Kong breaks cert-manager certificate creation about kong HOT 12 OPEN

@jakoberpf According to your original issue in cert-manager repo (cert-manager/cert-manager#5918), The secret may fail on the webhook validation. So I would like to know your KIC version for further investigation.
Would you please tell me:

• What was version of KIC?
• How did you install KIC,Kong and certManager?

from kong.

@randmonkey Thanks for the feedback. So I installed the kong/ingress chart with the version 0.10.1, which results in the controller image kong/kubernetes-ingress-controller:3.0. cert-manager chart version is v1.13.3 which is also the service version.

Both charts are install somewhat in the same time as they are part of the same terraform module in my case. I did not install the kong/kong chart. My understanding is that the kong/ingress aka. KIC is sufficient to get started?

Hope this is helpful information.

from kong.

Yes, I think installing kong/ingress charts includes installing KIC (with admission webhooks) and Kong gateway. Are you using all default values?

from kong.

Mostly default yes, just some service configuration...

gateway:
  proxy:
    type: NodePort
    http:
      enabled: true
      servicePort: 80
      containerPort: 8000
      nodePort: 31080

    tls:
      enabled: true
      servicePort: 443
      containerPort: 8443
      nodePort: 31443

from kong.

@jakoberpf I am facing the same issue with Kong 3.5 both in DBless and hybrid mode.

Uninstallation of Kong ingress makes all certificates available instantly. I am just passing the below values to kong helm chart:
proxy: annotations: "service.beta.kubernetes.io/aws-load-balancer-type": "nlb" "service.beta.kubernetes.io/aws-load-balancer-internal": "false" "external-dns.alpha.kubernetes.io/hostname": "domain name" "external-dns.alpha.kubernetes.io/ttl": "60" replicaCount: "2"

I have an EKS cluster with Kong 3.5 and cert manager 1.13.2

from kong.

@randmonkey can we support the investigation somehow?

from kong.

@randmonkey sorry for bothering, but can we support in debugging or fixing this? We would love to use Kong as our solution, but this is kinda breaking any automation process.

from kong.

Also ran into this problem. On my end, this seemed to be an issue with the configuration of the KIC webhook as per: Kong/kubernetes-ingress-controller#2431.

Either fixing the issue with the ValidatingWebhook (i.e. configuration, vpc issues) or removing the secrets rule as per that issue may resolve this for you as it did for me @jakoberpf.

from kong.

@kaelanspatel Thats nice, thanks. Could be a intermediary solution for us.

from kong.

@randmonkey , do you think that we have gotten a solution for this issue?

from kong.

Also running into this, which is blocking our integration of Kong

from kong.

If I'm understanding it correctly, looks like Kong/charts#1061 will address the issue when it's released, though the new flag will need to be set explicitly to true (defaults to the existing behavior)

from kong.