Coder Social home page Coder Social logo

Comments (5)

3dbrows avatar 3dbrows commented on June 24, 2024 1

Wow @hbagdi that was fast! 😄
I deployed #76 locally and it works great, thank you.

from kubernetes-ingress-controller.

hbagdi avatar hbagdi commented on June 24, 2024 1

Hello @Dag24,
As documented, the ingress controller doesn't yet support Kong 0.14.0 for the reasons that you've posted above.

While I'm here, I'd also like to draw your attention to #94, which is another snag I encountered in TLS setup. Hopefully a trivial fix for that one, though. (Root CA certs are not installed in the ingress-controller or Kong Centos images.)

I'll look into this and post an update on #94 soon. Thanks!

from kubernetes-ingress-controller.

3dbrows avatar 3dbrows commented on June 24, 2024

A workaround is to manually add all the SNIs listed in spec.tls[0].hosts e.g.

curl -X POST \
    --url "kong-ingress-controller.kong.svc.cluster.local:8001/snis/" \
    --data "ssl_certificate_id=<certificate id>" \
    --data "name=bar.example.com"

Now requests to both https://foo.example.com and https://bar.example.com will succeed.

from kubernetes-ingress-controller.

hbagdi avatar hbagdi commented on June 24, 2024

Hello @Dag24
I just opened up #76 to fix this issue.

Thank you for reporting this!

from kubernetes-ingress-controller.

3dbrows avatar 3dbrows commented on June 24, 2024

Hey @hbagdi I think we need to reopen this as it doesn't work with Kong 0.14.0. It does work with 0.13.1 and 0.13.0.

Using kong-0.13.1-centos: the logs of the ingress-controller container look like this (successful):

controller.go:127] syncing Ingress configuration...
kong.go:1008] creating Kong SSL Certificate for host foo.example.com located in Secret default/tls-secret
kong.go:1041] creating Kong SNI for host foo.example.com and certificate id 712398b9-a171-11e8-8806-0a58ac1f10d3
kong.go:1041] creating Kong SNI for host bar.example.com and certificate id 712398b9-a171-11e8-8806-0a58ac1f10d3

Using kong-0.14-centos:

controller.go:127] syncing Ingress configuration...
kong.go:1008] creating Kong SSL Certificate for host foo.example.com located in Secret default/tls-secret
kong.go:1028] updating certificate for host foo.example.com to certificate id 41e5ab7e-ef54-4be5-a859-35d1b51160ba
controller.go:130] unexpected failure updating Kong configuration: patching a Kong consumer: the server rejected our request for an unknown reason (patch snis.meta.k8s.io)
queue.go:113] requeuing dummy/dummy, err patching a Kong consumer: the server rejected our request for an unknown reason (patch snis.meta.k8s.io)
controller.go:127] syncing Ingress configuration...
kong.go:1008] creating Kong SSL Certificate for host foo.example.com located in Secret default/tls-secret
kong.go:1013] Unexpected error creating Kong Certificate: [400] {"fields":{"snis":"foo.example.com already associated with existing certificate '41e5ab7e-ef54-4be5-a859-35d1b51160ba'"},"name":"schema violation","code":2,"message":"schema violation (snis: foo.example.com already associated with existing certificate '41e5ab7e-ef54-4be5-a859-35d1b51160ba')"}

Of course, the important part here is the "schema violation" error. 0.14.0 contained a number of changes to the /snis and /certificates endpoints, which have probably triggered the above.

While I'm here, I'd also like to draw your attention to #94, which is another snag I encountered in TLS setup. Hopefully a trivial fix for that one, though. (Root CA certs are not installed in the ingress-controller or Kong Centos images.)

from kubernetes-ingress-controller.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.