Add tolerations or label on resolvers

26 views
Skip to first unread message

Thomas Bétrancourt

unread,
Jun 11, 2019, 3:52:26 PM6/11/19
to cert-manager-dev
Hi,

I've a k3s cluster composed by:
  • 1 master on CentOS 7 (x86_64)
  • X nodes on Raspberry Pi 3 (arm)
Currently, i'm not able to sign Lets Encrypt certificates because cm-http-solver image is not available on arm. I would like to add toleration to execute solver on my master (by adding NoSchedule toleration).

I saw a PR which has just be merged to master there are 2 hours ago (https://github.com/jetstack/cert-manager/issues/1097).

How can I test it on my cluster?

Thanks for your support!

Thomas Bétrancourt

unread,
Jun 11, 2019, 6:07:19 PM6/11/19
to cert-manager-dev
I tried to use this version by editing my deployments and the image version:

[admin@k3s-master resources.yaml]$ grep image: 03-cert-manager.yaml 
[admin@k3s-master resources.yaml]$ 

I also created a clusterissuer like that:

kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    email: ***@***.net
    privateKeySecretRef:
      name: letsencrypt-staging-key
      namespace: cert-manager
    solvers:
    - http01:
        podTemplate:
          metadata:
            namespace: cert-manager
          spec:
            nodeSelector:
              kubernetes.io/arch: amd64
            tolerations:
              - key: "node-role.kubernetes.io/master"
                operator: "Exists"
                effect: "NoSchedule"

With this code, i'm expecting that my cm-acme-http-solver pods are deployed on my master node but not.

What am i missing?

James Munnelly

unread,
Jul 9, 2019, 7:43:31 AM7/9/19
to cert-manager-dev
Support for tolerations, nodeSelectors and affinity was only very recently merged in #1803.

If you update your manifests to use the newly release v0.9.0-alpha.0 release, your configuration should work!

Thomas Bétrancourt

unread,
Jul 9, 2019, 9:38:01 AM7/9/19
to cert-manager-dev
Thanks you James for your message.

I've updated my configuration to use this version and now it works well.

Could you tell me here when this fix will be released in a stable version?

Thanks a lot.

Regards,
Thomas
Reply all
Reply to author
Forward
0 new messages