Does not work with the nginx-ingress-controller:0.9.0-betaX version

jetstack / kube-lego

DEPRECATED: Automatically request certificates for Kubernetes Ingress resources from Let's Encrypt

Apache License 2.0

2.16k stars 267 forks source link

Does not work with the nginx-ingress-controller:0.9.0-betaX version #252

Closed guizmaii closed 6 years ago

guizmaii commented 6 years ago

Hello,

Just to report that kube-lego seems not to work with the 0.9.0-betaX version of the Nginx Ingress. The default certificate of the Nginx Ingress is never replaced by the fetched LetsEncrypt one.

capture d ecran 2017-09-01 12 11 52

cguethle commented 6 years ago

There have been ongoing issues with 0.9.0-beta with respect to certificates from kube-lego. Primarily, the nginx ingress requires a restart to load the newly secured cert. Have you tried restarting your ingress containers? What beta version are you working with? There have been numerous attempts to address it over the course of the beta version. Not sure if 12 is working yet or not.

guizmaii commented 6 years ago

I tested with the 0.9.0-beta12: not working.

Have you tried restarting your ingress containers? => No. Nginx already reloads its configuration automatically (maybe because kube-lego asks, I don't know), no ? It's what I can observe with the 0.8.3 version of Nginx Ingress.

aledbf commented 6 years ago

Where are you running.and which kubernetes version you are using?

El 1 sep. 2017 11:06 AM, "Jules Ivanic" notifications@github.com escribió:

I tested with the 0.9.0-beta12: not working.

Have you tried restarting your ingress containers? => No. Nginx already reload its configuration automatically (maybe because kube-lego ask, I don't know), no ? It's what I can observe with the 0.8.3 version of Nginx Ingress.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jetstack/kube-lego/issues/252#issuecomment-326589428, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJ3I23ZLToByQv_qy6XO-gQrmtwwVRRks5seA9SgaJpZM4PJ9tr .

cguethle commented 6 years ago

Nginx already reload its configuration automatically (maybe because kube-lego ask, I don't know), no ?

I believe this is where the failure is/has been.

guizmaii commented 6 years ago

Where are you running.and which kubernetes version you are using?

GKE with K8s 1.7.3

munnerz commented 6 years ago

kube-lego itself does not 'tell' the ingress controller to reload it's config. It's the responsibility of nginx-ingress to watch the secrets referenced in Ingress resources for changes, and upon change, reload config.

It seems there was a regression somewhere in the nginx-ingress 0.9.0-betaX release cycle, which as far as I was aware was fixed, however perhaps not.

The corresponding issue on the nginx-ingress repository is here: https://github.com/kubernetes/ingress/issues/1263

I'd suggest adding a comment to that Issue, and reopening it if it is re-occurring with the latest beta. I'm going to close this issue as it's not a bug on the kube-lego side of things, but thanks for reporting it anyway! 😄