mailpit: Problem getting TLS to work on Ingress

[fhemberger]

Running helm install mailpit jouve/mailpit --values values.yaml with the following config:

ingress:
  enabled: true
  ingressClassName: "nginx-ingress-controller"
  hostname: "mail.example.domain"
  tls: true

The Ingress resource generated looks like this, no TLS config gets rendered:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    meta.helm.sh/release-name: mailpit
    meta.helm.sh/release-namespace: default
  creationTimestamp: "2024-01-30T14:44:26Z"
  generation: 1
  labels:
    app.kubernetes.io/instance: mailpit
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: mailpit
    app.kubernetes.io/version: v1.13.0
    helm.sh/chart: mailpit-0.13.0
  name: mailpit
  namespace: default
  resourceVersion: "2111429"
  uid: ef91e520-e519-4d85-b312-84c77b19564a
spec:
  ingressClassName: nginx-ingress-controller
  rules:
  - host: mail.example.domain
    http:
      paths:
      - backend:
          service:
            name: mailpit-http
            port:
              name: http
        path: /
        pathType: ImplementationSpecific
status:
  loadBalancer:
    ingress:
    - ip: xxx.xxx.xxx.xxx

[jouve]

indeed, with the current behaviour & only ingress.tls: true, the chart expects that cert-manager annotations are configured (charts/mailpit/templates/ingress.yaml#L38).

Is your use-case something like nginx default ssl cert ?

The default certificate will also be used for ingress tls: sections that do not have a secretName option.

In the meantime, you can use something like

ingress:
  extraTLS: |
    - hosts:
        - {{ .Values.ingress.hostname | quote }}

[fhemberger]

Sorry, it's been a long day and I'm stupid. 😂