You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our setup requires us to set a netprofile on our Ingress resources to ensure the correct routing from the Netscaler VPX to the k8s nodes. However the way to set the netprofile is with the ingress.citrix.com/servicegroup annotation which requires a JSON object with the exact name of the backend service as it's value. As the name of the cert-manager solver service is dynamic (e.g. cm-acme-http-solver-jvpp8) this is impossible to achieve.
To Reproduce
Steps
Deploy Netscaler Ingress Controller, Verify Netscaler API connection
Deploy Cert-Manager and a Letsencrypt Issuer with the following config:
Deploy a k8s Ingress with required annotations for cert-manager to create a CertificateRequest
The ingress controller will create the resources in Netscaler but without the netprofile set
Version of the NetScaler Ingress Controller
2.2.10
Version of MPX/VPX/CPX
Environment variables (minus secrets)
Deployed with Helm, only nsIP, adcCredentialSecret and ingressClass set.
Expected behavior
The documentation doesn't explicitly state that the names in the annotation and the backend service name need to match. This was discovered in the following issue: #523 (comment)
I would expect this to be less strict and to allow '{"cm-acme-http-solver":{"netProfile":"lorem-ipsum"}}' to match backend.service.name: cm-acme-http-solver-j48h5.
An alternative would be for there to be a direct ingress.citrix.com/netprofile annotation that would function similar to the ingress.citrix.com/rewrite-responder_crd annotation, where if the value is a raw string it applies that netprofile to all services while still allowing more specific targeting.
The text was updated successfully, but these errors were encountered:
Describe the bug
Our setup requires us to set a netprofile on our Ingress resources to ensure the correct routing from the Netscaler VPX to the k8s nodes. However the way to set the netprofile is with the
ingress.citrix.com/servicegroupannotation which requires a JSON object with the exact name of the backend service as it's value. As the name of the cert-manager solver service is dynamic (e.g.cm-acme-http-solver-jvpp8) this is impossible to achieve.To Reproduce
nsIP,adcCredentialSecretandingressClassset.Expected behavior
The documentation doesn't explicitly state that the names in the annotation and the backend service name need to match. This was discovered in the following issue: #523 (comment)
I would expect this to be less strict and to allow
'{"cm-acme-http-solver":{"netProfile":"lorem-ipsum"}}'to matchbackend.service.name: cm-acme-http-solver-j48h5.An alternative would be for there to be a direct
ingress.citrix.com/netprofileannotation that would function similar to theingress.citrix.com/rewrite-responder_crdannotation, where if the value is a raw string it applies that netprofile to all services while still allowing more specific targeting.The text was updated successfully, but these errors were encountered: