You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "shareinto (via GitHub)" <gi...@apache.org> on 2023/03/06 09:02:25 UTC
[GitHub] [apisix-ingress-controller] shareinto opened a new issue, #1711: bug: When ingress uses cert-manager to issue a certificate, the route and upstream cannot be generated normally
shareinto opened a new issue, #1711:
URL: https://github.com/apache/apisix-ingress-controller/issues/1711
### Current Behavior
Create an ingress and use cert-manager to issue a certificate. At this time, check the log and find that the secret cannot be found, and the ingress cannot be translated correctly.
```apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-codefriend-dns
kubernetes.io/ingress.class: apisix
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/service-weight: ""
nginx.ingress.kubernetes.io/ssl-redirect: "true"
name: echo
namespace: default
spec:
rules:
- host: xxxxxxx
http:
paths:
- backend:
service:
name: echo-service
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- xxxxxxx
secretName: echo
```
the error log:
```
2023-03-06T16:54:47+08:00 error translation/translator.go:134 failed to translate ingress tls to apisix tls {"error": "secret \"echo\" not found", "ingress": "&Ingress{ObjectMeta:{echo default ac5cc100-3927-48a9-a7fe-bfa85de5e71f 395422539 1 2023-03-06 16:54:47 +0800 HKT <nil> <nil> map[] map[cert-manager.io/cluster-issuer:letsencrypt-codefriend-dns kubectl.kubernetes.io/last-applied-configuration:{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"Ingress\",\"metadata\":{\"annotations\":{\"cert-manager.io/cluster-issuer\":\"letsencrypt-codefriend-dns\",\"kubernetes.io/ingress.class\":\"nginx\",\"kubernetes.io/tls-acme\":\"true\",\"nginx.ingress.kubernetes.io/service-weight\":\"\",\"nginx.ingress.kubernetes.io/ssl-redirect\":\"true\"},\"name\":\"echo\",\"namespace\":\"default\"},\"spec\":{\"rules\":[{\"host\":\"echoten.lfszo.codefriend.top\",\"http\":{\"paths\":[{\"backend\":{\"service\":{\"name\":\"echo-service\",\"port\":{\"number\":80}}},\"path\":\"/\",\"pathType\
":\"Prefix\"}]}}],\"tls\":[{\"hosts\":[\"echoten.lfszo.codefriend.top\"],\"secretName\":\"echo\"}]}}\n kubernetes.io/ingress.class:nginx kubernetes.io/tls-acme:true nginx.ingress.kubernetes.io/service-weight: nginx.ingress.kubernetes.io/ssl-redirect:true] [] [] [{kubectl-client-side-apply Update networking.k8s.io/v1 2023-03-06 16:54:47 +0800 HKT FieldsV1 {\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:cert-manager.io/cluster-issuer\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{},\"f:kubernetes.io/ingress.class\":{},\"f:kubernetes.io/tls-acme\":{},\"f:nginx.ingress.kubernetes.io/service-weight\":{},\"f:nginx.ingress.kubernetes.io/ssl-redirect\":{}}},\"f:spec\":{\"f:rules\":{},\"f:tls\":{}}} }]},Spec:IngressSpec{DefaultBackend:nil,TLS:[]IngressTLS{IngressTLS{Hosts:[echoten.lfszo.codefriend.top],SecretName:echo,},},Rules:[]IngressRule{IngressRule{Host:echoten.lfszo.codefriend.top,IngressRuleValue:IngressRuleValue{HTTP:&HTTPIngressRuleValue{Paths:[]HTTPIngressPath{HTTPIn
gressPath{Path:/,Backend:IngressBackend{Resource:nil,Service:&IngressServiceBackend{Name:echo-service,Port:ServiceBackendPort{Name:,Number:80,},},},PathType:*Prefix,},},},},},},IngressClassName:nil,},Status:IngressStatus{LoadBalancer:{[]},},}"}
```
until the secret is created, the ingress is not reprocessed, so the corresponding route and upstream are not created
### Expected Behavior
When waiting until the secret is created, the corresponding route and upstream should be created correctly
### Error Logs
2023-03-06T16:54:47+08:00 error translation/translator.go:134 failed to translate ingress tls to apisix tls {"error": "secret \"echo\" not found", "ingress": "&Ingress{ObjectMeta:{echo default ac5cc100-3927-48a9-a7fe-bfa85de5e71f 395422539 1 2023-03-06 16:54:47 +0800 HKT <nil> <nil> map[] map[cert-manager.io/cluster-issuer:letsencrypt-codefriend-dns kubectl.kubernetes.io/last-applied-configuration:{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"Ingress\",\"metadata\":{\"annotations\":{\"cert-manager.io/cluster-issuer\":\"letsencrypt-codefriend-dns\",\"kubernetes.io/ingress.class\":\"nginx\",\"kubernetes.io/tls-acme\":\"true\",\"nginx.ingress.kubernetes.io/service-weight\":\"\",\"nginx.ingress.kubernetes.io/ssl-redirect\":\"true\"},\"name\":\"echo\",\"namespace\":\"default\"},\"spec\":{\"rules\":[{\"host\":\"echoten.lfszo.codefriend.top\",\"http\":{\"paths\":[{\"backend\":{\"service\":{\"name\":\"echo-service\",\"port\":{\"number\":80}}},\"path\":\"/\",\"pathType\
":\"Prefix\"}]}}],\"tls\":[{\"hosts\":[\"echoten.lfszo.codefriend.top\"],\"secretName\":\"echo\"}]}}\n kubernetes.io/ingress.class:nginx kubernetes.io/tls-acme:true nginx.ingress.kubernetes.io/service-weight: nginx.ingress.kubernetes.io/ssl-redirect:true] [] [] [{kubectl-client-side-apply Update networking.k8s.io/v1 2023-03-06 16:54:47 +0800 HKT FieldsV1 {\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:cert-manager.io/cluster-issuer\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{},\"f:kubernetes.io/ingress.class\":{},\"f:kubernetes.io/tls-acme\":{},\"f:nginx.ingress.kubernetes.io/service-weight\":{},\"f:nginx.ingress.kubernetes.io/ssl-redirect\":{}}},\"f:spec\":{\"f:rules\":{},\"f:tls\":{}}} }]},Spec:IngressSpec{DefaultBackend:nil,TLS:[]IngressTLS{IngressTLS{Hosts:[echoten.lfszo.codefriend.top],SecretName:echo,},},Rules:[]IngressRule{IngressRule{Host:echoten.lfszo.codefriend.top,IngressRuleValue:IngressRuleValue{HTTP:&HTTPIngressRuleValue{Paths:[]HTTPIngressPath{HTTPIn
gressPath{Path:/,Backend:IngressBackend{Resource:nil,Service:&IngressServiceBackend{Name:echo-service,Port:ServiceBackendPort{Name:,Number:80,},},},PathType:*Prefix,},},},},},},IngressClassName:nil,},Status:IngressStatus{LoadBalancer:{[]},},}"}
### Steps to Reproduce
1. Create a Ingress like below:
```
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-codefriend-dns
kubernetes.io/ingress.class: apisix
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/service-weight: ""
nginx.ingress.kubernetes.io/ssl-redirect: "true"
name: echo
namespace: default
spec:
rules:
- host: xxxxxxx
http:
paths:
- backend:
service:
name: echo-service
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- xxxxxxx
secretName: echo
```
### Environment
- APISIX Ingress controller version (run `apisix-ingress-controller version --long`)
```Version: 1.6.0
Git SHA: no-git-module
Go Version: go1.19.4
Building OS/Arch: linux/amd64
Running OS/Arch: linux/amd64
```
- Kubernetes cluster version (run `kubectl version`)
```
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.6", GitCommit:"ad3338546da947756e8a88aa6822e9c11e7eac22", GitTreeState:"clean", BuildDate:"2022-04-14T08:49:13Z", GoVersion:"go1.17.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.11-aliyun.1", GitCommit:"757dfe7e010afcfa31591df65f26b4b80540975e", GitTreeState:"clean", BuildDate:"2022-04-20T09:01:29Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
```
- OS version if running APISIX Ingress controller in a bare-metal environment (run `uname -a`)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] AlinsRan closed issue #1711: bug: When ingress uses cert-manager to issue a certificate, the route and upstream cannot be generated normally
Posted by "AlinsRan (via GitHub)" <gi...@apache.org>.
AlinsRan closed issue #1711: bug: When ingress uses cert-manager to issue a certificate, the route and upstream cannot be generated normally
URL: https://github.com/apache/apisix-ingress-controller/issues/1711
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] shareinto commented on issue #1711: bug: When ingress uses cert-manager to issue a certificate, the route and upstream cannot be generated normally
Posted by "shareinto (via GitHub)" <gi...@apache.org>.
shareinto commented on issue #1711:
URL: https://github.com/apache/apisix-ingress-controller/issues/1711#issuecomment-1455757830
https://github.com/apache/apisix-ingress-controller/blob/ea315c06d41f31fd24dba2f9ca067eee4c6146c2/pkg/providers/ingress/ingress.go#L225
The intention here is that the ingress cannot be found, but the secret cannot be found and enter this branch at the same time, resulting in the ingress being unable to retry in the future
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] AlinsRan commented on issue #1711: bug: When ingress uses cert-manager to issue a certificate, the route and upstream cannot be generated normally
Posted by "AlinsRan (via GitHub)" <gi...@apache.org>.
AlinsRan commented on issue #1711:
URL: https://github.com/apache/apisix-ingress-controller/issues/1711#issuecomment-1459158060
This issue is related to #1190. I will close this issues.
Let us track #1190.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org