Open ramilmsh opened 4 months ago
I just ran into this issue and was able to address it by removing group: core
from the certificateRefs
block. For example,
tls:
mode: Terminate
certificateRefs:
- name: example-com-tls
# group: core # either don't provide the group or leave it empty (empty string)
Per the error in the original issue #6196:
... Listener "https" is invalid, err: You specified {Group: core, Kind: Secret} in the certificate reference, {Group: , Kind: Secret} are the supported values.
you can see that the Gateway implementation doesn't know what the "core" Group is, but does recognize the "" Group.
Also, per the gateway-api spec:
type SecretObjectReference struct {
// Group is the group of the referent. For example, "gateway.networking.k8s.io".
// When unspecified or empty string, core API group is inferred.
//
// +optional
// +kubebuilder:default=""
Group *Group `json:"group"`
...
}
the "core" API group is inferred by effectively leaving the group undefined. I assume this is because the core
API group name is ""
under the hood.
Perhaps Gateway implementations are inconsistent, but it might be worth updating the Annotated Gateway resource docs to indicate that the group
should be empty for certain Gateways (e.g., Kong).
Environment:
Re-opening #6196 as it is still relevant.
All details are identical. Not using ManagedCertificate