1

In general, my question about setting up a default certificate is answered here: Kubernetes ingress How to set default-ssl-certificate?.

What I don't understand is this part: I'm supposed to add the flag --default-ssl-certificate=kube-system/host-cert as the Ingress' argument. And to discover the YAML config file settings of the NGINX Ingress Controller I should check it with command like: kubectl describe deployment/nginx-ingress-controller --namespace. But it doesn't run as a deployment:

$ kubectl get deployments --all-namespaces
NAMESPACE     NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
kube-system   kubernetes-dashboard         1/1     1            1           3d
kube-system   kubernetes-metrics-scraper   1/1     1            1           3d

It only works as a pod:

$ kubectl get pods --all-namespaces
NAMESPACE       NAME                                          READY   STATUS    RESTARTS       AGE
ingress-nginx   ingress-nginx-controller-8xcl9                1/1     Running   1 (2d ago)     3d
ingress-nginx   ingress-nginx-controller-hwhvk                1/1     Running   1 (2d ago)     3d
ingress-nginx   ingress-nginx-controller-xqdqx                1/1     Running   3 (2d ago)     3d
kube-system     kubernetes-dashboard-548847967d-66dwz         1/1     Running   2 (2d ago)     3d
kube-system     kubernetes-metrics-scraper-6d49f96c97-r6dz2   1/1     Running   1 (2d ago)     3d
[...]

How should I supply the flag to the Controller then?

AbreQueVoy
  • 145
  • 6

1 Answers1

1

ingress-nginx can be installed as deployment or daemonset. In your case if you don't see a deployment, it's a daemonset.

You can find it by running:

kubectl get daemonset -A

And edit in the same way as deployment:

kubectl edit daemonset ingress-nginx-controller -n ingress-nginx

You can find details here about ingress-nginx and daemonset

Note! Change you're going to make won't be permanent (until any upgrade/re-applying of manifest). Depending on how it was originally deployed, there are two options:

  • from manifest

    you will need to add it to manifest so any other updates/kubectl apply -f manifest.yaml will contain this flags and everything will continue working

  • using helm

    you will need to add this information to helm_repo/templates/controller-daemonset.yaml:

    args:
  - /nginx-ingress-controller
  ...
  - --default-ssl-certificate=kube-system/host-cert
  ...
moonkotte
  • 290
  • 1
  • 8
  • Thanks a lot! I applied the flag temporarily by editing the daemonset configuration, but I don't see any effects - the app still reports it's run without HTTPS. `describe` gave an output containing the argument with certificate, but should I maybe restart the daemonset or any other service to see any effects? – AbreQueVoy Nov 12 '21 at 07:14
  • Hard to guess about other stuff without details, please consider asking [another question](https://meta.stackexchange.com/questions/39223/one-post-with-multiple-questions-or-multiple-posts) with ingress object manifest, certificate details and other helpful information. This is something you should start with: checking ingress rules if it's correct, check certificate, everything. – moonkotte Nov 12 '21 at 08:55