无法在 SSL 终止时使用证书管理器和 nginx 入口控制器

Question

I am trying out nginx-ingress on GKE with SSL termination for use cases. I've traveled to millions of blogs on this process which uses cert-manager with nginx ingress controller but none of them worked in my case.

This certainly means I am doing something wrong. But I am not sure what. Here's what I did:

1. Create sample app exposed on ClusterIP
2. Deploy nginx-ingress
3. Create issuer
4. Create nginx ingress with issuer.

Result:

After describing the nginx ingress, the events areas shows none . That means everything is completely blank. Not a single thing happened for requesting certs, http validation, etc.

nginx ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
    name: my-ingress
    annotations:
        kubernetes.io/ingress.class: nginx
        certmanager.k8s.io/cluster-issuer: letsencrypt-staging
        kubernetes.io/tls-acme: 'true'
spec:
    rules:
        -
            host: wptls.ml
            http: {paths: [{path: /, backend: {serviceName: web, servicePort: 80}}]}
    tls:
        -
            secretName: tls-staging-cert
            hosts: [wptls.ml]

clusterissuer.yml:

apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
    name: letsencrypt-staging
spec:
    acme:
        server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
        email: xyz@gmail.com
        privateKeySecretRef:
            name: letsencrypt-sec-staging
        http01: {}

I am not sure if there's anything else which needs to be done.

Answer 1

Try Ingress extra annotation likes

nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/secure-backends: "true" https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/