Comments (12)
@jakoberpf According to your original issue in cert-manager repo (cert-manager/cert-manager#5918), The secret may fail on the webhook validation. So I would like to know your KIC version for further investigation.
Would you please tell me:
- What was version of KIC?
- How did you install KIC,Kong and certManager?
from kong.
@randmonkey Thanks for the feedback. So I installed the kong/ingress
chart with the version 0.10.1
, which results in the controller image kong/kubernetes-ingress-controller:3.0
. cert-manager
chart version is v1.13.3
which is also the service version.
Both charts are install somewhat in the same time as they are part of the same terraform module in my case. I did not install the kong/kong
chart. My understanding is that the kong/ingress
aka. KIC is sufficient to get started?
Hope this is helpful information.
from kong.
Yes, I think installing kong/ingress
charts includes installing KIC (with admission webhooks) and Kong gateway. Are you using all default values?
from kong.
Mostly default yes, just some service configuration...
gateway:
proxy:
type: NodePort
http:
enabled: true
servicePort: 80
containerPort: 8000
nodePort: 31080
tls:
enabled: true
servicePort: 443
containerPort: 8443
nodePort: 31443
from kong.
@jakoberpf I am facing the same issue with Kong 3.5 both in DBless and hybrid mode.
Uninstallation of Kong ingress makes all certificates available instantly. I am just passing the below values to kong helm chart:
proxy: annotations: "service.beta.kubernetes.io/aws-load-balancer-type": "nlb" "service.beta.kubernetes.io/aws-load-balancer-internal": "false" "external-dns.alpha.kubernetes.io/hostname": "domain name" "external-dns.alpha.kubernetes.io/ttl": "60" replicaCount: "2"
I have an EKS cluster with Kong 3.5 and cert manager 1.13.2
from kong.
@randmonkey can we support the investigation somehow?
from kong.
@randmonkey sorry for bothering, but can we support in debugging or fixing this? We would love to use Kong as our solution, but this is kinda breaking any automation process.
from kong.
Also ran into this problem. On my end, this seemed to be an issue with the configuration of the KIC webhook as per: Kong/kubernetes-ingress-controller#2431.
Either fixing the issue with the ValidatingWebhook (i.e. configuration, vpc issues) or removing the secrets rule as per that issue may resolve this for you as it did for me @jakoberpf.
from kong.
@kaelanspatel Thats nice, thanks. Could be a intermediary solution for us.
from kong.
@randmonkey , do you think that we have gotten a solution for this issue?
from kong.
Also running into this, which is blocking our integration of Kong
from kong.
If I'm understanding it correctly, looks like Kong/charts#1061 will address the issue when it's released, though the new flag will need to be set explicitly to true
(defaults to the existing behavior)
from kong.
Related Issues (20)
- kong lua-resty-lock lock timeout 500 error {"message":"An unexpected error occurred"} HOT 3
- custom proxy_access_log still not working in 3.4.* HOT 3
- Kong prometheus plugin does not record 404 response codes from proxy HOT 2
- Timeout when running migrations from 3.5 to 3.6 leading to corrupted data (migration ran twice) HOT 3
- Admin API address in "New Connnection" form only support IP, not DNS. HOT 3
- Upsert target is not an upsert HOT 4
- failed to set X-Kong-Upstream-Status header while sending to client HOT 2
- [PostgreSQL error] failed to retrieve PostgreSQL server_version_num: connection refused HOT 2
- DNS resolution failed: dns server error: 3 name error HOT 14
- Optional capture groups are broken with the request-transformer plugin and traditional_compatible router HOT 4
- Error in logs: failed to run timer HOT 2
- Database migration failed while using helm chart HOT 2
- JWT Plugin bypasses validation process occasionally on frequent requests HOT 3
- TLS SNI Route not work HOT 6
- Kong info, notice, inspect logs are all getting logged as error in GCP(google cloud platform) HOT 1
- Cannot use kong.db
- http-log plugin: Host header not including port HOT 3
- Every time request localhost:8001/metrics, kong-cp-kong-pod will prompt a license-related error HOT 1
- Dataplane not getting information from the ControlPlane in Hybrid mode HOT 3
- go plugin error, worker-events: event callback failed; source=plugin_server, event=reset_instance HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kong.