Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not set certificate for tls-acme: false Ingress unless there is one #2795

Open
Schnitzel opened this issue Aug 3, 2021 · 1 comment
Open

do not set certificate for tls-acme: false Ingress unless there is one #2795

Schnitzel opened this issue Aug 3, 2021 · 1 comment
Labels
2-build-deploy Build & Deploy subsystem bug

Comments

@Schnitzel
Copy link
Contributor

No description provided.

@smlx
Copy link
Member

smlx commented Aug 4, 2021
edited
Loading

The reason for this is that it causes extra work for the ingress controller since it has to check for the secret, realise it is missing, log an error message, and then use the default certificate.

We need to only reference the TLS secret in the ingress if it already exists or will be created by cert-manager. So only if:

  • it already exists in the namespace; or
  • tls-acme: true

Maybe we should also consider removing an existing secret if tls-acme: false, and the secret is an ACME cert?

@seanhamlin seanhamlin mentioned this issue Sep 14, 2023
Closed
@seanhamlin seanhamlin added bug 2-build-deploy Build & Deploy subsystem labels Jul 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2-build-deploy Build & Deploy subsystem bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Schnitzel @smlx @seanhamlin