Plugin error in dbless mode

[sergerad]

I am trying to configure the plugin on Kong deployed on K8s (dbless).

Ingress Controller logs show this error:

W0611 03:39:27.962669       1 queue.go:112] requeuing kong/acme, err posting new config to /config: 400 Bad Request {"fields":{"plugins":[null,null,null,null,{"route":"value must be null"}]},"name":"invalid declarative configuration","code":14,"message":"declarative config is invalid: {plugins={[5]={route=\"value must be null\"}}}"}

Trying to hit the acme route produces 503:

serge@Serges-MacBook-Pro infrastructure % curl -XGET -I kongtroller.projectmin.org/.well-known/acme-challenge/x                                                                 [NORMAL]
HTTP/1.1 503 Service Temporarily Unavailable
Date: Thu, 11 Jun 2020 03:39:40 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Content-Length: 58
X-Kong-Response-Latency: 0
Server: kong/2.0.4

KongPlugin CR looks like this:

$ kubectl describe kongplugins/acme                                                                                                     
Name:         acme
Namespace:    kong
Labels:       <none>
Annotations:  API Version:  configuration.konghq.com/v1
Config:
  account_email:  serge@edgeworx.io
  Domains:
    kongtroller.projectmin.org
    api.projectmin.org
    guardian-api.projectmin.org
  tos_accepted:  true
Kind:            KongPlugin

Relevant ingress looks like this:

$ kubectl describe ingress/acme                                                                                                         
Name:             acme
Namespace:        kong
Address:          40.64.105.12
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                        Path  Backends
  ----                        ----  --------
  kongtroller.projectmin.org  
                              /.well-known/acme-challenge   acme-dummy:80 (<none>)
Annotations:                  konghq.com/plugins: acme

Ingress points to this svc (selector pointing to nothing)

$ kubectl describe svc/acme-dummy                                                                                                       
Name:              acme-dummy
Namespace:         kong
Labels:            <none>
Annotations:       Selector:  app=acme-dummy
Type:              ClusterIP
IP:                10.0.183.153
Port:              <unset>  9999/TCP
TargetPort:        9999/TCP
Endpoints:         <none>
Session Affinity:  None
Events:            <none>

[fffonion]

Hi @SergeRadinovich according to {plugins={[5]={route=\"value must be null\"}}}"} looks like you are attaching this plugin to a specific route. However this plugin can only be used as a global plugin at present.

[sergerad]

Thanks for the response.

Am I right in assuming all I have to do is kubectl apply -f the following yaml for the plugin to be working globally?

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: acme
plugin: acme
config:
  domains:
  - kongtroller.projectmin.org
  - api.projectmin.org
  - guardian-api.projectmin.org
  tos_accepted: true
  account_email: serge@edgeworx.io

[sergerad]

Without the annotation the logs show this when trying to make the acme dummy ingress

W0611 06:31:15.177197       1 parser.go:1617] service kong/acme-dummy does not have any active endpoints
I0611 06:31:15.178356       1 kong.go:68] no configuration change, skipping sync to Kong

Do I need to make a deployment that the svc points to? Or make another svc type? This is not documented I believe.

[sergerad]

Found that the plugin is not required for setting up HTTPs on K8s Kong as per this guide:

https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/guides/cert-manager.md

Had an issue relating to the ClusterIssuer