-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kong breaks cert-manager certificate creation #12267
Comments
@jakoberpf According to your original issue in cert-manager repo (cert-manager/cert-manager#5918), The secret may fail on the webhook validation. So I would like to know your KIC version for further investigation.
|
@randmonkey Thanks for the feedback. So I installed the Both charts are install somewhat in the same time as they are part of the same terraform module in my case. I did not install the Hope this is helpful information. |
Yes, I think installing |
Mostly default yes, just some service configuration... gateway:
proxy:
type: NodePort
http:
enabled: true
servicePort: 80
containerPort: 8000
nodePort: 31080
tls:
enabled: true
servicePort: 443
containerPort: 8443
nodePort: 31443 |
@jakoberpf I am facing the same issue with Kong 3.5 both in DBless and hybrid mode. Uninstallation of Kong ingress makes all certificates available instantly. I am just passing the below values to kong helm chart: I have an EKS cluster with Kong 3.5 and cert manager 1.13.2 |
@randmonkey can we support the investigation somehow? |
@randmonkey sorry for bothering, but can we support in debugging or fixing this? We would love to use Kong as our solution, but this is kinda breaking any automation process. |
Also ran into this problem. On my end, this seemed to be an issue with the configuration of the KIC webhook as per: Kong/kubernetes-ingress-controller#2431. Either fixing the issue with the ValidatingWebhook (i.e. configuration, vpc issues) or removing the secrets rule as per that issue may resolve this for you as it did for me @jakoberpf. |
@kaelanspatel Thats nice, thanks. Could be a intermediary solution for us. |
@randmonkey , do you think that we have gotten a solution for this issue? |
Also running into this, which is blocking our integration of Kong |
If I'm understanding it correctly, looks like Kong/charts#1061 will address the issue when it's released, though the new flag will need to be set explicitly to |
Is there an existing issue for this?
Kong version (
$ kong version
)3.4
Current Behavior
When deploying kong/ingress alongside with cert-manager certificate creation failed due to cert-manager/cert-manager#5918
kubernetes ingress manifest
kong-controller logs
cert-manager logs
Expected Behavior
Ingress ressources creates certificate request which creates certificate.
Steps To Reproduce
cert-manager
ClusterIssuer
with dns01 challenge and route53 IRSAkong/ingress
ingress
as shown in bug reportcert-manager
will createCertificateRequest
(becomesready
) andCertificate
(will stay inunready
status due to "context deadline exceeded" while "applying Secret data" cert-manager/cert-manager#5918)kong/ingress
Certificate
becomes readyAnything else?
No response
The text was updated successfully, but these errors were encountered: