Kubernetes ingress controller not able to find the certificate secret

3/4/2021

I am setting up a secret containing the certificate for ingress controller but getting the below error when I check the ingress logs

Ingress logs:

W0304 05:47:32.020497       7 controller.go:1153] Error getting SSL certificate "default/auth-tls": local SSL certificate default/auth-tls was not found. Using default certificate
W0304 05:47:32.020516       7 controller.go:1407] Error getting SSL certificate "default/auth-tls": local SSL certificate default/auth-tls was not found
I0304 05:47:32.114777       7 main.go:117] "successfully validated configuration, accepting" ingress="hello-kubernetes-ingress" namespace="default"

Secret:

$ kubectl create secret tls auth-tls --cert key.pem --key out.key
$ kubectl describe secret auth-tls
Name:         auth-tls
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/tls

Data
====
tls.crt:  3231 bytes
tls.key:  1732 bytes

Below is my yaml file for ingress

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: hello-kubernetes-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/auth-url: https://externalauthentication/authorize
spec:
  rules:
  - host: hw1.yourdomain
    http:
      paths:
      - backend:
          serviceName: hello-kubernetes-first
          servicePort: 80
  - host: hw2.yourdomain
    http:
      paths:
      - backend:
          serviceName: hello-kubernetes-second
          servicePort: 80
  tls:
  - hosts:
    - externalauthentication
    - hw1.yourdomain
    secretName: auth-tls
-- Divya Vyas
kubernetes
kubernetes-ingress
kubernetes-secrets

1 Answer

3/11/2021

Both the Ingress and the Secret are namespaced resources. You can check yourself with:

$ kubectl api-resources --namespaced=true
NAME                        SHORTNAMES   APIGROUP                    NAMESPACED   KIND
...
secrets                                                              true         Secret
...
ingresses                   ing          extensions                  true         Ingress
ingresses                   ing          networking.k8s.io           true         Ingress

They can only work within their namespace. So in your use case you need to put both of them (Ingress and Secret) in the same namespace.

-- WytrzymaƂy Wiktor
Source: StackOverflow