Closed nikhiljindal closed 6 years ago
It was always failing because we were comparing the whole cert object, which contains both the cert and the key. But on fetching the existing cert from GCP, we get only the cert. key is write only.
Sent https://github.com/GoogleCloudPlatform/k8s-multicluster-ingress/pull/139 to update the code to compare the cert only, which is what ingress-gce controller does as well.
Now that #139 is merged, the generic case is fixed. Also updated the e2e test to verify that.
There is still an error when user updates the secret and expects the SSL cert to be updated. Filed https://github.com/GoogleCloudPlatform/k8s-multicluster-ingress/issues/141 for that.
Related to https://github.com/GoogleCloudPlatform/k8s-multicluster-ingress/issues/124
Force update fails for HTTPS ingresses with SSL certs as deleting the SSL cert fails with "resource already in use". SSL cert is linked to from the target proxy. So we cant just delete and recreate it. We will also need to update the target proxy.
This issue exists only for SSL certs since it does not support an update operation and hence we need to delete and recreate.