erlend
November 17, 2022, 4:28pm
1
I’m having problems setting up HTTPS with helm. HTTP works fine, and I can access appsmith from our custom URL.
Kinda new to this but seems like appsmith can’t set the Ingress Class. Not sure if this is the only reason for not getting this up.
I’m getting this when running k describe ingress appsmith:
Warning BadConfig 41m cert-manager-ingress-shim Could not determine issuer for ingress due to bad annotations: failed to determine issuer name to be used for ingress resource
I’m in GKE.
I see similar problems here , in appsmith github.
#vaules.yaml
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
hosts:
- host: dev.something.com
tls: true
certManager: true
className: "nginx"
erlend
November 18, 2022, 9:34am
2
I got it working but I thought this would have been done automatically.
I added this in the vaules.yaml:
...
certManagerTls:
- hosts:
- dev.something.com
secretName: ingress-tls-appsmith
...
And manually created a cert with kubectl apply.
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ingress-tls-appsmith
spec:
secretName: ingress-tls-appsmith
issuerRef:
name: letsencrypt
kind: Issuer
dnsNames:
- dev.something.com
Btw, I still can’t set the ingressClass with className. Seems like the helm chart doesn’t support it.
opened 04:05PM - 16 Nov 22 UTC
Enhancement
### Is there an existing issue for this?
- [X] I have searched the existing iss… ues
### Summary
Currently, it's not possible to set ingressClassName for ingress resource.
See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
Empty in:
```
get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
appsmith-1668612629 <none> appsmith.oms.westwing.eu 10.144.187.9 80 30m
```
CLASS = none
We should be able to specify ingressClassName according to new versions specification like:
```
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "appsmith.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ include "appsmith.namespace" . }}
labels:
{{- include "appsmith.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.className }}
```
### Why should this be worked on?
It's being deprecated and later removed, so this will be a blocker for installing Appsmith in newer versions of Kubernetes.
See also: https://kubernetes.github.io/ingress-nginx/
section "What is an IngressClass and why is it important for users of Ingress-NGINX controller now ?"