0

I have the following ingress in my .yaml file:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    kubernetes.io/ingress.global-static-ip-name: my-ip-1
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: nodeport-svc
          servicePort: 8080
      - path: /.well-known/acme-challenge/
        backend:
          serviceName: ssl-cert-svc
          servicePort: 8081

Default rule for paths on my website, website.com/* work fine through the nodeport-svc service.

I can't figure out how to route all child paths under /.well-known/acme-challenge/.

Files with random names will need to be accessible under /.well-known/acme-challenge/*,

eg. website.com/.well-known/acme-challenge/2480836013081364194169

Will
  • 101
  • 3

1 Answers1

0

If you are using the GLBC ingress the path should be like /.well-known/acme-challenge/*. As peer the documentation Here

Here an ingress example where you will specify your hostname and path to the challenge file for LetsEncrypt to verify the domain ownership.

Alioua
  • 381
  • 1
  • 8
  • I specifically tried this and was appalled it did not work. Perhaps, you are more familiar with older versions and things have changed? – Will Sep 26 '18 at 18:09
  • I should add, by "it did not work", it literally set up the path as "example.com/.well-known/acme-challenge/*" with the f***ing asterisk lol. And the webserver returned a 404 at that path, rightfully so. – Will Sep 26 '18 at 18:13
  • I modified my answer, I past an example that may help you – Alioua Sep 26 '18 at 18:29
  • That solves a different problem, @Alioua; adding a load balanced service under a single path. I came across that repository, and followed its recommendation to use its successor, https://github.com/jetstack/cert-manager/. After many hours, I was able to follow their docs to completion and obtain a regularly renewing ssl certificate. – Will Sep 26 '18 at 23:19
  • So, yo still have a problem now? – Alioua Sep 27 '18 at 17:36
  • ... no. I resorted to an entirely different solution to solve my problem, which as I said, is the successor to the deprecated one in the blog post you added in your answer. Besides, what you described does not work, because as I have mentioned already, I tried it and was appalled it did not work – Will Sep 27 '18 at 21:01