Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop kube-lego for https #127

Closed
scottyhq opened this issue Mar 25, 2020 · 4 comments
Closed

Drop kube-lego for https #127

scottyhq opened this issue Mar 25, 2020 · 4 comments

Comments

@scottyhq
Copy link
Member

scottyhq commented Mar 25, 2020
edited
Loading

I'm trying to stand up a new binderhub on AWS and have been running into errors such as NET::ERR_CERT_AUTHORITY_INVALID

@jhamman and @TomAugspurger - I think we can get rid of kube-lego right? See jupyterhub/binderhub#1001 and new binderhub docs for enabling HTTPS https://binderhub.readthedocs.io/en/latest/https.html

pangeo-binder/pangeo-binder/values.yaml

Lines 179 to 186 in 9a4d7d9

kube-lego:
config:
LEGO_EMAIL: jhamman@ucar.edu
LEGO_URL: https://acme-v01.api.letsencrypt.org/directory
rbac:
create: true
image:
tag: 0.1.7

kubectl logs binder-prod-kube-lego-574687f898-gvwpl -n binder-prod

time="2020-03-25T00:16:11Z" level=info msg="process certificate requests for ingresses" context=kubelego
time="2020-03-25T00:16:11Z" level=info msg="no cert associated with ingress" context=ingress_tls name=jupyterhub namespace=binder-prod
time="2020-03-25T00:16:11Z" level=info msg="requesting certificate for hub.aws-test-binder.pangeo.io" context=ingress_tls name=jupyterhub namespace=binder-prod
time="2020-03-25T00:16:11Z" level=error msg="Error while processing certificate requests: 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details." context=kubelego
time="2020-03-25T00:16:11Z" level=error msg="worker: error processing item, requeuing after rate limit: 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details." context=kubelego

Also the PR that did away with kube-lego on jupyterhub jupyterhub/zero-to-jupyterhub-k8s#1539
@TomAugspurger
Copy link
Member

I don't know. I'm happy to trust you on this one :)

@jhamman
Copy link
Member

jhamman commented Mar 25, 2020

I don't think the binderhub chart has deprecated kubelego yet:

https://github.com/jupyterhub/mybinder.org-deploy/blob/7bfe17be11dabd912389fddc7d4ee2c0508bc342/mybinder/values.yaml#L321-L328

and

https://github.com/jupyterhub/binderhub/blob/b21f341c956f01f4243db227e935d6cf87ce230b/helm-chart/binderhub/values.yaml#L184

May be worth reading over this one: jupyterhub/binderhub#676

@scottyhq
Copy link
Member Author

@jhamman - have a look at jupyterhub/mybinder.org-deploy#1148. I'm unable to get a new deployment to work with kube-lego https. Perhaps it is still working for existing deployments.

@scottyhq scottyhq mentioned this issue Mar 25, 2020
Merged
@consideRatio consideRatio mentioned this issue Apr 11, 2020
Open
@salvis2
Copy link
Member

salvis2 commented Oct 14, 2020

This has been implemented! Dropped from staging in 95f5fba#diff-5bfe3ca89def45bb24e8da7ae2c44583412fe127e22160678d38991f98d32423 and prod in dd5f490#diff-5bfe3ca89def45bb24e8da7ae2c44583412fe127e22160678d38991f98d32423

@salvis2 salvis2 closed this as completed Oct 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@TomAugspurger @jhamman @scottyhq @salvis2