Hi, I'm trying to deploy a wildcard certificate with contour (*.example.com). I've read some guides like these: https://projectcontour.io/docs/master/httpproxy/ and https://projectcontour.io/guides/cert-manager/
**I've done the following steps:
I've created a secret tls as follows:
kubectl create secret tls wildcard-certificate-secret --key path_private_key --cert path_public_key -n projectcontour
Later, i've edited the configmap for contour and enable the fallback-certificate:
fallback-certificate:
name: wildcard-certificate-secret
namespace: projectcontour
I've created an TLSCertificateDelegation object:
apiVersion: projectcontour.io/v1
kind: TLSCertificateDelegation
metadata:
name: fallback-delegation-appstest
namespace: projectcontour
spec:
delegations:
- secretName: wildcard-certificate-secret
targetNamespaces:
- "*"
Plus, i've created the httpproxy object:
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: fallback-tls-app
namespace: app_namespace
spec:
virtualhost:
fqdn: app.example.com
tls:
secretName: projectcontour/wildcard-certificate-secret
enableFallbackCertificate: true
routes:
- services:
- name: app-svc
port: 8080
At last, i've created an ingress object:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: app-ingress
namespace: app_namespace
annotations:
kubernetes.io/ingress.class: contour
ingress.kubernetes.io/force-ssl-redirect: "true"
kubernetes.io/tls-acme: "true"
labels:
app: myapp
spec:
rules:
All the objects were created but, i can't connect via https. Is it expected that the httpproxy object return any status?
NAMESPACE NAME FQDN TLS SECRET STATUS STATUS DESCRIPTION
app_namespace httpproxy.projectcontour.io/fallback-tls-app app.example.com projectcontour/wilcard-certificate-secret
Can you suggest any idea?
Thank in advance for your support.
@jjimenezmont it sounds like you may be running into a couple of issues related to the fallback certificate feature: https://github.com/projectcontour/contour/pull/2723 (merged into master but not yet released) and https://github.com/projectcontour/contour/pull/2734 (not yet merged).
We'll have these fixes in the 1.7 release, which is scheduled to be out shortly.
@jjimenezmont, now that 1.7 is released, could you give this another try and see if your setup is working?
@jjimenezmont what do you get when you curl the url? Have you restarted Contour since applying the change to the configmap?
Hi,
I'm sorry for the late response. I was on holidays. I have updated to projectcontour v1.8 and it's working now:
vmware@ubuntugestion:~$ kubectl get httpproxy
NAME FQDN TLS SECRET STATUS STATUS DESCRIPTION
httpproxy-tls-test test.chie.junta-andalucia.es projectcontour/secret-wildcard-chie valid valid HTTPProxy
@youngnick
@jjimenezmont glad things are working now. I'll close this issue out but feel free to reach out again as needed.
Most helpful comment
Hi,
I'm sorry for the late response. I was on holidays. I have updated to projectcontour v1.8 and it's working now:
@youngnick