Closed 40107854 closed 1 week ago
@40107854: This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
The obvious reasons new TLS may not work is ;
Post the information that has relevance to the HTTPS request like ;
openssl s_client -connect
Probelm happened 2 years ago and there is no update so closing the issue.
/close
@longwuyuan: Closing this issue.
Hello team,
We have seen a problem as ssl cert of nginx ingress controller got expired recently and we renewed the ssl cert and deleted the existing tls secret and created the new tls secret . But the ingress controller is not accepting the tls certificate. Attaching the logfile here. Our Architecture is we have 1. Micro frontends and 2. Micro backends and 3. App Service (UI) & 4. Azure APIM (Api's).
Micro front ends and backend microservices in AKS cluster (not private) in different name spaces and both have different ssl certs. request flow is from internet request goes to AppGW (App service listens) --> AKS AppGW (micro front end listens) --> Azure APIM (Api) --> Ingress Controller (Backend Micro services) --> Cosmos DB.
Previously everything working fine, after ssl cert expired recently and we got new ssl cert and i have created the new tls secret (with same old secret name, deleted and created new ). But this time its not working.
I see that there is no problem with the frontend or backend pods, i checked the logs. ingress-controller.log
below is the ingress controller deployment yaml. ingress-controller.log
Please edit the object below. Lines beginning with a '#' will be ignored,
and an empty file will abort the edit. If an error occurs while saving this file will be
reopened with the relevant failures.
# apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "3" meta.helm.sh/release-name: ingress-nginx meta.helm.sh/release-namespace: ingress-basic creationTimestamp: "2022-12-21T12:08:18Z" generation: 3 labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 name: ingress-nginx-controller namespace: ingress-basic resourceVersion: "190221415" uid: f47d5957-298c-4d54-81d8-ed27866c3c80 spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx spec: containers:
Initially i used helm chart to deployed ingress controller followed this link. https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli. ut after that i have seen nginx version compatibility to kubernetes version in the link https://github.com/kubernetes/ingress-nginx & https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/
and i have update the image version v1.5.1 to v1.0.0-alpha.2 as our aks kubernetes version is 1.22.15.
The command i used to create kubernetes secret is below
kubectl create secret tls --cert --key -n
ingress-controller.log
please check and help us asap, its production cluster we are facing issues with from 1 week.