search

jetstack / kube-lego

DEPRECATED: Automatically request certificates for Kubernetes Ingress resources from Let's Encrypt
Apache License 2.0
2.16k stars 267 forks source link

NGINX ingress controller annotation changes #289

Closed DavidRouyer closed 6 years ago

DavidRouyer commented 6 years ago

As per https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.9.0-beta.18, the NGINX ingress controller will use the prefix "nginx.ingress.kubernetes.io" instead of "kubernetes.io" for "kubernetes.io/ingress.class".

See line https://github.com/jetstack/kube-lego/blob/784fc8fef5703665bd5f20ff65922ee038e09a95/pkg/kubelego_const/consts.go#L20

aledbf commented 6 years ago

@DavidRouyer the change in the prefix does not applies to the ingress.class annotation. This would break compatibility with other ingress controllers. I added a note about that in the release notes.

DavidRouyer commented 6 years ago

@aledbf yeah, it bugs me a lot. So maybe there is a bug with the new ingress controller? I've a shiny new Kubernetes cluster and I've declared my ingress controller like that:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  labels:
    k8s-app: nginx-ingress-controller
  namespace: kube-system
spec:
  replicas: 1
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-controller
      annotations:
        prometheus.io/port: '10254'
        prometheus.io/scrape: 'true'
    spec:
      # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration
      # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host
      # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used
      # like with kubeadm
      # hostNetwork: true
      terminationGracePeriodSeconds: 60
      containers:
      - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.18
        name: nginx-ingress-controller
        imagePullPolicy: Always
        readinessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
        livenessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          timeoutSeconds: 1
        ports:
        - containerPort: 80
          hostPort: 80
        - containerPort: 443
          hostPort: 443
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        args:
        - /nginx-ingress-controller
        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend

For the ingress controller to discover my ingresses, I have to add the annotation: nginx.ingress.kubernetes.io/ingress.class: "nginx" instead of kubernetes.io/ingress.class: "nginx". Same thing for the ingress created by kube-lego.