From 1fabb79bdd73b7684583dc974594f36640372e7a Mon Sep 17 00:00:00 2001 From: Dmitriy Pertsev Date: Sun, 29 Dec 2024 14:44:56 +0300 Subject: [PATCH 1/3] Added includeClassAnno as a workaround for cert-manager v1.14.5 Closes #2267 and #1570 --- chart/templates/ingress.yaml | 2 ++ chart/values.yaml | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml index 6ff01dab83..ebdba0cd3b 100644 --- a/chart/templates/ingress.yaml +++ b/chart/templates/ingress.yaml @@ -102,7 +102,9 @@ spec: - http01: ingress: ingressClassName: {{ .Values.ingress_class | default "nginx" }} + {{- if .Values.ingress.includeClassAnno }} class: {{ .Values.ingress_class | default "nginx" }} + {{- end }} {{ end }} {{ end }} diff --git a/chart/values.yaml b/chart/values.yaml index 9ec7fb98b5..e3dcd43c5b 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -446,6 +446,12 @@ ingress: #host: "" cert_email: "test@example.com" tls: false + + # This is related to the issues webrecorder/browsertrix#1570 and cert-manager/cert-manager#6184 + # This relates to the new `http01.ingress.ingressClassName` solver spec attribute which got introduced in the recent v1.15 cert-manager version. + # Cert-manager v1.15 does not want the fields ingressClassName and class be set at the same time. + includeClassAnno: false + # Optional: Uncomment to use your own cluster-issuer instead of default ACME https validation # custom_cluster_issuer: custom_cluster_issuer-name From 9b70c775bd2519d5f0fcf1fb998d8fc6ae57f014 Mon Sep 17 00:00:00 2001 From: Dmitriy Pertsev Date: Thu, 9 Jan 2025 11:14:34 +0300 Subject: [PATCH 2/3] Renaming includeClassAnno to useOldClassField --- chart/templates/ingress.yaml | 2 +- chart/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml index ebdba0cd3b..ccb13aae7c 100644 --- a/chart/templates/ingress.yaml +++ b/chart/templates/ingress.yaml @@ -102,7 +102,7 @@ spec: - http01: ingress: ingressClassName: {{ .Values.ingress_class | default "nginx" }} - {{- if .Values.ingress.includeClassAnno }} + {{- if .Values.ingress.useOldClassField }} class: {{ .Values.ingress_class | default "nginx" }} {{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index e3dcd43c5b..2eb5a446cf 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -450,7 +450,7 @@ ingress: # This is related to the issues webrecorder/browsertrix#1570 and cert-manager/cert-manager#6184 # This relates to the new `http01.ingress.ingressClassName` solver spec attribute which got introduced in the recent v1.15 cert-manager version. # Cert-manager v1.15 does not want the fields ingressClassName and class be set at the same time. - includeClassAnno: false + useOldClassField: false # Optional: Uncomment to use your own cluster-issuer instead of default ACME https validation # custom_cluster_issuer: custom_cluster_issuer-name From 6f20a9f817f0f5008df64ca92fc86105318f7ed6 Mon Sep 17 00:00:00 2001 From: Ilya Kreymer Date: Wed, 15 Jan 2025 23:13:34 -0800 Subject: [PATCH 3/3] ingress: change flag for using old annotation to 'useOldClassAnnotation' ensure 'kubernetes.io/ingress.class' and 'ingressClassName' are mutually exclusive, defaulting to latter unless 'useOldClassAnnotation' is set --- chart/templates/ingress.yaml | 13 ++++++++++++- chart/values.yaml | 10 +++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml index ccb13aae7c..034898bf4e 100644 --- a/chart/templates/ingress.yaml +++ b/chart/templates/ingress.yaml @@ -7,6 +7,9 @@ metadata: name: ingress-main namespace: {{ .Release.Namespace }} annotations: + {{- if .Values.ingress.useOldClassAnnotation }} + kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }} + {{- end }} nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-request-buffering: "off" @@ -21,7 +24,9 @@ metadata: proxy_set_header X-Forwarded-Proto {{ .Values.ingress.tls | ternary "https" "http" }}; spec: + {{- if not .Values.ingress.useOldClassAnnotation }} ingressClassName: {{ .Values.ingress_class | default "nginx" }} + {{- end }} {{- if .Values.ingress.tls }} tls: - hosts: @@ -58,11 +63,16 @@ metadata: name: ingress-authsign namespace: {{ .Release.Namespace }} annotations: + {{- if .Values.ingress.useOldClassAnnotation }} + kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }} + {{- end }} nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}" spec: + {{- if not .Values.ingress.useOldClassAnnotation }} ingressClassName: {{ .Values.ingress_class | default "nginx" }} + {{- end }} rules: - host: {{ .Values.signer.host }} http: @@ -101,8 +111,9 @@ spec: solvers: - http01: ingress: + {{- if not .Values.ingress.useOldClassAnnotation }} ingressClassName: {{ .Values.ingress_class | default "nginx" }} - {{- if .Values.ingress.useOldClassField }} + {{- else }} class: {{ .Values.ingress_class | default "nginx" }} {{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index e719953c24..f56d5c146d 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -447,11 +447,11 @@ ingress: cert_email: "test@example.com" tls: false - # This is related to the issues webrecorder/browsertrix#1570 and cert-manager/cert-manager#6184 - # This relates to the new `http01.ingress.ingressClassName` solver spec attribute which got introduced in the recent v1.15 cert-manager version. - # Cert-manager v1.15 does not want the fields ingressClassName and class be set at the same time. - useOldClassField: false - + # If set, will use the old 'kubernetes.io/ingress.class' annotation instead of the new ingressClassName + # also uses old http01.ingress.class in cert-manager instead of http01.ingress.ingressClassName + # provided for backwards compatibility + useOldClassAnnotation: false + # Optional: Uncomment to use your own cluster-issuer instead of default ACME https validation # custom_cluster_issuer: custom_cluster_issuer-name