Problem:

The client encountered an error during the installation of a Helm chart, specifically related to the NGINX admission controller. The installation failed due to a validation error in NGINX Ingress, indicating a synchronization issue with the ingress event handlers. This problem arose when multiple ingresses used the same secret, causing complications with secret refreshing during validation. It occurred when self-signed certificates and the proxy-ssl-secret annotation were used for multiple ingress routes.

Process:

Step 1: Initial Investigation
Our experts began by investigating the issue thoroughly and proposed two potential solutions:

  • Applying all ingress resources one by one using a bash script, bypassing the Helm chart. This approach aligns with Kubernetes declarative standards.
  • Consolidating all ingress resources into a single, general multi-rule ingress, a common practice.

However, these solutions were deemed unsuitable for the client’s setup and environment.

Step 2: Engaging the Community
To gain more insights and address the problem, the issue was reproduced using a custom self-signed certificate, excluding OSM from the scenario. Our experts shared the issue on a GitHub thread (https://github.com/kubernetes/ingress-nginx/issues/10265#issuecomment-1689825544) to involve the nginx-ingress community and gather valuable insights.

Step 3: Collaborative Resolution
We scheduled a meeting with the client to delve deeper into the issue and explore potential solutions. During this meeting, a customized solution for deploying multiple ingress resources using the helm install/upgrade command was developed.

Solution:
Following the meeting with the client, the following solution was implemented:

  1. Download the attached apply-ingress.tar.gz file.
  2. In the apply-ingress/templates/ingress-cm.yaml file, modify nginx.ingress.kubernetes.io/proxy-ssl-secret to match your actual OSM secret.
  3. Execute the helm install ingress ./apply-ingress command to apply the solution.

Conclusion:

In conclusion, our experts conducted a thorough assessment of the client’s data and performed an in-depth analysis of their problem. Potential solutions were proposed, but they were found unsuitable due to the client’s specific setup and environmental factors. To gain a better understanding of the issue, our experts replicated the error in a controlled testing environment and actively engaged with the community by sharing insights on the GitHub platform.

Following these steps and the extensive analysis, a customized solution was developed and efficiently resolved the problem.