Open kimxogus opened 6 months ago
@kimxogus Thanks for reaching out and sending us detailed info about the problem you are facing with ACM certificates configuration in ingresses. We are planning to add a support for the alternative solution in v2.8.0. Will this alternative solution solve your problem?
Partially yes, but it's not a complete solution for us. We have ingresses with different configurations in several clusters. Managing those different ingress classes is not a happy situation for us too.
Good discussion. I am adding another use-case that is popping up for us: We are migrating from a set of ACM certs to another. The ACM certs in AWS (old and new) coexist for a while. Currently the controller will add all certificates to the load-balancers. For a smooth migration, we would like to set the new ACM certs on the controller. That would make the controller update all load-balancers and remove the old certs.
Only after removal of the old certs will the ACM become "unused", so that we can clean them up.
Yes, there is a workaround: configure each ingress with its cert, but that would require a lot of edits across code-bases an environments instead of specifying a list of valid ACM certs in a central place (for each environment once).
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
/remove-lifecycle rotten
Is your feature request related to a problem?
In our case, we have dozens of alb ingresses with a single amazon issued acm certificate. When we need to change acm certificates like expiration due to misconfiguration, changing domain subjects... etc, we have to apply or edit all the ingresses one by one.
Describe the solution you'd like
Describe alternatives you've considered
Maybe containing cert arn in the ingress class might be useful as an alternative.