I am trying to use ssl with Rancher2.
I found this thread and tried to follow this tutorial https://www.youtube.com/watch?v=xc8Jg9ItDVk
I am completely struggling to just make a ClusterIssuer.
My clusterIssuer is the following one:
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-cluster-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: fakeemail@gmail.com
privateKeySecretRef:
name: letsencrypt-cluster-staging
http01: {}
Now when I do a describe I have the following error
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning ErrInitIssuer 16m (x12 over 18m) cert-manager Error initializing issuer: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
Warning ErrVerifyACMEAccount 6m (x16 over 18m) cert-manager Failed to verify ACME account: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
Warning ErrVerifyACMEAccount 3m cert-manager Failed to verify ACME account: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 10.43.0.10:53: dial udp 10.43.0.10:53: i/o timeout
Warning ErrInitIssuer 3m cert-manager Error initializing issuer: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 10.43.0.10:53: dial udp 10.43.0.10:53: i/o timeout
Warning ErrVerifyACMEAccount 30s (x2 over 17m) cert-manager Failed to verify ACME account: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
Warning ErrInitIssuer 30s (x2 over 17m) cert-manager Error initializing issuer: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
And if I try to do a wget in the cert-manager pod I have this error
wget https://acme-staging-v02.api.letsencrypt.org/directory
wget: bad address 'acme-staging-v02.api.letsencrypt.org'
It seems that the pod is not connected outside of the cluster so it can not access letsencrypt website. I dunno, I am work, I am pretty new to Rancher and Kubernetes so I am a bit struggling.
Should I use nodePort to connect outside of the cluster ? And so that the cert-manager gets access to the internet ?