Clarification about how to renew the certificate for kubero UI

[robotex82]

I just installed kubero with kubero install on digital ocean. When accessing the kubero ui i get a certificate warning and the certificate shows as "Kubernetes Ingress Controller Fake Certificate".

I didn't want to file this as a bug, as i think this could be fixed by reissuing the certificate. So, for me this is a clarification about how to renew the certificate for the kubero UI. What do you think about adding this to the documentation?

Thanks in advance!

Roberto

[mms-gianni]

Hey Roberto

Great to have you here.

The certs are issued by cert-manager. This is a third party controller https://cert-manager.io/

When running kubero debug you should see a similar output.

The cert-manager will expose a temporary ingress with a single pod in the kubero namespace.

[robotex82]

It looks like the cert manager is missing. any way to get it up and running?

[mms-gianni]

This might fix it:

kubero install -c certmanager

But it might depend on which Provider(Kind, Linode ... ) you are running your instance.

[robotex82]

It tells me that it is already installed:

Is there any way to deinstall it or to force a reinstall without having to delete the whole cluster? Sorry if this question is answered somewhere else. i've been googling and looking at the docs but wasn't able to find something about it.

[mms-gianni]

Just delete the cert-manager namespace.

[robotex82]

I tried reinstalling the whole cluster, cert manager or just restarting the pods. I cant seem to get it to work.

My cname record with my-domain.de and *.my-domain.de is pointing at the public ip address of the load balancer at digital ocean.

The installation looks like this. Am i doing this right?

❯ KUBECONFIG=./cluster-1-kubeconfig.yaml kubero install
No config file found; using defaults
Error while loading credentialsConfig file: Config File "credentials" Not Found in "[/etc/kubero /home/robo/.kubero]"

  Check for required binaries
✓ kubectl is installed
⚠ kind is not installed (only required if you want to install a local kind cluster)
⚠ gcloud is not installed (only required if you want to install a GKE cluster)

  Steps to install kubero:
    1. Create a kubernetes cluster (optional)
    2. Install the OLM (optional)
    3. Install the kubero operator (required)
    4. Install the ingress controller (required)
    5. Install the metrics server (optional, but recommended)
    6. Install the cert-manager (optional)
    7. Install the monitoring stack (optional, but recommended)
    8. Install the kubero UI (optional, but highly recommended)
    9. Write the kubero CLI config

? 1) Create a kubernetes cluster [y,n] y : n
Kubernetes control plane is running at https://<wahtever>.k8s.ondigitalocean.com
CoreDNS is running at https://<whatever>.k8s.ondigitalocean.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

CURRENT   NAME                        CLUSTER                     AUTHINFO                          NAMESPACE
*         do-fra1-foo-cluster-1   do-fra1-foo-cluster-1   do-fra1-foo-cluster-1-admin   


? Is the CURRENT cluster the one you wish to install Kubero? [y,n] y : y

? 2) Install OLM [y,n] n : y

? Select OLM version v0.30.0
  run command : kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.30.0/olm.yaml
✓ OLM CRDs installed sucessfully
  run command : kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.30.0/olm.yaml
✓ OLM installed sucessfully
  run command : kubectl wait --for=condition=available deployment/olm-operator -n olm --timeout=180s
✓ OLM is ready
  run command : kubectl wait --for=condition=available deployment/catalog-operator -n olm --timeout=180s
✓ OLM Catalog is ready

  3) Install Kubero Operator
  run command : kubectl apply -f https://operatorhub.io/install/kubero-operator.yaml
✓ Kubero Operator installed sucessfully

? 4) Install Ingress [y,n] y : y

? Which cluster type have you installed? digitalocean

? Provider [kind, aws, baremetal, cloud(Azure,Google,Oracle,Linode), do(digital ocean), exoscale, scw(scaleway)] do
  run command : kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/do/deploy.yaml
✓ Ingress installed sucessfully

? 5) Install Kubernetes internal metrics service (required for HPA, Horizontal Pod Autoscaling) [y,n] y : y
✓ Metrics server installed

? 6) Install SSL Certmanager [y,n] y : y
  run command : kubectl create -f https://operatorhub.io/install/cert-manager.yaml
✓ Cert Manager installed
  run command : kubectl wait --for=condition=available deployment/cert-manager-webhook -n cert-manager --timeout=180s -n operators
  This might take a while. Time enough for a joke:
  Chuck Norris's first program was kill -9.       
  Each hair in Chuck Norris's beard contributes to make the world's largest DDOS.       
  Chuck Norris can retrieve anything from /dev/null.       
  Chuck Norris programs do not accept input.       
✓ Cert Manager is ready

? 6.1) Letsencrypt ACME contact email  [email protected] : [email protected]

? 6.2) Clusterissuer Name  letsencrypt-prod : 
✓ Cert Manager Cluster Issuer created

? 7) Enable longterm metrics [y/n] y : y
✓ Namespace kubero created

? 7.1) Create local Prometheus instance [y/n] y : y
  run command : kubectl apply -n kubero -f https://raw.githubusercontent.com/kubero-dev/kubero-operator/main/config/samples/application_v1alpha1_kuberoprometheus.yaml
✓ Prometheus installed sucessfully

? 7.2) Enable Kubemetrtics [y/n] y : y
  run command : kubectl patch kuberoes kubero -n kubero --type=merge
✓ Metrics enabled sucessfully

? 9) Install Kubero UI [y,n] y : y
✓ Namespace kubero exists

? Random string for your webhook secret  <whatever> :

? Random string for your session key  <whatever> :

? Admin User  admin : admin

? Admin Password <whatever> :

? Random string for admin API token  <whatever> :

? Configure Github [y,n] y : n

? Configure Gitea [y,n] n : n

? Configure Gogs [y,n] n : n

? Configure Gitlab [y,n] n : n

? Configure Bitbucket [y,n] n : n
✓ Kubero Secret created

? Kuberi UI Domain  kubero.localhost : my-domain.de

? URL to which the webhooks should be sent (localhost fails with GitHub)  https://my-domain.de/api/repo/webhooks : 

? Enable SSL for the Kubero UI [y/n] y : y

? Kubero UI Clusterissuer  letsencrypt-prod : 

? Enable Buildpipeline for Kubero (BETA) [y/n] n : y

? Create a local Registry for Kubero [y/n] n : y

? Registry storage size  10Gi : 

? Registry storage class do-block-storage

? Registry [registry.kubero.mydomain.com]  : registry.kubero.my-domain.de

? Subpath (optional)  [example/foo/bar]  : 

? Registry username  admin : 

? Registry password  <whatever> : 

? Enable Audit Logging [y/n] n : y

? Auditlogs storage class do-block-storage

? Prometheus URL  http://kubero-prometheus-server : 

? Enable Console Access to running containers [y/n] y : y
✓ Kubero UI installed
✓ Kubero UI is ready

? 10) Write the Kubero CLI config [y,n] n : y

? Kubero Host adress  http://my-domain.de: : 

? Kubero Token  <whatever> : 
{Api:{Url:http://my-domain.de: Token:<whatever>}}
⚠ make sure your DNS is pointing to your Kubernetes cluster


    ,--. ,--.        ,--.
    |  .'   /,--.,--.|  |-.  ,---. ,--.--. ,---.
    |  .   ' |  ||  || .-. '| .-. :|  .--'| .-. |
    |  |\   \'  ''  '| '-' |\   --.|  |   ' '-' '
    '--' '--' '----'  '---'  '----''--'    '---'

    Documentation:
    https://docs.kubero.dev
    

    Your Kubero UI :
    URL : https://my-domain.de:
    User: admin
    Pass: <whatever>
	


    Done - you can now login to your Kubero UI

i can access the admin panel at https://my-domain.de, but with the given certificate warning.