Secretes are not automatically loaded

[jerryjxj]

When I created a ingress and after for a while, then I created a screte needed by ingress. The certificate (in the secret) was not reloaded.

Refer to issue 947

[pieterlange]

I think this was fixed by #991

[aledbf]

@jerryjxj please update the image to quay.io/aledbf/nginx-ingress-controller:0.171

[aledbf]

Closing. Please reopen if the issue persists after the update

[arnisoph]

Did someone verify whether this issue is fixed? iirc, it isn't. need to re-check soon.

[aledbf]

@bechtoldt did you use 0.9-beta.12?

[arnisoph]

yeah, it works!

[VasekPurchart]

I was able to reproduce this both on gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.13 (where it originally happened to me and I found this issue) and on quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.16. Using this with kube-lego. The problem does not occur every time but happened to me multiple times on both versions, my steps were always:

1. Delete both ingress and particular secret
2. Create the ingress
3. Test with openssl s_client -showcerts -connect example.com:443 -servername example.com which certificate is served

When the default ingress fake cert is served, recreating only the ingress controller always helped (when the secret remained the same). So probably some kind of race condition, since it does not happen every time?

Logs from beta.16:

I1106 12:28:37.948966       7 controller.go:316] ingress backend successfully reloaded...
E1106 12:28:38.036138       7 queue.go:73] could not get key for object default/example-service-tls-staging: object has no meta: object does not implement the Object interfaces
W1106 12:29:08.260217       7 backend_ssl.go:44] error obtaining PEM from secret default/example-service-tls-staging: error retrieving secret default/example-service-tls-staging: secret default/example-service-tls-staging was not found
I1106 12:29:08.260262       7 event.go:218] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"hello-world-ingress", UID:"15d8048d-c2ee-11e7-9628-00163c611848", APIVersion:"extensions", ResourceVersion:"1450227", FieldPath:""}): type: 'Normal' reason: 'CREATE' Ingress default/hello-world-ingress
W1106 12:29:08.260423       7 controller.go:1100] ssl certificate "default/example-service-tls-staging" does not exist in local store
I1106 12:29:08.260739       7 controller.go:307] backend reload required
I1106 12:29:08.327759       7 controller.go:316] ingress backend successfully reloaded...
10.32.0.41 - [10.32.0.41] - - [06/Nov/2017:12:29:08 +0000] "GET /.well-known/acme-challenge/_selftest HTTP/1.1" 200 16 "-" "Go-http-client/1.1" 132 0.001 [kube-lego-kube-lego-nginx-8080] 10.32.0.41:8080 16 0.001 200
I1106 12:29:26.761382       7 backend_ssl.go:64] adding secret default/example-service-tls-staging to the local store
I1106 12:29:26.761949       7 controller.go:307] backend reload required
I1106 12:29:26.859126       7 controller.go:316] ingress backend successfully reloaded...
I1106 12:29:56.518796       7 status.go:364] updating Ingress default/hello-world-ingress status to [{ }]
I1106 12:29:56.522049       7 event.go:218] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"hello-world-ingress", UID:"15d8048d-c2ee-11e7-9628-00163c611848", APIVersion:"extensions", ResourceVersion:"1450290", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/hello-world-ingress