SSL issue: nginx controller not updating nginx.conf with new certs

[kerneljack]

I am using quay.io/aledbf/nginx-ingress-controller:0.187 and I can't see it picking up my new certificates in nginx.conf after I create the Secret. I can see my certificates in /ingress-controller/ssl:

# ls -l /ingress-controller/ssl/
total 20
-rw------- 1 root root 5207 Aug 29 15:25 default-mycert.pem
-rw------- 1 root root 2929 Aug 29 15:25 default-fake-certificate.pem
-rw------- 1 root root 5207 Aug 29 15:25 staging-mycert.pem

However I don't see any references to those certs (mycert.pem) in my /etc/nginx/nginx.conf file. All I can see is the default fake cert:

        ssl_certificate                         /ingress-controller/ssl/default-fake-certificate.pem;
        ssl_certificate_key                     /ingress-controller/ssl/default-fake-certificate.pem;

Is there some extra step that I'm missing here?

@aledbf can you help please?

[aledbf]

@kerneljack please update to quay.io/aledbf/nginx-ingress-controller:0.197
This image contains the next release

[kerneljack]

@aledbf ok, thanks. I've just done that and I'm now seeing the following:

I0829 15:39:16.217015       5 launch.go:109] &{NGINX 0.9.0-beta.12 git-a8bfdc24 https://github.com/aledbf/ingress}
I0829 15:39:16.217171       5 launch.go:112] Watching for ingress class: nginx
I0829 15:39:16.217443       5 launch.go:278] Creating API client for https://10.x.x.1:443
I0829 15:39:16.229768       5 nginx.go:173] starting NGINX process...
I0829 15:39:16.258637       5 launch.go:290] Running in Kubernetes Cluster version v1.7 (v1.7.3) - git (clean) commit 2c2fe6e8278a5db2d15a013987b53968c743f2a1 - platform linux/amd64
I0829 15:39:16.261251       5 launch.go:131] validated staging/default-http-backend as the default backend
I0829 15:39:16.266762       5 controller.go:1345] starting Ingress controller
I0829 15:39:16.272454       5 controller.go:183] ignoring add for ingress ing-foo based on annotation kubernetes.io/ingress.class with value gce
I0829 15:39:16.276250       5 event.go:218] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"staging", Name:"ing-myapp", UID:"ec2fecd0-8cc2-11e7-827f-42010a9a0006", APIVersion:"extensions", ResourceVersion:"579882", FieldPath:""}): type: 'Normal' reason: 'CREATE' Ingress staging/ing-myapp
I0829 15:39:16.367939       5 backend_ssl.go:58] adding secret default/mycert to the local store
I0829 15:39:16.370224       5 backend_ssl.go:58] adding secret staging/mycert to the local store
I0829 15:39:16.486557       5 controller.go:469] backend reload required
I0829 15:39:16.486900       5 metrics.go:34] changing prometheus collector from  to default
E0829 15:39:16.487591       5 template.go:615] expected an Ingress
I0829 15:39:16.504205       5 leaderelection.go:174] attempting to acquire leader lease...
I0829 15:39:16.511960       5 leaderelection.go:184] successfully acquired lease staging/ingress-controller-leader-nginx
E0829 15:39:16.532370       5 controller.go:474] unexpected failure restarting the backend:

-------------------------------------------------------------------------------
Error: exit status 1
2017/08/29 15:39:16 [emerg] 20#20: "client_max_body_size" directive invalid value in /tmp/nginx-cfg179858361:199
nginx: [emerg] "client_max_body_size" directive invalid value in /tmp/nginx-cfg179858361:199
nginx: configuration file /tmp/nginx-cfg179858361 test failed

-------------------------------------------------------------------------------
W0829 15:39:16.532587       5 queue.go:90] requeuing default/redis-redis, err
-------------------------------------------------------------------------------

[aledbf]

Closing. Fixed in master

[guizmaii]

Hi,

Is it fixed in the beta12 version ? Because I had this bug in my tests of kube-lego with beta12 (and beta11): jetstack/kube-lego#252 (comment)