qrpike
commented
6 years ago I also have this issue, would be so nice to have this working
Open xcompass opened 6 years ago
qrpike
commented
6 years ago I also have this issue, would be so nice to have this working
laurentgilly
commented
6 years ago same issue :-/
ebati
commented
6 years ago I can work on this issue, but i dont know why is TlsIgnoreDuplicatedSecrets necessary. Some pointers would be perfect.
xcompass
commented
6 years ago I think it tries to avoid to renew the same cert twice. However, when there are multiple ingresses using the same cert, instead of leaving one entry to renew, it just ignore all entries: https://github.com/jetstack/kube-lego/blob/master/pkg/kubelego/configure.go#L34.
I think the correct logic for the section above is to append one entry to output and ignore the rest.
Currently, certificates referenced by multiple ingress are ignored completely by this function: https://github.com/jetstack/kube-lego/blob/master/pkg/kubelego/configure.go#L11
My use case is: I have two services sharing the same domain but different path. One service requires basic auth and the other one requires no auth. So I can't use one ingress to implement this. I have to use two ingresses with the same host name. But this implementation will trigger the this issue in kube-lego so that the cert can't be renewed.
Any reason why the certs can't be renewed when shared?