I have a problem during the installation of an Issuer inside GKE. I follow this guide https://cert-manager.io/docs/tutorials/acme/nginx-ingress/#step-5---deploy-cert-manager.
My steps were:
After this I try to install cert-manager in two ways:
Error: INSTALLATION FAILED: failed post-install: timed out waiting for the conditionkubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml and everything was okayAfter all that I create the file issuer.yaml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: [email protected]
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
ingressClassName: nginx
and run kubectl apply -f issuer.yaml and receive the following error:
Error from server (InternalError): error when creating "issuer.yaml":
Internal error occurred: failed calling webhook "webhook.cert-manager.io":
failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s":
tls: failed to verify certificate: x509: certificate signed by unknown authority
I follow the guide step-by-step, am I missing something?
EDIT 27/11/2023
I create a non autopilot cluster on GKE and everything seems works ok, the problem is that I need an autopilot cluster and not a classical one.
Finally I found that the problem was the autopilot-cluster, for a mechanism that I don't know, the nginx-controller, plus cert-manager with let's encrypt and the autopilot cluster not work together.
I create an autopilot cluster, a GCE ingress and for the certificate now I'm using a managed-cert created by google