Closed Bug 1498719 Opened 7 years ago Closed 7 years ago

Need to set TLS secret on both ingresses

Categories

(Taskcluster :: Services, defect)

Product:
Taskcluster
Component:
Services
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dustin, Assigned: dustin)

Details

So, there are two Ingress objects defined: certificate-challenge-ingress taskcluster-ingress The first is defined by taskcluster-mozilla-terraform, and exists mostly for cert-manager to attach its path to. The second is defined by taskcluster-terraform, and has all of the /api/foo/ routes in it. It's supposed to be more generic since it's in taskcluster-terraform. For the TLS, I've attached a bit to certificate-challenge-ingress tls: - hosts: - tc.r.igoro.us secretName: taskcluster-ingress-tls-secret and in taskcluster-staging.net, that "just worked" even though taskcluster-ingress didn't have any tls defined. But in my own cluster, less so. I suspect that, for a given host, ingress-nginx just takes the `tls` definition from whatever Ingress it finds first (or last). So it's luck of the draw whether it finds the right one. I think the fix is to include a similar stanza in taskcluster-ingress. Which makes that a little less generic, but I can add a bit to the README that says "you must define a TLS secret named..." and call it good.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Component: Redeployability → Services
You need to log in before you can comment on or make changes to this bug.