-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cert-manager v1.5.4 don't recognize the AGIC ingressClassName as valid #4547
Comments
Thanks for opening the issue and pointing this out. In cert-manager When cert-manager's ingress-shim component creates a temporary You might be able to work around the invalid class name issue by setting a different class name, but it looks like AGIC does not yet respect the It looks like that the support for the |
From our side, we might need to add some more documentation around the change in v1.5.4 |
Hi @irbekrm: Thanks for your quick reply and explanations. Now I can understand what is happening, I think we can use cert-manger v1.5.3 until AGIC supports the v1 |
You can either do this or use the |
Hi @irbekrm:
I tried the use of |
Thank you to everyone else in this thread as it helped me find the issue with my own AGIC / cert-manager / Kubernetes version issue. I am running Kubernetes v1.21.2 with AGIC v1.4.0 with cert-manager v1.6.1. I reached this version combo for a series of reasons. I too ran afoul of the issue with cert-manager implementing API |
Hello, @jgregorcmh I am glad this thread has helped you to solve your issues with AGIC and cert-manager.
Good to know your comments about cert-manager v1.6.1. I don't upgrade to that version because AGIC v1.4.0 doesn't have full support for the apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-agic
annotations:
kubernetes.io/ingress.class: azure/application-gateway
cert-manager.io/cluster-issuer: letsencrypt-production
cert-manager.io/acme-challenge-type: http01
appgw.ingress.kubernetes.io/ssl-redirect: "true"
# cert-manager modifies that Ingress rather than creating a new one, this is required with cert-manager v1.5.4 and AGIC v1.4.0
# see: https://github.com/jetstack/cert-manager/issues/4547
acme.cert-manager.io/http01-edit-in-place: "true" |
Also running Kubernetes v1.21.2 with AGIC v1.4.0 with cert-manager v1.6.1 I changed my solvers:
- http01:
ingress:
# class: azure/application-gateway
ingressTemplate:
metadata:
annotations:
kubernetes.io/ingress.class: azure/application-gateway This avoids the need to put annotations on the ingress |
When we configure the Application Gateway Ingress Controller (AGIC) with cert-manager integration, the AGIC ingressClassName is not recognized as valid (Ingress.extensions "cm-acme-http-solver-ftmpn" is invalid: spec.ingressClassName: Invalid value: "azure/application-gateway").
Error details:
Environment details:
I tested cert-manager version 1.4.3 and version 1.5.3 and works as expected.
My ClusterIssuer is defined as:
I noted for cert-manager version 1.5.4 if I modify
http01.ingress.class
tohttp01.ingress.name
in theClusterIssuer
definition works, e.g.:For now, I am using cert-manager v1.5.3 to select the ingress definitions by their class name.
The text was updated successfully, but these errors were encountered: