Kubernetes Ingress SSL 证书无效

Question

I have migrated a django web application to kubernetes. For this application, I am running a service which can be accessed from a domain name. Following are the yaml files for my Service, Ingress and Certificate:-

Service:-

kind: Service
apiVersion: v1
metadata:
  name: app-service
  namespace: my-namespace
  labels:
    app: my-app
spec:
  type: ClusterIP
  selector:
    app: my-app
  ports:
  - protocol: TCP
    port: 8000
    targetPort: 8000

Ingress:-

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: app-ingress
  namespace: my-namespace
  annotations:
     kubernetes.io/ingress.class: nginx
     certmanager.k8s.io/acme-challenge-type: http01
     certmanager.k8s.io/cluster-issuer: letsencrypt-prod
     kubernetes.io/ingress.allow-http: "true"
     nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - host: abc
    http:
      paths:
      - path: /
        backend:
          serviceName: app-service
          servicePort: 8000
  tls:
    - secretName: sname
      hosts:
      - abc

Certificate:-

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: sname
  namespace: my-namespace
spec:
  secretName: sname
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
  - abc
  acme:
    config:
    - dns01:
        provider: route53
      domains:
      - abc

Note: abc is my company url.

When I try to open my django web app in the url I get the error as:

NET::ERR_CERT_AUTHORITY_INVALID Subject: Kubernetes Ingress Controller Fake Certificate

I have referred to Kubernetes Ingress SSL certificate post but it did not help. I would like to know if there is anything I am missing or anything which I have configured wrong.

When I try to run the command kubectl get ing -n my-namespace ; I don't see any address in the ingress.

Many Thanks!

Answer 1

Let's Encrypt, as every other CA, is not meant to obtain and won't deliver certificates for non public domains. abc is not public domain.