New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added #6065
Comments
Any idea if this is a bug or I do something wrong? |
Same issue here in AWS EKS with k8s 1.24 |
somebody looking at it? |
Can you try to delete the ingress and recreate it again with the annotation in place? I tested this and this seems to happen if you updated the ingress resource with annotation instead of deleting it and then creating it again. |
Yes that worked @jpdasma thanks a lot |
So yeah, I think what happens is that cert-manager doesn't detect any changes for existing Ingress. So if we have an existing Ingress, and then added the annotation |
You saved my day, I never though in the first place to just re-create the resource. So still, I keep the issue open as I believe this changes should be detected... |
I believe I'm dealing with this issue right now. Tried deleting the ingress and re-creating it, but cert-manager is still creating a Have any of you had to delete other resources besides the ingress such as the certificate itself, orders, challenges, etc? |
A spec.ingressClassName: nginx is needed along/aside the metadata.annotations."kubernetes.io/ingress.class": nginx. |
I am facing the same issue, on-premise. k8s v1.24.8 @Teemu-A Do you have both annotations in place and does it fix the issue? I replaced all the kubernetes.io/ingress.class annotations with spec.IngressClassName due to the deprecation. |
The cm-acme gets stuck without spec.ingressClassName despite of annotations. (For us this happens on helm installed gitlab which has cert-manager in the chart/release. That's why I do not want to touch the chart templates.)
|
this fixed my issue. In fact, these annotations existed already
Deleting the ingress and recreating it as suggested here fixed the issue. |
Issuing certificate as Secret was previously issued by "Issuer.cert-manager.io/" Any solution ? |
This updates the annotations of a Certificate owned by an Ingress when they are added or changed after the Certificate exists. Before they were only updated when an unrelated change, like a changed label value, triggered an update. Also removing the call to `setIssuerSpecificConfig()` as this is already done before the `existingCrt` check. Fixes cert-manager#6065 Signed-off-by: Tobi Nehrlich <tobi.nehrlich@amazee.io>
This updates the annotations of a Certificate owned by an Ingress when they are added or changed after the Certificate exists. Before they could only be "added" by deleting the Certificate itself. Also removing the call to `setIssuerSpecificConfig()` as this is already done before the `existingCrt` check. Fixes cert-manager#6065 Signed-off-by: Tobi Nehrlich <tobi.nehrlich@amazee.io>
Added the below annotations: spec: Still running into the same error aks version : 1.27.7 |
Describe the bug:
I face some the following issue on aks: Waiting for HTTP-01 challenge propagation: failed to perform self check GET request.
Based on the recommendation, I add the annotation
Waiting for HTTP-01 challenge propagation: failed to perform self check GET request
However, despite the annotation the additional ingress is still created.
Expected behaviour:
My ingress is edited in place rather an additional one is created
Steps to reproduce the bug:
Anything else we need to know?:
Environment details::
/kind bug
The text was updated successfully, but these errors were encountered: