application-gateway-kubernetes-ingress
application-gateway-kubernetes-ingress copied to clipboard
Application Gateway under AGKI control retains tls certificates from deleted endpoints.
Describe the bug Application Gateway under AGKI control retains tls certificates from deleted endpoints. This leads to to broken update state when number of tls certificates goes above 100
To Reproduce Create 100 kubernetes endpoints, e.g. service1.contoso.com service2.contoso.com ... service100.contoso.com Delete all endpoints from kubernetes cluster, and try to deploy service101.contoso.com AG update will fail due to lingering tls certificates from previous deployments.
Recently ran into this very annoying problem.. @antonsmelyanskiy how did you deal with this?
@gregory-j-baker I ended up cleaning up my gateway and stopping usage of certificates that are uploaded from kubernetes secrets. Instead i did a manual upload of a single domain certificate to the app gateway and reference it from ingress annotation like this: `
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/appgw-ssl-certificate: "yourcertificate"
`
Is it possible to know if it will be fixed or not?
It is not fixed. We are using ingress with SSL and have hit this limit several times now.