Closed mpalumbo7 closed 5 years ago
mpalumbo7
commented
5 years ago I found that the root cause is that the cert-manager-https example references serverless-kubeless version ^0.4.0 but per the release notes, the tlsConfig and additionaAnnotations were only added in v0.6.1.
I'll open a pull request for the fix.
christhomas
commented
5 years ago ok, I'm having this "undefined.ingress.kubernetes.io/rewrite-target" using serverless-kubeless 0.7.1.
Although I do see the tls annotation correctly applied. In my nodejs express app, I'm missing the pathinfo for the function, all it sees is "/" which means my app doesn't register the correct url even though with curl -v I can see the url is set correctly.
{
"kind": "Ingress",
"apiVersion": "extensions/v1beta1",
"metadata": {
"name": "country-service",
"namespace": "__SNIP__",
"selfLink": "/apis/extensions/v1beta1/namespaces/__SNIP__/ingresses/country-service",
"uid": "85ec34cc-742a-11e9-b881-9600000d0565",
"resourceVersion": "38842960",
"generation": 2,
"creationTimestamp": "2019-05-11T20:22:39Z",
"annotations": {
"kubernetes.io/tls-acme": "true",
"undefined.ingress.kubernetes.io/rewrite-target": "/"
}
},
"spec": {
"tls": [
{
"hosts": [
"__SNIP__"
],
"secretName": "tls-__SNIP__"
}
],
"rules": [
{
"host": "__SNIP__",
"http": {
"paths": [
{
"path": "/country",
"backend": {
"serviceName": "country",
"servicePort": 8080
}
}
]
}
}
]
}, __SNIP__
}
andresmgot
commented
5 years ago Taking a quick look to the code, you need to set a class for your ingress definition. So if you are using a Nginx Ingress controller that will be nginx.
Apart from that, if the controller is behaving as expected, you should be able to reach your function using hostname/country. If that's not the case, the logs of the controller may give you more information about the cause of the error.
mpalumbo7
commented
5 years ago Can you provide the serverless.yaml you used to generate the ingress? It must include the following field: provider.ingress.class
Here is an example:
# Update the service name below with your own service name
service: hello-world
provider:
name: kubeless # where to deploy the function
runtime: nodejs8 # the runtime to use
namespace: kubeless # the k8s namespace to use
# configuration for the Ingress object
hostname: fn.example.com
ingress:
class: nginx # type of ingress-controller used
additionalAnnotations:
# auto generation of TLS certificates via cert-manager
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
tlsConfig:
- hosts:
- fn.example.com
secretName: fn.example.com-cert
plugins:
- serverless-kubeless # required
functions:
hello: # the name of the function
handler: handler.hello # the filename and exported function name
events: # create an http trigger
- http:
method: GET # http trigger method
path: hello # path rule created in Ingress object
# another function
capitalize:
handler: handler.capitalize
events:
- http:
path: captilize
Summary
The
tlsConfigandadditionalAnnotationsfor Ingress objects is broken. Following the examplecert-manager-httpsdoes not generate thespec.tlsormetadata.annotationsthat is should:The annotation
kubernetes.io/tls-acme: "true"is missing, the other annotation hasundefinedwhere it should benginx, and there is nospec.tlsat all.Environment
Steps to Reproduce
Install kubeless via Release notes after applying the
PodSecurityPolicypsp:privileged to thekubelessnamespace:Install
serverlessCLI locally:Now, after the install is successful, I can see the
Ingressobject was created, but it is missing thetlsConfigandadditionalAnnotationswhich are defined inserverless.yaml.The serverless.yaml: