Ingress labels copied to certificate, causing issues with applysets #6473
Labels
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
Describe the bug:
I have an ingress for which I am provisioning certificates, with these annotations:
The problem is that my certificate ends up with these labels applied to it, which seem to be copied from the ingress resource:
These copied labels are causing problems because
kubectl --prune
wants to delete my certificate due to the applyset.kubernetes.io/part-of label. This behaviour doesn't seem to be documented anywhere, and from a Slack discussion seems to be a bug.Expected behaviour:
I expect the certificate to be created without any labels. If this is not possible for backwards-compatibility reasons, I would like to be able to deny-list certain labels (specifically
applyset.kubernetes.io/part-of
in my case).Steps to reproduce the bug:
Certificate
has the same labels as the ingress.Anything else we need to know?:
From the Slack thread:
cert-manager/pkg/controller/certificate-shim/sync.go
Line 378 in d2f6bbe
Environment details::
1.28.2
1.13.2
/kind bug
The text was updated successfully, but these errors were encountered: