Skip to content

guides: Update cert manager annotation to work with HTTPProxy #2053

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
Javlopez opened this issue Dec 13, 2019 · 4 comments
Closed

guides: Update cert manager annotation to work with HTTPProxy #2053

Javlopez opened this issue Dec 13, 2019 · 4 comments
Labels
area/deployment Issues or PRs related to deployment tooling or infrastructure. area/documentation Issues or PRs related to documentation. area/tls Issues or PRs related to TLS support. kind/question Categorizes an issue as a user question.

Comments

@Javlopez
Copy link

The guide to work cert-manager with HTTPProxy (https://projectcontour.io/guides/cert-manager/) in the section Making cert-manager work with HTTPProxy indicates that we should to create a dummy Ingress object like this

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    ingress.kubernetes.io/force-ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
  name: httpbinproxy
  namespace: default
spec:
  rules:
  - host: httpbinproxy.davecheney.com
    http:
      paths:
      - backend:
          serviceName: httpbin
          servicePort: 8080
  tls:
  - hosts:
    - httpbinproxy.davecheney.com
    secretName: httpbinproxy

But this is wrong due the line 5 is incorrect, that annotation needs to be updated by the right one, which is certmanager.k8s.io/cluster-issuer

The code should be the following

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
    ingress.kubernetes.io/force-ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
  name: httpbinproxy
  namespace: default
spec:
  rules:
  - host: httpbinproxy.davecheney.com
    http:
      paths:
      - backend:
          serviceName: httpbin
          servicePort: 8080
  tls:
  - hosts:
    - httpbinproxy.davecheney.com
    secretName: httpbinproxy
@davecheney
Copy link
Contributor

davecheney commented Dec 13, 2019
edited
Loading

@Javlopez thank you for raising this issue. I double checked the upstream documentation

https://cert-manager.io/docs/usage/ingress/#supported-annotations

And they use cert-manager.io/cluster-issuer.

Which version of cert manager are you using?

@davecheney davecheney added the kind/question Categorizes an issue as a user question. label Dec 13, 2019
@Javlopez
Copy link
Author

Hi, thanks for the answer, I'm using, cert-manager-controller:v0.10.0

quay.io/jetstack/cert-manager-controller:v0.10.0

@youngnick
Copy link
Member

Ah, this tutorial was written targetting v0.11.0 of cert-manager, which changed the namespace of the labels. I guess we should make that clear at the top.

@jpeach jpeach added the area/deployment Issues or PRs related to deployment tooling or infrastructure. label Feb 9, 2020
@projectcontour-bot projectcontour-bot added area/documentation Issues or PRs related to documentation. and removed kind/documentation labels May 9, 2020
@jpeach jpeach added the area/tls Issues or PRs related to TLS support. label Jul 1, 2020
@skriss
Copy link
Member

skriss commented Oct 14, 2021

This issue is obsolete as the guide for cert-manager with HTTPProxy now uses a Certificate object instead of a dummy Ingress, closing.

@skriss skriss closed this as completed Oct 14, 2021
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
area/deployment Issues or PRs related to deployment tooling or infrastructure. area/documentation Issues or PRs related to documentation. area/tls Issues or PRs related to TLS support. kind/question Categorizes an issue as a user question.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@davecheney @jpeach @Javlopez @skriss @youngnick @projectcontour-bot