application-gateway-kubernetes-ingress icon indicating copy to clipboard operation
application-gateway-kubernetes-ingress copied to clipboard

Application Gateway under AGKI control retains tls certificates from deleted endpoints.

Open antonsmelyanskiy opened this issue 3 years ago • 4 comments

Describe the bug Application Gateway under AGKI control retains tls certificates from deleted endpoints. This leads to to broken update state when number of tls certificates goes above 100

To Reproduce Create 100 kubernetes endpoints, e.g. service1.contoso.com service2.contoso.com ... service100.contoso.com Delete all endpoints from kubernetes cluster, and try to deploy service101.contoso.com AG update will fail due to lingering tls certificates from previous deployments.

antonsmelyanskiy avatar Jul 27 '21 12:07 antonsmelyanskiy

Recently ran into this very annoying problem.. @antonsmelyanskiy how did you deal with this?

gregory-j-baker avatar Dec 16 '22 16:12 gregory-j-baker

@gregory-j-baker I ended up cleaning up my gateway and stopping usage of certificates that are uploaded from kubernetes secrets. Instead i did a manual upload of a single domain certificate to the app gateway and reference it from ingress annotation like this: `

annotations:
  kubernetes.io/ingress.class:  azure/application-gateway
  appgw.ingress.kubernetes.io/appgw-ssl-certificate: "yourcertificate"

`

antonsmelyanskiy avatar Dec 16 '22 22:12 antonsmelyanskiy

Is it possible to know if it will be fixed or not?

karoldeland avatar Jun 29 '23 18:06 karoldeland

It is not fixed. We are using ingress with SSL and have hit this limit several times now.

EvolutionOli avatar Sep 15 '23 14:09 EvolutionOli