app.kubernetes.io/name>": "ingress-nginx"
    const nginxSvc = pulumi.all([nginxName,labels]).apply(([nginxName, labels]) => new k8s.core.v1.Service(nginxName,
            metadata: {labels, namespace: namespaceName, name: nginxName},
            spec: {
                type: "LoadBalancer",
                ports: [{name:"https", port: 443, targetPort: "https"}],
                selector: labels,
        },{provider: provider}
    const lbEndpoint = nginxSvc.status.loadBalancer.ingress.apply(ingress => ingress[0].hostname);

    // =============================================================================
    // Create a cert-manager Issuer and Certificate for the Demo App to use.
    // =============================================================================

    // Deploy cert-manager using the DNS provider in the ACME challenge
    // for the R53 hosted zones.
    const regionName = pulumi.output(aws.getRegion({}, {async: true})).name;
    const certMgrName = pulumi.interpolate `cert-manager-${namespaceName}`;
    const secretName = config.get("tlsCertificateName") || "letsencrypt-cert"

    // Create a Issuer for cert-manager in the namespace.
    const issuer = certMgrName.apply(certMgrName => new certmgr.crds.certmanager.v1.Issuer(certMgrName, {
        metadata: {name: certMgrName, namespace: namespaceName, annotations: {"webhook": webhookSvc.id}},
        spec: {
            acme: {
                server: acmeServerUrl,
                email: acmeEmail,
                privateKeySecretRef: {
                    name: issuerKeySecretName,
                solvers: [{
                    selector: {
                        dnsZones: [wildcardName],

                    dns01: {
                        route53: {
                            region: regionName,
    }, {provider: provider}));

    const certificate = certMgrName.apply(certMgrName => new certmgr.crds.certmanager.v1.Certificate(certMgrName, {
        metadata: {namespace: namespaceName},
        spec: {
            commonName: commonName,
            dnsNames: [wildcardName, commonName],
            issuerRef: {name: certMgrName, kind: issuer.kind},
    }, {provider: provider}));

    return {
        endpoint: lbEndpoint,
        secretName: secretName
I have just added the line
"<http://app.kubernetes.io/instance|app.kubernetes.io/instance>": nginxName
redeploying now to see if that fixes it
and then add the routes like this
Copy code
// Add routes
    const ingress = new k8s.networking.v1.Ingress("global-ingress",
            metadata: { namespace: args.ns.metadata.name,
                annotations: {"<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "nginx"},
            spec: {
                tls: [
                        hosts: [wildcardZone],
                        secretName: lbInfo.secretName,
                rules: args.services.map((service) => {
                    return {
                        host: `${service.subdomainName}.${dnsZone}`,
                        http: {
                            paths: [{
                                path: "/",
                                pathType: "Prefix",
                                backend: {
                                    service: {
                                        name: service.serviceName, 
                                        port: {name: "http"}
        {provider: args.k8sProvider},
na, still stuck with
Failed to determine a valid solver