I am setting up a secret containing the certificate for ingress controller but getting the below error when I check the ingress logs
Ingress logs:
W0304 05:47:32.020497 7 controller.go:1153] Error getting SSL certificate "default/auth-tls": local SSL certificate default/auth-tls was not found. Using default certificate
W0304 05:47:32.020516 7 controller.go:1407] Error getting SSL certificate "default/auth-tls": local SSL certificate default/auth-tls was not found
I0304 05:47:32.114777 7 main.go:117] "successfully validated configuration, accepting" ingress="hello-kubernetes-ingress" namespace="default"
Secret:
$ kubectl create secret tls auth-tls --cert key.pem --key out.key
$ kubectl describe secret auth-tls
Name: auth-tls
Namespace: default
Labels: <none>
Annotations: <none>
Type: kubernetes.io/tls
Data
====
tls.crt: 3231 bytes
tls.key: 1732 bytes
Below is my yaml file for ingress
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hello-kubernetes-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/auth-url: https://externalauthentication/authorize
spec:
rules:
- host: hw1.yourdomain
http:
paths:
- backend:
serviceName: hello-kubernetes-first
servicePort: 80
- host: hw2.yourdomain
http:
paths:
- backend:
serviceName: hello-kubernetes-second
servicePort: 80
tls:
- hosts:
- externalauthentication
- hw1.yourdomain
secretName: auth-tls
Both the Ingress
and the Secret
are namespaced resources. You can check yourself with:
$ kubectl api-resources --namespaced=true
NAME SHORTNAMES APIGROUP NAMESPACED KIND
...
secrets true Secret
...
ingresses ing extensions true Ingress
ingresses ing networking.k8s.io true Ingress
They can only work within their namespace. So in your use case you need to put both of them (Ingress
and Secret
) in the same namespace.