Zero-to-jupyterhub-k8s: kube-lego doesn't renew certificates
There seems to be a bug in kube-lego 0.1.6 (the default in the chart) that prevents it from actually renewing the certificate (see jetstack/kube-lego#338).
As a temporary workaround you can set the version of kube-lego in your values.yaml:
lego:
image:
tag: 0.1.7
Deploying this now and will make a PR if that goes well.
Has anyone else experienced this?
cc @gedankenstuecke
betatim
All 4 comments
Sounds like a good plan to me.
minrk
on 10 Oct 2018
Where in the attribute hierarchy should I put the lego branch? My current relevant setup is as follows.
hub:
cookieSecret: <SECRET1>
extraConfig:
c.KubeSpawner.singleuser_image_pull_secrets = <SECRET2>
proxy:
secretToken: <SECRET3>
type: ClusterIP
https:
enabled: true
type: letsencrypt
letsencrypt:
contactEmail: <E-MAIL>
hosts:
- <FQDN>
<... OTHER SETTINGS ...>
ablekh
on 4 Jan 2019
If you are using a chart from after https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/967 you shouldn't need to do anything.
If you are on a chart version from before that PR checkout https://github.com/wildtreetech/ohjh/pull/32
betatim
on 4 Jan 2019
@betatim I was using a chart before that PR and, not expecting such a quick reply (much appreciated!), just manually deleted relevant (autohttps) pod on the cluster in question. It fixed the issue. Will definitely use your approach for all upcoming clusters until z2jh chart switches to kube-lego v0.1.7. Happy New Year!
ablekh
on 4 Jan 2019
Related issues
consideRatio
路
4Comments
Boes-man
路
3Comments
tylere
路
4Comments
consideRatio
路
4Comments
consideRatio
路
3Comments