andresmgot
commented
6 years ago Hi @ndarilek, right now the plugin is doing an HTTP UPDATE on the Ingress object that already exists. If cert-manager modifies that ingress object as well those changes may be erased. Is that the case? Does the ingress object changes after redeploying a function? (you can check it executing kubectl get ingress -o yaml myservice). Another thing that gets modified is the function deployment but that should not be affected by the cert-manager.
Hello, fairly new to Kubernetes/Kubeless/Serverless so I don't know what details to provide. Happy to give more if needed.
I'm running Rancher 2.0, Kubernetes 1.10.1, and Kubeless 1.0.0-alpha3. I have a function configured like this:
This correctly creates everything as expected, only my service responds to http://example.com/api/feed.
Next I use cert-manager 0.2.9 to deploy a LetsEncrypt cert in the function's namespace. I log into Rancher's web interface, then pair the cert with the ingress created by the plugin. My function is now accessible at https://example.com/api/feed. Perfect.
But when I redeploy the service, the pairing with the certificate is lost. Once again the function is only accessible via http, and once again I have to connect my cert with my ingress.
I'm not immediately sure how this plugin is reconfiguring the ingress if it already exists. Could it be configured to merge any changed configs rather than completely override everything? I imagine it has to point to the new function somehow, but it'd be great if my manual changes were preserved.
Alternately, some means of configuring a TLS cert on the ingress from serverless.yml would also be helpful. I just don't want to keep losing https on every new
serverless deploy. I don't want to bikeshed the specifics on how that will ultimately happen. :)Thanks.