I get the following error in the nginx ingress pod log:
E0601 04:15:05.883895 11 annotations.go:188] error reading CertificateAuth annotation in Ingress val33-idx/dev-20190601t0309-index-data-ingress: error obtaining certificate: local SSL certificate val33-idx/dev-20190601t0309-index-data-ingress-secrets was not found
Below are the objects from the cluster (with kubectl get --namespace val33-idx -o yaml ...
) The ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx-publisher
nginx.ingress.kubernetes.io/auth-tls-secret: val33-idx/dev-20190601t0309-index-data-ingress-secrets
nginx.ingress.kubernetes.io/auth-tls-verify-client: optional_no_ca
nginx.ingress.kubernetes.io/limit-connections: "10"
nginx.ingress.kubernetes.io/limit-rps: "200"
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-connect-timeout: 20s
nginx.ingress.kubernetes.io/proxy-read-timeout: 120s
nginx.ingress.kubernetes.io/proxy-send-timeout: 60s
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/ssl-ciphers: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
creationTimestamp: 2019-06-01T03:09:10Z
generation: 4
labels:
app: index-data-publisher
app.kubernetes.io/component: index-data-ingress
app.kubernetes.io/instance: dev-20190601t0309
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: index-data-publisher
app.kubernetes.io/part-of: index-data
app.kubernetes.io/version: 0.6.0-0.1
business-line: data-management
env: dev
helm.sh/chart: index-data-2.0.0
index-data-component: publisher
name: dev-20190601t0309-index-data-ingress
namespace: val33-idx
resourceVersion: "2532272"
selfLink: /apis/extensions/v1beta1/namespaces/val33-idx/ingresses/dev-20190601t0309-index-data-ingress
uid: a0867cb3-841a-11e9-a2af-0ed5588f57fc
spec:
rules:
- host: val33-idx.idx-data-dev.symdev.us
http:
paths:
- backend:
serviceName: dev-20190601t0309-index-data-publisher-service
servicePort: 3000
path: /publisher/(.+)
tls:
- hosts:
- val33-idx.idx-data-dev.symdev.us
secretName: val33-idx/dev-20190601t0309-index-data-ingress-secrets
The secret:
apiVersion: v1
data:
ca.crt: Ii0tLS0tQkV...
dhparam.pem: Ii0tLS0tQkVH...
tls.crt: Ii0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLVxuTUlJRGZ6Q0NBbWVnQ...
tls.key: Ii0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBRE...
kind: Secret
metadata:
creationTimestamp: 2019-06-01T03:09:10Z
labels:
app: index-data-publisher
app.kubernetes.io/component: index-data-ingress-secrets
app.kubernetes.io/instance: dev-20190601t0309
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: index-data-publisher
app.kubernetes.io/part-of: index-data
app.kubernetes.io/version: 0.6.0-0.1
business-line: data-management
env: dev
helm.sh/chart: index-data-2.0.0
index-data-component: publisher
name: dev-20190601t0309-index-data-ingress-secrets
namespace: val33-idx
resourceVersion: "2526472"
selfLink: /api/v1/namespaces/val33-idx/secrets/dev-20190601t0309-index-data-ingress-secrets
uid: a066a3a0-841a-11e9-a2af-0ed5588f57fc
type: kubernetes.io/tls
And the deployment of the ingress controller:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "4"
creationTimestamp: 2019-06-01T03:09:10Z
generation: 4
labels:
app: index-data-publisher
app.kubernetes.io/component: index-data-ingress
app.kubernetes.io/instance: dev-20190601t0309
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: index-data-publisher
app.kubernetes.io/part-of: index-data
app.kubernetes.io/version: 0.6.0-0.1
business-line: data-management
env: dev
helm.sh/chart: index-data-2.0.0
index-data-component: publisher
name: dev-20190601t0309-index-data-ingress
namespace: val33-idx
resourceVersion: "2532354"
selfLink: /apis/extensions/v1beta1/namespaces/val33-idx/deployments/dev-20190601t0309-index-data-ingress
uid: a081af59-841a-11e9-a2af-0ed5588f57fc
spec:
progressDeadlineSeconds: 2147483647
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: index-data-publisher
app.kubernetes.io/component: index-data-ingress-pod
app.kubernetes.io/instance: dev-20190601t0309
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: index-data-publisher
app.kubernetes.io/part-of: index-data
app.kubernetes.io/version: 0.6.0-0.1
business-line: data-management
env: dev
helm.sh/chart: index-data-2.0.0
index-data-component: publisher
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
creationTimestamp: null
labels:
app: index-data-publisher
app.kubernetes.io/component: index-data-ingress-pod
app.kubernetes.io/instance: dev-20190601t0309
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: index-data-publisher
app.kubernetes.io/part-of: index-data
app.kubernetes.io/version: 0.6.0-0.1
business-line: data-management
env: dev
helm.sh/chart: index-data-2.0.0
index-data-component: publisher
name: dev-20190601t0309-index-data-ingress-pod
spec:
containers:
- args:
- /nginx-ingress-controller
- --default-backend-service=val33-idx/dev-20190601t0309-index-data-default-backend-service
- --configmap=val33-idx/dev-20190601t0309-index-data-ingress-config
- --election-id=ingress-controller-leader
- --ingress-class=nginx-publisher
- --watch-namespace=val33-idx
- --v=5
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: dev-20190601t0309-index-data-nginx
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 33
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: dev-20190601t0309-index-data-ingress-account
serviceAccountName: dev-20190601t0309-index-data-ingress-account
terminationGracePeriodSeconds: 60
Role:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: 2019-06-01T05:04:11Z
labels:
app: index-data-publisher
app.kubernetes.io/component: index-data-ingress-role
app.kubernetes.io/instance: dev-20190601t0504
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: index-data-publisher
app.kubernetes.io/part-of: index-data
app.kubernetes.io/version: 0.6.0-0.1
business-line: data-management
env: dev
helm.sh/chart: index-data-2.0.0
index-data-component: publisher
name: dev-20190601t0504-index-data-ingress-role
namespace: val33-idx
resourceVersion: "2536605"
selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/val33-idx/roles/dev-20190601t0504-index-data-ingress-role
uid: b1a3e5eb-842a-11e9-a2af-0ed5588f57fc
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- ""
resourceNames:
- ingress-controller-leader-nginx-publisher
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
ClusterRole:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: 2019-06-01T05:04:11Z
labels:
app: index-data-publisher
app.kubernetes.io/component: index-data-ingress-cluster-role
app.kubernetes.io/instance: dev-20190601t0504
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: index-data-publisher
app.kubernetes.io/part-of: index-data
app.kubernetes.io/version: 0.6.0-0.1
business-line: data-management
env: dev
helm.sh/chart: index-data-2.0.0
index-data-component: publisher
name: dev-20190601t0504-index-data-ingress-cluster-role
resourceVersion: "2536599"
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/dev-20190601t0504-index-data-ingress-cluster-role
uid: b1a061f9-842a-11e9-a2af-0ed5588f57fc
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
What am I doing wrong here? Please, help.