Closed kfarr closed 6 months ago
@tanfarming Can you add your thoughts to this PR? Just confirming with @kfarr's report that users often run into this issue as they are configuring certs for the first time.
I remember you helped me with these instructions as I was initially testing...
kubectl -n hcce edit deploy haproxy find the --default-ssl-certificate=
/cert-hcce line, delete the line, save and exit the editor
Would @kfarr's fix help things or should we just add a step to remove the default cert when getting started?
CC @Doginal
haproxy's default cert is a fallback option and it is required before a custom cert's provided, this change will break haproxy and hence hcce until a correctly named custom certs' are added.
the $HUB_DOMAIN
cert is configured on the ingress rule, it takes precedence over the default cert configuration when a cert with it's name is available
i think what fixed the issue is not the change itself but rather that it forced a respawn of haproxy pods
on the instruction of find the --default-ssl-certificate=/cert-hcce line, delete the line, save and exit the editor
, if i remembered correctly it was an attempt to force haproxy to immediatly use the $HUB_DOMAIN
See https://github.com/mozilla/hubs-cloud/issues/322