2021-07-30

Why my "Certificate" object and "Ingress" both are creating Certificates?

Why my "Certificate" object and "Ingress" both are creating Certificates ?

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: blog-app-crt
spec:
  secretName: blog-app-crt-sec
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-prod
  commonName: blog.mydomain.com
  dnsNames:
    - blog.mydomain.com




apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # Email address used for ACME registration
    email: myemailid@gmail.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      # Name of a secret used to store the ACME account private key
      name: letsencrypt-production-private-key
    # Add a single challenge solver, HTTP01 using nginx
    solvers:
    - http01:
        ingress:
          class: nginx


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-service
  annotations:
    kubernetes.io/ingress.class: nginx                      
    nginx.ingress.kubernetes.io/rewrite-target: /$1         
    cert-manager.io/cluster-issuer: "letsencrypt-prod"       
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'        

spec:
  tls:
    - hosts:                                                
        - blog.mydomain.com
      secretName: blog-app-crt-sec                      
      
  rules:                                                    
    - host: blog.mydomain.com                                         
      http:                                                 
        paths:                                              
          - pathType: Prefix
            path: "/?(.*)"                                    
            backend:
              service:
                name: app-1-endpoint
                port: 
                  number: 5000                            
          - pathType: Prefix
            path: "/tribute/?(.*)"
            backend:
              service:
                name: app-2-endpoint
                port: 
                  number: 5001

When I create above objects, it is creating 2 Certificate ojects, both pointing to same secret.

  1. blog-app-crt-sec
  2. blog-app-crt

How can I create Only 1 Certificate ? If I create only a ClusterIssuer without any custom certificate, then of course that will solve the issue, but I want to create a Custom certificate to control the renewal stuff.



from Recent Questions - Stack Overflow https://ift.tt/2WBzh3R
https://ift.tt/eA8V8J
Posted by on
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)