[GitHub] [apisix-ingress-controller] shareinto opened a new issue, #1711: bug: When ingress uses cert-manager to issue a certificate, the route and upstream cannot be generated normally

[via GitHub]

shareinto opened a new issue, #1711:
URL: https://github.com/apache/apisix-ingress-controller/issues/1711

   ### Current Behavior
   
   Create an ingress and use cert-manager to issue a certificate. At this time, 
check the log and find that the secret cannot be found, and the ingress cannot 
be translated correctly.
   ```apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     annotations:
       cert-manager.io/cluster-issuer: letsencrypt-codefriend-dns
       kubernetes.io/ingress.class: apisix
       kubernetes.io/tls-acme: "true"
       nginx.ingress.kubernetes.io/service-weight: ""
       nginx.ingress.kubernetes.io/ssl-redirect: "true"
     name: echo
     namespace: default
   spec:
     rules:
     - host: xxxxxxx
       http:
         paths:
         - backend:
             service:
               name: echo-service
               port:
                 number: 80
           path: /
           pathType: Prefix
     tls:
     - hosts:
       - xxxxxxx
       secretName: echo
   ```
   
   the error log:
   ```
   2023-03-06T16:54:47+08:00       error   translation/translator.go:134   
failed to translate ingress tls to apisix tls   {"error": "secret \"echo\" not 
found", "ingress": "&Ingress{ObjectMeta:{echo  default  
ac5cc100-3927-48a9-a7fe-bfa85de5e71f 395422539 1 2023-03-06 16:54:47 +0800 HKT 
<nil> <nil> map[] map[cert-manager.io/cluster-issuer:letsencrypt-codefriend-dns 
kubectl.kubernetes.io/last-applied-configuration:{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"Ingress\",\"metadata\":{\"annotations\":{\"cert-manager.io/cluster-issuer\":\"letsencrypt-codefriend-dns\",\"kubernetes.io/ingress.class\":\"nginx\",\"kubernetes.io/tls-acme\":\"true\",\"nginx.ingress.kubernetes.io/service-weight\":\"\",\"nginx.ingress.kubernetes.io/ssl-redirect\":\"true\"},\"name\":\"echo\",\"namespace\":\"default\"},\"spec\":{\"rules\":[{\"host\":\"echoten.lfszo.codefriend.top\",\"http\":{\"paths\":[{\"backend\":{\"service\":{\"name\":\"echo-service\",\"port\":{\"number\":80}}},\"path\":\"/\",\"pathType\
 
":\"Prefix\"}]}}],\"tls\":[{\"hosts\":[\"echoten.lfszo.codefriend.top\"],\"secretName\":\"echo\"}]}}\n
 kubernetes.io/ingress.class:nginx kubernetes.io/tls-acme:true 
nginx.ingress.kubernetes.io/service-weight: 
nginx.ingress.kubernetes.io/ssl-redirect:true] [] [] 
[{kubectl-client-side-apply Update networking.k8s.io/v1 2023-03-06 16:54:47 
+0800 HKT FieldsV1 
{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:cert-manager.io/cluster-issuer\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{},\"f:kubernetes.io/ingress.class\":{},\"f:kubernetes.io/tls-acme\":{},\"f:nginx.ingress.kubernetes.io/service-weight\":{},\"f:nginx.ingress.kubernetes.io/ssl-redirect\":{}}},\"f:spec\":{\"f:rules\":{},\"f:tls\":{}}}
 
}]},Spec:IngressSpec{DefaultBackend:nil,TLS:[]IngressTLS{IngressTLS{Hosts:[echoten.lfszo.codefriend.top],SecretName:echo,},},Rules:[]IngressRule{IngressRule{Host:echoten.lfszo.codefriend.top,IngressRuleValue:IngressRuleValue{HTTP:&HTTPIngressRuleValue{Paths:[]HTTPIngressPath{HTTPIn
 
gressPath{Path:/,Backend:IngressBackend{Resource:nil,Service:&IngressServiceBackend{Name:echo-service,Port:ServiceBackendPort{Name:,Number:80,},},},PathType:*Prefix,},},},},},},IngressClassName:nil,},Status:IngressStatus{LoadBalancer:{[]},},}"}
   ```
   
   until the secret is created, the ingress is not reprocessed, so the 
corresponding route and upstream are not created
   
   
   ### Expected Behavior
   
   When waiting until the secret is created, the corresponding route and 
upstream should be created correctly
   
   ### Error Logs
   
   2023-03-06T16:54:47+08:00       error   translation/translator.go:134   
failed to translate ingress tls to apisix tls   {"error": "secret \"echo\" not 
found", "ingress": "&Ingress{ObjectMeta:{echo  default  
ac5cc100-3927-48a9-a7fe-bfa85de5e71f 395422539 1 2023-03-06 16:54:47 +0800 HKT 
<nil> <nil> map[] map[cert-manager.io/cluster-issuer:letsencrypt-codefriend-dns 
kubectl.kubernetes.io/last-applied-configuration:{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"Ingress\",\"metadata\":{\"annotations\":{\"cert-manager.io/cluster-issuer\":\"letsencrypt-codefriend-dns\",\"kubernetes.io/ingress.class\":\"nginx\",\"kubernetes.io/tls-acme\":\"true\",\"nginx.ingress.kubernetes.io/service-weight\":\"\",\"nginx.ingress.kubernetes.io/ssl-redirect\":\"true\"},\"name\":\"echo\",\"namespace\":\"default\"},\"spec\":{\"rules\":[{\"host\":\"echoten.lfszo.codefriend.top\",\"http\":{\"paths\":[{\"backend\":{\"service\":{\"name\":\"echo-service\",\"port\":{\"number\":80}}},\"path\":\"/\",\"pathType\
 
":\"Prefix\"}]}}],\"tls\":[{\"hosts\":[\"echoten.lfszo.codefriend.top\"],\"secretName\":\"echo\"}]}}\n
 kubernetes.io/ingress.class:nginx kubernetes.io/tls-acme:true 
nginx.ingress.kubernetes.io/service-weight: 
nginx.ingress.kubernetes.io/ssl-redirect:true] [] [] 
[{kubectl-client-side-apply Update networking.k8s.io/v1 2023-03-06 16:54:47 
+0800 HKT FieldsV1 
{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:cert-manager.io/cluster-issuer\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{},\"f:kubernetes.io/ingress.class\":{},\"f:kubernetes.io/tls-acme\":{},\"f:nginx.ingress.kubernetes.io/service-weight\":{},\"f:nginx.ingress.kubernetes.io/ssl-redirect\":{}}},\"f:spec\":{\"f:rules\":{},\"f:tls\":{}}}
 
}]},Spec:IngressSpec{DefaultBackend:nil,TLS:[]IngressTLS{IngressTLS{Hosts:[echoten.lfszo.codefriend.top],SecretName:echo,},},Rules:[]IngressRule{IngressRule{Host:echoten.lfszo.codefriend.top,IngressRuleValue:IngressRuleValue{HTTP:&HTTPIngressRuleValue{Paths:[]HTTPIngressPath{HTTPIn
 
gressPath{Path:/,Backend:IngressBackend{Resource:nil,Service:&IngressServiceBackend{Name:echo-service,Port:ServiceBackendPort{Name:,Number:80,},},},PathType:*Prefix,},},},},},},IngressClassName:nil,},Status:IngressStatus{LoadBalancer:{[]},},}"}
   
   ### Steps to Reproduce
   
   1. Create a Ingress like below:
   ```
   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     annotations:
       cert-manager.io/cluster-issuer: letsencrypt-codefriend-dns
       kubernetes.io/ingress.class: apisix
       kubernetes.io/tls-acme: "true"
       nginx.ingress.kubernetes.io/service-weight: ""
       nginx.ingress.kubernetes.io/ssl-redirect: "true"
     name: echo
     namespace: default
   spec:
     rules:
     - host: xxxxxxx
       http:
         paths:
         - backend:
             service:
               name: echo-service
               port:
                 number: 80
           path: /
           pathType: Prefix
     tls:
     - hosts:
       - xxxxxxx
       secretName: echo
   ```
   
   ### Environment
   
   - APISIX Ingress controller version (run `apisix-ingress-controller version 
--long`)
   ```Version: 1.6.0
   Git SHA: no-git-module
   Go Version: go1.19.4
   Building OS/Arch: linux/amd64
   Running OS/Arch: linux/amd64
   ```
   - Kubernetes cluster version (run `kubectl version`)
   ```
   Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.6", 
GitCommit:"ad3338546da947756e8a88aa6822e9c11e7eac22", GitTreeState:"clean", 
BuildDate:"2022-04-14T08:49:13Z", GoVersion:"go1.17.9", Compiler:"gc", 
Platform:"linux/amd64"}
   Server Version: version.Info{Major:"1", Minor:"20+", 
GitVersion:"v1.20.11-aliyun.1", 
GitCommit:"757dfe7e010afcfa31591df65f26b4b80540975e", GitTreeState:"clean", 
BuildDate:"2022-04-20T09:01:29Z", GoVersion:"go1.15.15", Compiler:"gc", 
Platform:"linux/amd64"}
   ```
   - OS version if running APISIX Ingress controller in a bare-metal 
environment (run `uname -a`)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org