charts icon indicating copy to clipboard operation
charts copied to clipboard
verified publisher icon FairwindsOps

[letsencrypt-setup] validation failure on spec.acme.solvers.http01.ingress

Open dosullivan opened this issue 6 years ago • 3 comments

Describe the bug In the letsencrypt-setup helm chart, if you set either clusterIssuers.primary.solvers.http.enabled or clusterIssuers.selfsigned.solvers.http.enabled to true, but you do not name a specific ingress class in the corresponding clusterIssuers.*.solvers.http.ingressClass parameter, helm will produce an error stating

Error: ClusterIssuer.certmanager.k8s.io "letsencrypt-selfsigned" is invalid: []: Invalid value: map[string]interface {}{"apiVersion":"certmanager.k8s.io/v1alpha1", "kind":"ClusterIssuer", "metadata":map[string]interface {}{"creationTimestamp":"2019-11-26T15:06:49Z", "generation":3, "labels":map[string]interface {}{"chart":"letsencrypt-setup", "heritage":"Tiller", "release":"letsencrypt-setup"}, "name":"letsencrypt-selfsigned", "resourceVersion":"677139", "uid":"5eef9e30-105e-11ea-b735-0ad2a8e3f013"}, "spec":map[string]interface {}{"acme":map[string]interface {}{"email":"<email-name>@fairwinds.com", "privateKeySecretRef":map[string]interface {}{"name":"letsencrypt-setup-selfsigned-private-key"}, "server":"https://acme-staging-v02.api.letsencrypt.org/directory", "solvers":[]interface {}{map[string]interface {}{"http01":map[string]interface {}{"ingress":interface {}(nil)}}}}}, "status":map[string]interface {}{"acme":map[string]interface {}{"lastRegisteredEmail":"<email-name>@fairwinds.com", "uri":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/123456789"}, "conditions":[]interface {}{map[string]interface {}{"lastTransitionTime":"2019-11-26T15:06:56Z", "message":"The ACME account was registered with the ACME server", "reason":"ACMEAccountRegistered", "status":"True", "type":"Ready"}}}}: validation failure list:
spec.acme.solvers.http01.ingress in body must be of type object: "null"```

**Expected behavior**
If `clusterIssuers.*.solvers.http.ingressClass` isn't set to a specific ingress class, the cluster issuer should be available to http01 challenges on any ingress class. 


**Environment (please complete the following information):**
 - Helm Version: 2.14.3
 - Kubernetes Version 1.14.8

dosullivan avatar Nov 26 '19 15:11 dosullivan

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jan 25 '20 15:01 stale[bot]

@dosullivan If this is still an issue you can add the pinned flag to keep it around.

sudermanjr avatar Jan 28 '20 18:01 sudermanjr

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Mar 28 '20 19:03 stale[bot]