[GitHub] [apisix-ingress-controller] cabrinoob opened a new issue, #1270: request help: Using an existing certificate secret for TLS

Thu, 25 Aug 2022 00:46:15 -0700 


cabrinoob opened a new issue, #1270:
URL: https://github.com/apache/apisix-ingress-controller/issues/1270

   ### Issue description
   
   Hi,
   I'am trying to configure apache/apisix-ingress-controller:1.4.1 for TLS on 
my Kubernetes 1.21 cluster. There is already an nginx ingress controller that 
runs on this cluster (with TLS).
   
   So, there is also an existing K8S Secret (managed by cert-manager) in 
kube-system namespace that contains the certificate for TLS encryption. And in 
my NGINX ingress controller helm values I have this king of config : 
   
   ```
   controller:
         image:
           repository: eu.gcr.io/k8s-artifacts-prod/ingress-nginx/controller
         config:
         ...
         extraArgs:
           default-ssl-certificate: "kube-system/my-cert"
   ```
   The `default-ssl-certificate` property allows to point to my-cert in another 
namespace than the one used for nginx.
   
   **First question** : Is it possible to do the same with APISIX Ingress 
Controller ? How ?
   
   **Last question** : This Secret has a `kubernetes.io/tls` type and it is 
managed by certmanager. Is APISIX compatible with this format that looks like : 
   
   ```
   apiVersion: v1
   kind: Secret
   type: kubernetes.io/tls
   metadata:
     name: my-cert
     namespace: kube-system
     annotations:
       cert-manager.io/alt-names: ...
       cert-manager.io/certificate-name: my-cert
       cert-manager.io/common-name: ...
       cert-manager.io/ip-sans: ""
       cert-manager.io/issuer-group: ""
       cert-manager.io/issuer-kind: ClusterIssuer
       cert-manager.io/issuer-name: letsencrypt
       cert-manager.io/uri-sans: ""
   data:
     tls.crt: xxx
     tls.key: yyy
   
   ```
   I read in the APISIX docs somewhere that the Secret has to have a `crt` and 
a `key` properties (and here I have tls.crt and tls.key). Is this problematic ?
   
   Thank you for your help.
   
   ### Environment
   
   - your apisix-ingress-controller version (output of 
apisix-ingress-controller version --long): 1.4.1
   - your Kubernetes cluster version (output of kubectl version): 1.21.14
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to