search

cert-manager / cert-manager

Automatically provision and manage TLS certificates in Kubernetes
https://cert-manager.io
Apache License 2.0
12.82k stars 2.21k forks source link

After uninstalling cert-manager, ingress resources can still only be accessed via https #7717

Open pptfz opened 3 weeks ago

pptfz commented 3 weeks ago

cert-manager version:v1.17.2

install ns:devops

Install using the following command

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.17.2 \
  --set crds.enabled=true

The current problem

In another ns, the access to ingress resources has all been changed to https. If http is accessed, only the nginx test page can be accessed. Why is that

For example, in the monitor command space, all ingress can only be accessed via https. Accessing http is the nginx test page

k -n monitor get ingress
NAME                      CLASS    HOSTS                      ADDRESS     PORTS     AGE
alertmanager              nginx    alertmanager.ops.com       localhost   80        19d
grafana                   <none>   grafana.ops.com            localhost   80        20d
k -n monitor get ingress grafana -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    meta.helm.sh/release-name: grafana
    meta.helm.sh/release-namespace: monitor
  creationTimestamp: "2025-04-08T10:47:02Z"
  generation: 1
  labels:
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: grafana
    app.kubernetes.io/version: 11.6.0
    helm.sh/chart: grafana-8.11.3
  name: grafana
  namespace: monitor
  resourceVersion: "638483"
  uid: 24667a78-a9da-4ee8-a5b2-366f0b33245f
spec:
  rules:
  - host: grafana.ops.com
    http:
      paths:
      - backend:
          service:
            name: grafana
            port:
              number: 80
        path: /
        pathType: Prefix
status:
  loadBalancer:
    ingress:
    - hostname: localhost

Accessing http is the nginx test page

Image

Only by accessing https is it possible

Image

It won't work even if I delete cert-manager

How should I solve this problem? Is it to restore grafana access through ingress 80 under the original monitor namespace

fadecore commented 2 weeks ago

Easy answer: Your topic has most likely nothing todo with cert-manager.

As long as you don't add relevant ingress annotations or define the tls part together with an extra certificate ressource you are simply not using cert-manager. Example from docs: https://cert-manager.io/docs/usage/ingress/

I couldn't get the problem correctly, but it looks like wrong ingress definitions in the first place.
If you open grafana via https in your browser - look at the certificate that is presented to you -> it is some ingress controller fake certificate, nothing that is provided by cert-manager.