Error on using cross namespace tls secret.

[a180285]

Description of the problem

I want to reuse a tls secret from another namespace, instead of copy tls to new namespaces.

But when I try to create following ingress. I got an Error

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test
  namespace: default
spec:
  tls:
    - hosts:
        - test.abc.com
      secretName: ns1/abc.com-tls
  rules:
    - host: test.abc.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: test
                port:
                  number: 80

The Ingress "test" is invalid: spec.tls[0].secretName: Invalid value: "ns1/abc.com-tls": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')

Environment information

HAProxy Ingress version: v0.14.4 k8s version: 1.25.2

Command-line options:

      image: quay.io/jcmoraisjr/haproxy-ingress:v0.14.4
      args:
        - '--configmap=ingress-controller-80/haproxy-ingress-80'
        - '--ingress-class=haproxy-80'
        - '--sort-backends'
        - '--allow-cross-namespace=true'

[a180285]

@jcmoraisjr Could you help give some tips on how to using secrets in other namespace. Does Haproxy-ingress support it. I read the doc, But didn't find more useful doc on how to use secrets in other namespace.

[jcmoraisjr]

This is a limitation added on ingress v1, unfortunately, which didn't exist in v1beta1, hence the current docs suggesting it. Maybe we need to add some config that allows one to assign hostnames and secrets in a more global way.