You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened: Certificates generated by the self-signing issuer don't work with Nginx and Nginx Ingress Controller. Here are the logs from the Nginx Ingress Controller:
What you expected to happen:
The self signed certificate to work with Nginx.
How to reproduce it (as minimally and precisely as possible):
Generate a certificate with the self-signing ClusterIssuer
Use the generated secret as TLS secret in an Nginx Ingress
Anything else we need to know?:
The problem seems to come from the fact that the cert manger tries to bundle the CA with the certificate, even if the certificate is self-signed. The result is an empty CA certificate, like this one:
Same here. I'm actually using the nghttpx Ingress controller (here: https://github.com/zlabjp/nghttpx-ingress-lb), but it behaves exactly the same way. Removing the empty begin/end blocks from the secret is sufficient for it to work.
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
What happened: Certificates generated by the self-signing issuer don't work with Nginx and Nginx Ingress Controller. Here are the logs from the Nginx Ingress Controller:
What you expected to happen:
The self signed certificate to work with Nginx.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
The problem seems to come from the fact that the cert manger tries to bundle the CA with the certificate, even if the certificate is self-signed. The result is an empty CA certificate, like this one:
When I tried to remove the empty certificate and tested it manually with an Nginx instance, then it worked:
Environment:
kubectl version
):The text was updated successfully, but these errors were encountered: