kubernetes SSL sample not working #47
Description
Followed instruction from this readme:
https://github.com/GoogleCloudPlatform/endpoints-samples/tree/master/k8s/dns-ssl-kube-lego
CLUSTER_NAME=endpoints-dns-sample
CLUSTER_ZONE="us-west1-a"
gcloud services enable container.googleapis.com
gcloud container clusters create ${CLUSTER_NAME} --zone=${CLUSTER_ZONE} --num-nodes=3
gcloud container clusters get-credentials ${CLUSTER_NAME} --zone=${CLUSTER_ZONE}
git clone https://github.com/GoogleCloudPlatform/endpoints-samples.git
cd endpoints-samples/k8s/dns-ssl-kube-lego
deploy.sh
Enter your email address (for Let's Encrypt to send certificate expiration notifications): name@comany.com
Deploying KubeLego in the kube-lego namespace
namespace "kube-lego" created
configmap "kube-lego" created
deployment "kube-lego" created
Enter the project ID: my-project-name
Deploying Kubernetes Ingress
namespace "echo" created
ingress "echo-ingress" created
Waiting for Ingress public IP address...
NAME HOSTS ADDRESS PORTS AGE
echo-ingress echo.endpoints.my-project-name.cloud.goog 80, 443 1s
NAME HOSTS ADDRESS PORTS AGE
echo-ingress echo.endpoints.my-project-name.cloud.goog 80, 443 8s
NAME HOSTS ADDRESS PORTS AGE
echo-ingress echo.endpoints.my-project-name.cloud.goog 80, 443 15s
NAME HOSTS ADDRESS PORTS AGE
echo-ingress echo.endpoints.my-project-name.cloud.goog 80, 443 22s
NAME HOSTS ADDRESS PORTS AGE
echo-ingress echo.endpoints.my-project-name.cloud.goog 80, 443 29s
NAME HOSTS ADDRESS PORTS AGE
echo-ingress echo.endpoints.my-project-name.cloud.goog 80, 443 36s
NAME HOSTS ADDRESS PORTS AGE
echo-ingress echo.endpoints.my-project-name.cloud.goog 80, 443 43s
NAME HOSTS ADDRESS PORTS AGE
echo-ingress echo.endpoints.my-project-name.cloud.goog 35.227.214.24 80, 443 49s
Ingress IP address : 35.227.214.24
Deploying Endpoints service configuration
Waiting for async operation operations/serviceConfigs.echo.endpoints.my-project-name.cloud.goog:381266e9-c515-44f1-9019-dfa6f9c834c5 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud endpoints operations describe operations/serviceConfigs.echo.endpoints.my-project-name.cloud.goog:381266e9-c515-44f1-9019-dfa6f9c834c5
Waiting for async operation operations/rollouts.echo.endpoints.my-project-name.cloud.goog:961f109c-11e5-47e5-b347-40b68b6af17c to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud endpoints operations describe operations/rollouts.echo.endpoints.my-project-name.cloud.goog:961f109c-11e5-47e5-b347-40b68b6af17c
Service Configuration [2018-05-25r4] uploaded for service [echo.endpoints.my-project-name.cloud.goog]
To manage your API, go to: https://console.cloud.google.com/endpoints/api/echo.endpoints.my-project-name.cloud.goog/overview?project=my-project-name
Deploying the echo backend
service "echo-service" created
deployment "echo-backend" created
In a few minutes, https://echo.endpoints.my-project-name.cloud.goog should be provisioned with a Let's Encrypt certificate
Waited fro 30mins
The HTTP endpoint is working but HTTPS is not
dig echo.endpoints.${PROJECT_ID}.cloud.goog
;; ANSWER SECTION:
echo.endpoints.my-project-name.cloud.goog. 59 IN A xxx.yyy.zzz.aaa
curl http://echo.endpoints.${PROJECT_ID}.cloud.goog/.well-known/acme-challenge/_selftest
{
"code": 5,
"message": "Method does not exist.",
"details": [
{
"@type": "type.googleapis.com/google.rpc.DebugInfo",
"stackEntries": [],
"detail": "service_control"
}
]
}
kubectl --namespace=echo get secret echo-tls
Error from server (NotFound): secrets "echo-tls" not found
kubectl logs kube-lego-7dcvc89cb5-fbm5k --namespace kube-lego
E0525 16:56:28.842756 1 reflector.go:201] github.com/jetstack/kube-lego/pkg/kubelego/watch.go:112: Failed to list *v1beta1.Ingress: ingresses.extensions is forbidden: User "system:serv
iceaccount:kube-lego:default" cannot list ingresses.extensions at the cluster scope: Unknown user "system:serviceaccount:kube-lego:default"