Open VWDude opened 10 months ago
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
Update: It seems like the update is fetched a day and some minutes later than expected:
So instead of the expected Nov 8. 5:14:33 GMT, the answer is fetched on Nov 9. 5:17:00 GMT...
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev
on Kubernetes Slack.
Any updates here?
Would be interesting to know since we are facing the same problem since we use this feature. We are restarting our ingress very regularly because of this which is kind of annoying...
What happened:
We are using ingress-nginx with the config value
"enable-ocsp": true
. In the beginning this works as expected, but the OCSP cache is not updated, when the response expires after 2 days: Taken from openssl response on 08.Nov.2023 13:53 GMT:What you expected to happen: OCSP cache is updated before the expiry and the response is still valid.
NGINX Ingress controller version:
Kubernetes version:
Environment:
Cloud provider or hardware configuration: Azure, AKS
OS : Alpine Linux v3.17
Kernel : 5.15.0-1042-azure
Install tools: -
Basic cluster related info: See above
How was the ingress-nginx-controller installed: -
Current State of the controller: -
Current state of ingress object, if applicable: -
Others: -
How to reproduce this issue: (Re-)Start Ingress-Nginx pods and wait until the OCSP response is expired.
Anything else we need to know: Certificate provider: QuoVadis
It seems like the OSCP response is refreshed some time after the expiry (like a day after the expiry). As we just detected this issue I don't have an exact time so far.