Hi, I would like to tell you about the many empty requests Kubernetes sends to verify TLS certificates (with cert-manager). Kubernetes sends these requests every 10 seconds (I’m up to more than 150k requests per month), which I think is huge, even if the request is empty.
Why so many requests? And I would just like to know what happens if we block this request and if this to an incident.
Thank you,
Sincerely.
Hi @DamsDev, welcome to the Qovery community 
I think I understand your question but I am not sure about the context of it. Can you give me more context?
I manage my domain with Cloudflare and I noticed that there were many requests every day.
Moreover, these requests came from the United States and the content of my site is not intended for people living in the United States.
Cloudflare told me that most of its queries were empty.
So I decided to block his requests via Cloudflare’s built-in firewall, or rather to put a captcha for all his requests.
(Some images here : Imgur: The magic of the Internet)
I guess it’s coming from you because I never used Kubernetes and the ASN of the IP is coming from DigitalOcean, which is your hosting company (I think).
So I would like to know if I am blocking this kind of requests with Cloudflare captcha this to an incident or not, and just out of curiosity, I wanted to know why Kubernetes was checking in such a short time (10 seconds).
Thanks
Sincerely
Any clue @Pierre_Mavro @benjaminch ?
Hi @DamsDev ,
Cert-manager checks only when there is a request for a custom domain, not yet ready because of DNS not set with the correct value. So if you confirm that you’ve all the wished custom domains you wanted, then we’ll take a look.
If you confirm, can you please give your qovery url console to your project please.
Thanks
Hello @DamsDev,
Took a look at your case, I think you should not have anymore those cert-manager request (Can you confirm ?) it was due to your domain leyko.tk being not properly set-up.
P.S: Beware that if we receive a DMCA request from digital ocean regarding the content of your website, we will be required to terminate your website/application
Hello @Erebe,
yes I confirm that I am no longer receiving requests from the cert-manager. How did my domain get misconfigured?
P.S: this content will be modified in a few days, and is not intended to be public, just for some tests and demonstrations.
Thank you,
Sincerely.
How did my domain get misconfigured?
It was an issue on our side, we changed how we handle custom domain in order for it to be more stable/reliable. So nothing related to a mistake on your side