Cert-manager jupyterhub in Kubernetes

xil · May 20, 2024, 11:02am

I have installed JupyterHub in a Kubernetes instance using the helm chart. Everything is working except the automatic provisioning of a certificate with cert-manager and letsencrypt.

I have configured the proxy as ClusterIp, and the ingress configuration is as follows:


ingress:
  enabled: true
  annotations: # {}
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/tls-acme: "true"
  hosts:
    - myhost.domain.name
  pathSuffix:
  pathType: Prefix
  tls:
    - hosts:
      - myhost.domain.name
      secretName: jupyter-secret

Nevertheless, the validation of the domain from letsencrypt doesn’t work. Reviewing the logs, the HTTP-01 challenge request reaches the Jupyterhub proxy instead of the “cm-acme-http-solver” pod.

This is the list of pods:

# kubectl get pods -o wide -n jupyter-gti
NAME                              READY   STATUS    RESTARTS   AGE     IP            NODE     NOMINATED NODE   READINESS GATES
cm-acme-http-solver-w4rg7         1/1     Running   0          2d12h   10.85.5.37    esx05    <none>
<none>
continuous-image-puller-bjg9n     1/1     Running   0          30d     10.85.7.45    dell01   <none>
<none>
continuous-image-puller-gc5wx     1/1     Running   0          30d     10.85.1.138   esx01    <none>
<none>
continuous-image-puller-jqw4s     1/1     Running   0          30d     10.85.3.63    esx03    <none>
<none>
continuous-image-puller-l98nd     1/1     Running   0          30d     10.85.6.109   dell02   <none>
<none>
continuous-image-puller-n2zqm     1/1     Running   0          30d     10.85.2.195   esx02    <none>
<none>
continuous-image-puller-r5jr2     1/1     Running   0          30d     10.85.8.41    asus     <none>
<none>
continuous-image-puller-wg6pc     1/1     Running   0          30d     10.85.4.120   esx04    <none>
<none>
continuous-image-puller-xj2qg     1/1     Running   0          30d     10.85.5.240   esx05    <none>
<none>
hub-86c9577799-4kkvt              1/1     Running   0          2d12h   10.85.5.38    esx05    <none>
<none>
proxy-56854f57bb-l7ndw            1/1     Running   0          2d12h   10.85.5.36    esx05    <none>
<none>
user-scheduler-668fbd59d7-56v85   1/1     Running   0          30d     10.85.3.64    esx03    <none>
<none>
user-scheduler-668fbd59d7-s5gpz   1/1     Running   0          30d     10.85.5.242   esx05    <none>
<none>

The logs of the “hub” pod include the HTTP-01 challenge request:

[I 2024-05-20 10:59:33.066 JupyterHub log:191] 302 GET /.well-known/acme-challenge/YT1tH6ewlD9-SyAY_7ouADpSG8fEOoA_VK_jSgPc9vY -> /hub/.well-known/acme-challenge/YT1tH6ewlD9-SyAY_7ouADpSG8fEOoA_VK_jSgPc9vY (@10.85.2.0) 0.95ms
[W 2024-05-20 10:59:33.110 JupyterHub log:191] 404 GET /hub/.well-known/acme-challenge/YT1tH6ewlD9-SyAY_7ouADpSG8fEOoA_VK_jSgPc9vY (@10.85.2.0) 1.23ms

Am I missing something in the configuration?

Thanks!

Topic		Replies	Views
Not able to setup HTTPS on jupyterhub on kubernetes Zero to JupyterHub on Kubernetes	2	745	January 18, 2021
Enable https with nginx-ingress, cert-manager and letsencrypt Zero to JupyterHub on Kubernetes	2	1203	August 21, 2020
HTTPS with Let's Encrypt on JupyterHub in Kubernetes Zero to JupyterHub on Kubernetes	5	3581	July 23, 2019
Letsencrypt autohttps Failure in GKE Deployment Zero to JupyterHub on Kubernetes help-wanted	3	609	February 28, 2021
K8, Helm config.yaml for HTTPS, ngnix on Azure JupyterHub	0	98	May 3, 2024

Cert-manager jupyterhub in Kubernetes

Related topics