Ingress assumes non-cluster issuer for cert-manager.

[MathiasPius]

The values.yaml file assumes the built-in letsencrypt issuer is enabled, and breaks if you attempt to use OpenObserve with a ClusterIssuer instead.

https://github.com/openobserve/openobserve-helm-chart/blob/main/charts/openobserve-standalone/values.yaml#L262

Deploying openobserve-standalone with the following values file fails to configure a certificate for the ingress, because both cert-manager.io/cluster-issuer and cert-manager.io/issuer are specified, which causes cert-manager to do nothing, since the configuration is invalid:

ingress:
  annotations:
    # This is an independently deployed ClusterIssuer
    cert-manager.io/cluster-issuer: letsencrypt-production

I believe this specific annotation should be added in the ingress.yaml file itself gated behind the certIssuer.enabled flag, like so:

{{- with .Values.ingress.annotations }}
annotations:
  {{- toYaml . | nindent 4 }}
  {{- if $.Values.certIssuer.enabled }}
  cert-manager.io/issuer: letsencrypt
  {{- end }}
{{- end }}

Or something to that effect.

[MathiasPius]

I found a workaround, by setting cert-manager.io/issuer to null in the values file:

annotations:
  cert-manager.io/issuer: null

[PandeoF1]

Maybe we can do a fix for this issue using your solution ?

[natarajmb]

The suggested solution of setting null isn't working for me when using it with Flux + HelmRelease. I have disabled the ingress creation and am creating it on my own.

Even these two annotations could be in a comment rather than the default value, as it is hard to reset for ingress controllers that aren't nginx-based.

annotations:
 kubernetes.io/tls-acme: "true"
 nginx.ingress.kubernetes.io/enable-cors: "true"