wso2
TLS secretName not rendered correctly in management Ingress due to YAML misalignment
Description
Title: TLS secretName not rendered correctly in management Ingress due to YAML misalignment
Description: When configuring TLS in the management Ingress section of the values.yaml, the secretName is not being rendered properly in the resulting Kubernetes Ingress manifest. This is due to incorrect indentation in the Helm template file am-ingress.yaml, which causes the secretName to fall outside the list item under tls.
Problem: You may notice that even though tlsSecret is set in values.yaml, it does not appear in the generated Ingress resource under the tls section. In your working example, the output is correctly showing:
tls:
- hosts:
- gw.wso2.com
secretName: wso2-tls-secret
But before the fix, it rendered like this:
tls:
- hosts:
- gw.wso2.com
# No secretName
This causes Kubernetes to ignore secretName, and TLS is not configured correctly at runtime—even though the user has supplied the secret in values.yaml.
Expected Behavior: The rendered YAML should include secretName under each TLS list entry:
tls:
- hosts:
- example.com
secretName: my-tls-secret
Actual Behavior:
tls:
- hosts:
- example.com
# <-- No SecretName
Proposed Fix: Fix applied in PR #63 – indentation corrected in am-ingress.yaml.
Linked PR: #63 – Fix: TLS secretName indentation in management Ingress template
Steps to Reproduce
Enable Ingress with TLS in values.yaml and add the tlsSecret:
kubernetes:
ingressClass: "nginx"
ingress:
tlsSecret: "wso2-tls-secret"
- Deploy the Helm chart using
- Check the generated Ingress resource: Run the following command to inspect the output
kubectl get ingress -n wso2 wso2-wso2am-all-in-one-am-gateway-ingress -o yaml
Version
4.4.0
Environment Details (with versions)
Helm: v3.17.1
Kubernetes: v1.32.0
NGINX Ingress Controller
