Closed mpalumbo7 closed 5 years ago
I found that the root cause is that the cert-manager-https
example references serverless-kubeless version ^0.4.0
but per the release notes, the tlsConfig
and additionaAnnotations
were only added in v0.6.1
.
I'll open a pull request for the fix.
ok, I'm having this "undefined.ingress.kubernetes.io/rewrite-target" using serverless-kubeless 0.7.1.
Although I do see the tls annotation correctly applied. In my nodejs express app, I'm missing the pathinfo for the function, all it sees is "/" which means my app doesn't register the correct url even though with curl -v I can see the url is set correctly.
{
"kind": "Ingress",
"apiVersion": "extensions/v1beta1",
"metadata": {
"name": "country-service",
"namespace": "__SNIP__",
"selfLink": "/apis/extensions/v1beta1/namespaces/__SNIP__/ingresses/country-service",
"uid": "85ec34cc-742a-11e9-b881-9600000d0565",
"resourceVersion": "38842960",
"generation": 2,
"creationTimestamp": "2019-05-11T20:22:39Z",
"annotations": {
"kubernetes.io/tls-acme": "true",
"undefined.ingress.kubernetes.io/rewrite-target": "/"
}
},
"spec": {
"tls": [
{
"hosts": [
"__SNIP__"
],
"secretName": "tls-__SNIP__"
}
],
"rules": [
{
"host": "__SNIP__",
"http": {
"paths": [
{
"path": "/country",
"backend": {
"serviceName": "country",
"servicePort": 8080
}
}
]
}
}
]
}, __SNIP__
}
Taking a quick look to the code, you need to set a class
for your ingress definition. So if you are using a Nginx Ingress controller that will be nginx
.
Apart from that, if the controller is behaving as expected, you should be able to reach your function using hostname/country
. If that's not the case, the logs of the controller may give you more information about the cause of the error.
Can you provide the serverless.yaml
you used to generate the ingress? It must include the following field: provider.ingress.class
Here is an example:
# Update the service name below with your own service name
service: hello-world
provider:
name: kubeless # where to deploy the function
runtime: nodejs8 # the runtime to use
namespace: kubeless # the k8s namespace to use
# configuration for the Ingress object
hostname: fn.example.com
ingress:
class: nginx # type of ingress-controller used
additionalAnnotations:
# auto generation of TLS certificates via cert-manager
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
tlsConfig:
- hosts:
- fn.example.com
secretName: fn.example.com-cert
plugins:
- serverless-kubeless # required
functions:
hello: # the name of the function
handler: handler.hello # the filename and exported function name
events: # create an http trigger
- http:
method: GET # http trigger method
path: hello # path rule created in Ingress object
# another function
capitalize:
handler: handler.capitalize
events:
- http:
path: captilize
Summary
The
tlsConfig
andadditionalAnnotations
for Ingress objects is broken. Following the examplecert-manager-https
does not generate thespec.tls
ormetadata.annotations
that is should:The annotation
kubernetes.io/tls-acme: "true"
is missing, the other annotation hasundefined
where it should benginx
, and there is nospec.tls
at all.Environment
Steps to Reproduce
Install kubeless via Release notes after applying the
PodSecurityPolicy
psp:privileged to thekubeless
namespace:Install
serverless
CLI locally:Now, after the install is successful, I can see the
Ingress
object was created, but it is missing thetlsConfig
andadditionalAnnotations
which are defined inserverless.yaml
.The serverless.yaml: