My problem is more simple.
I want deploy my app on kubernates/docker.
My problem is:
I build my "Deployment". In this moment only one replica I build my clusterIP Service to expose my POD into cluster I want expose two ingress. One for my API with certificate of my domain provider and other with self-signed certificate for other scope.
Problem is that ingress not work with self signed certificate. Not accept certificate with common name different to hostname.
Ok this is normal. BUT, i cannot change CN, so i want use annotation of nginx for disabled check on CN.
My problem is: Annotations don't work. Nginx.conf not update
Nginx Ingress Controller: v1.9.4
My Docker Engine is: v.24.0.6
My Kubernetes version is: v.1.28.2
Now, anything ingress that i created not update nginx.conf with annotation inserted.
This is example of my ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: fe-api-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-ssl-verify: "off"
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: fe-api-service
port:
number: 5001
Or also this (with secret):
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: fe-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/server-snippet: ssl_verify_client off;
nginx.ingress.kubernetes.io/auth-tls-secret: "default/test-tls"
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
spec:
ingressClassName: nginx
tls:
- hosts:
- fe.com
secretName: test-tls
rules:
- host: fe.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: fe-api-nodeport-service
port:
number: 8081
NOT UPDATE NGINX.CONF
All ingress has ever status "Scheduled for sync". So i think that the problem is that. If don't sync the confing not updated.
I don't know what's possible cause
Please help me!!! I lost more days behind this strange behaviour