Join Log in
Score:1
AbreQueVoy avatar Server

Providing a flag to NGINX Ingress Controller that doesn't run as a Deployment

in flag
AbreQueVoy

In general, my question about setting up a default certificate is answered here: Kubernetes ingress How to set default-ssl-certificate?.

What I don't understand is this part: I'm supposed to add the flag --default-ssl-certificate=kube-system/host-cert as the Ingress' argument. And to discover the YAML config file settings of the NGINX Ingress Controller I should check it with command like: kubectl describe deployment/nginx-ingress-controller --namespace. But it doesn't run as a deployment:

$ kubectl get deployments --all-namespaces
NAMESPACE     NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
kube-system   kubernetes-dashboard         1/1     1            1           3d
kube-system   kubernetes-metrics-scraper   1/1     1            1           3d

It only works as a pod:

$ kubectl get pods --all-namespaces
NAMESPACE       NAME                                          READY   STATUS    RESTARTS       AGE
ingress-nginx   ingress-nginx-controller-8xcl9                1/1     Running   1 (2d ago)     3d
ingress-nginx   ingress-nginx-controller-hwhvk                1/1     Running   1 (2d ago)     3d
ingress-nginx   ingress-nginx-controller-xqdqx                1/1     Running   3 (2d ago)     3d
kube-system     kubernetes-dashboard-548847967d-66dwz         1/1     Running   2 (2d ago)     3d
kube-system     kubernetes-metrics-scraper-6d49f96c97-r6dz2   1/1     Running   1 (2d ago)     3d
[...]

How should I supply the flag to the Controller then?

134
0 + 0
Score:1
moonkotte avatar Server
in flag
moonkotte

ingress-nginx can be installed as deployment or daemonset. In your case if you don't see a deployment, it's a daemonset.

You can find it by running:

kubectl get daemonset -A

And edit in the same way as deployment:

kubectl edit daemonset ingress-nginx-controller -n ingress-nginx

You can find details here about ingress-nginx and daemonset

Note! Change you're going to make won't be permanent (until any upgrade/re-applying of manifest). Depending on how it was originally deployed, there are two options:

  • from manifest

    you will need to add it to manifest so any other updates/kubectl apply -f manifest.yaml will contain this flags and everything will continue working

  • using helm

    you will need to add this information to helm_repo/templates/controller-daemonset.yaml:

    args:
  - /nginx-ingress-controller
  ...
  - --default-ssl-certificate=kube-system/host-cert
  ...
0 + 0
AbreQueVoy avatar
in flag
AbreQueVoy
Thanks a lot! I applied the flag temporarily by editing the daemonset configuration, but I don't see any effects - the app still reports it's run without HTTPS. `describe` gave an output containing the argument with certificate, but should I maybe restart the daemonset or any other service to see any effects?
0
Reply
moonkotte avatar
in flag
moonkotte
Hard to guess about other stuff without details, please consider asking [another question](https://meta.stackexchange.com/questions/39223/one-post-with-multiple-questions-or-multiple-posts) with ingress object manifest, certificate details and other helpful information. This is something you should start with: checking ingress rules if it's correct, check certificate, everything.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.