Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ingresses don't get an IP, when spec.tls[].secretName is missing - 2.8.x #3711

Closed
1 task done
drdkmkkr opened this issue Mar 9, 2023 · 1 comment · Fixed by #3719
Closed
1 task done

Ingresses don't get an IP, when spec.tls[].secretName is missing - 2.8.x #3711

drdkmkkr opened this issue Mar 9, 2023 · 1 comment · Fixed by #3719
Assignees
@randmonkey
Labels
bug Something isn't working
Milestone
KIC v2.9.0

Comments

@drdkmkkr
Copy link

drdkmkkr commented Mar 9, 2023
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Ingresses don't get an IP, when spec.tls[].secretName is missing.
No apparent error is logged regarding this.

But when spec.tls[].secretName is defined, the ingress get an IP assigned.

Expected Behavior

Ingresses do not require spec.tls[].secretName to be defined.

Prior to 2.8.x, it was possible to use the default certificate by defining following to Kong (tested in 2.7.0)

env:
  ssl_cert: /etc/secrets/.../tls.crt
  ssl_cert_key: /etc/secrets/.../tls.key

And then we didn't need to define spec.tls[].secretName in all ingresses.

Steps To Reproduce

  1. Add an ingress with spec.tls[].hosts[] = host, like:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tls-example-ingress
  annotations:
    kubernetes.io/ingress.class: kong
spec:
  tls:
  - hosts:
      - https-example.foo.com
  rules:
  - host: https-example.foo.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service1
            port:
              number: 80
  1. See no IP is provided for the ingress
  2. Now add spec.tls[].secretName = secretName, like
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tls-example-ingress
  annotations:
    kubernetes.io/ingress.class: kong
spec:
  tls:
  - hosts:
      - https-example.foo.com
    secretName: testsecret-tls # This is new
  rules:
  - host: https-example.foo.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service1
            port:
              number: 80
  1. See an IP now is provided for the ingress

Kong Ingress Controller version

v2.8.x

Kubernetes version

1.24

Anything else?

No response
@drdkmkkr drdkmkkr added the bug Something isn't working label Mar 9, 2023
@randmonkey randmonkey self-assigned this Mar 14, 2023
@randmonkey randmonkey mentioned this issue Mar 14, 2023
Merged
1 task
@randmonkey
Copy link
Contributor

randmonkey commented Mar 14, 2023
edited
Loading

Thanks for submitting the bug. This will not affect configurations in Kong, and you can still use this ingress. We will fix it in #3719, which is expected to be included in KIC 2.9.

@randmonkey randmonkey added this to the KIC v2.9.0 milestone Mar 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@randmonkey randmonkey

Labels
bug Something isn't working
Projects
None yet
Milestone
KIC v2.9.0
Development

Successfully merging a pull request may close this issue.

fix: do not update secret when tls.secretName is empty Kong/kubernetes-ingress-controller
2 participants
@randmonkey @drdkmkkr