Problem:
The client encountered an error during the installation of a Helm chart, specifically related to the NGINX admission controller. The installation failed due to a validation error in NGINX Ingress, indicating a synchronization issue with the ingress event handlers. This problem arose when multiple ingresses used the same secret, causing complications with secret refreshing during validation. It occurred when self-signed certificates and the proxy-ssl-secret annotation were used for multiple ingress routes.
Process:
Step 1: Initial Investigation
Our experts began by investigating the issue thoroughly and proposed two potential solutions:
- Applying all ingress resources one by one using a bash script, bypassing the Helm chart. This approach aligns with Kubernetes declarative standards.
- Consolidating all ingress resources into a single, general multi-rule ingress, a common practice.
However, these solutions were deemed unsuitable for the client’s setup and environment.
Step 2: Engaging the Community
To gain more insights and address the problem, the issue was reproduced using a custom self-signed certificate, excluding OSM from the scenario. Our experts shared the issue on a GitHub thread (https://github.com/kubernetes/ingress-nginx/issues/10265#issuecomment-1689825544) to involve the nginx-ingress community and gather valuable insights.
Step 3: Collaborative Resolution
We scheduled a meeting with the client to delve deeper into the issue and explore potential solutions. During this meeting, a customized solution for deploying multiple ingress resources using the helm install/upgrade command was developed.
Solution:
Following the meeting with the client, the following solution was implemented:
- Download the attached
apply-ingress.tar.gz
file. - In the
apply-ingress/templates/ingress-cm.yaml
file, modifynginx.ingress.kubernetes.io/proxy-ssl-secret
to match your actual OSM secret. - Execute the
helm install ingress ./apply-ingress
command to apply the solution.
Conclusion:
In conclusion, our experts conducted a thorough assessment of the client’s data and performed an in-depth analysis of their problem. Potential solutions were proposed, but they were found unsuitable due to the client’s specific setup and environmental factors. To gain a better understanding of the issue, our experts replicated the error in a controlled testing environment and actively engaged with the community by sharing insights on the GitHub platform.
Following these steps and the extensive analysis, a customized solution was developed and efficiently resolved the problem.