My domain is: iconverse-k8s.taiger.io 1
I spin up a single-node k8s cluster with ingress and AWS Route53. The https works in the beginning but after several rounds of CI/CD/system reboots, it stops to work and try to dig around for the root cause of the problem. Here are my configurations:
It produced this output:
E0325 08:56:20.831639 1 controller.go:186] orders controller: Re-queuing item "default/iconverse-k8s.tls-1171866450" due to error processing: error creating new order: acme: urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many certificates already issued for exact set of domains: iconverse-k8s.taiger.io: see https://letsencrypt.org/docs/rate-limits/
How to automate the saving of the issued certificate, check the presence of it (If present, use it, not present resubmit request)? This is what I do:
kubectl create namespace cert-manager kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/00-crds.yaml kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/cert-manager.yaml kubectl apply -f ssl-issuer.yml
How to use that saved cert external to the container?
How to manage the 2 sources of cert here between the saved and the cert manager daemon?
How would the cert manager know the presence of an externally saved cert and stop requesting for a new one unless that cert has expired?