apisix-ingress-controller
apisix-ingress-controller copied to clipboard
Published
20 hours ago •
apache
apache
help request: ingress TLS certificate update
Description
Apisix configures the ingress TLS certificate, which is normal at first. After a period of time, the domain name certificate in ingress is not updated after the TLS certificate is updated。 Apisixroutes + apisixtlses can update TLS normally
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{},"name":"nginx-1","namespace":"default"},"spec":{"ingressClassName":"apisix","rules":[{"host":"13.k.3.com","http":{"paths":[{"backend":{"service":{"name":"nginx-1","port":{"number":80}}},"path":"/","pathType":"Prefix"}]}}],"tls":[{"hosts":["13.k.3.com"],"secretName":"test-zero.tls"}]}}
creationTimestamp: "2022-04-15T08:49:13Z"
generation: 1
name: nginx-1
namespace: default
resourceVersion: "3390038"
uid: 0eb29c54-cdca-4668-81ba-8895f9a50cfa
spec:
ingressClassName: apisix
rules:
- host: 13.k.3.com
http:
paths:
- backend:
service:
name: nginx-1
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- 13.k.3.com
secretName: test-zero.tls
status:
loadBalancer: {}
Environment
- APISIX version (
2.13.1): - Operating system (
4.15.0-173-generic): - OpenResty / Nginx version (run
openresty -Vornginx -V): - etcd version, if relevant (run
curl http://127.0.0.1:9090/v1/server_info): - APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run
luarocks --version):
After a period of time, the domain name certificate in ingress is not updated after the TLS certificate is updated。
How did you renew the certificate?
Can you provide a minimal steps to reproduce? Thanks
I don't know how to reproduce it.
It points to the same secretname
apisixroute
ingress
Certificate status
root@k8s-master1:~/yml/cert-manager# kubectl describe certificate t.ebuick-3
Name: t.ebuick-3
Namespace: default
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2022-04-13T04:13:22Z
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:commonName:
f:dnsNames:
f:issuerRef:
.:
f:kind:
f:name:
f:secretName:
Manager: kubectl-client-side-apply
Operation: Update
Time: 2022-04-13T04:13:22Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
f:notAfter:
f:notBefore:
f:renewalTime:
f:revision:
Manager: controller
Operation: Update
Subresource: status
Time: 2022-06-12T15:59:59Z
Resource Version: 25876764
UID: dcf95a19-40f9-450d-9a6b-221c4fcd5789
Spec:
Common Name: k.ebuick-3.com
Dns Names:
k.ebuick-3.com
*.k.ebuick-3.com
Issuer Ref:
Kind: ClusterIssuer
Name: dnspod-zerossl-prod
Secret Name: test-zero.ebuick-3-tls
Status:
Conditions:
Last Transition Time: 2022-04-13T04:16:50Z
Message: Certificate is up to date and has not expired
Observed Generation: 1
Reason: Ready
Status: True
Type: Ready
Not After: 2022-09-15T23:59:59Z
Not Before: 2022-06-17T00:00:00Z
Renewal Time: 2022-08-16T15:59:59Z
Revision: 2
Events: <none>