Nginx Ingress Controller - Config file not updated when a secret is updated #800
Comments
Currently there is no watch on secret changes. Next add/update in a service or endpoint the secret will be regenerated with the new content of the secret |
|
yeah I'm going to write a method that does the reverse lookup soon (secret to ingress) but I figured people aren't really going to cut it too close to cert expiration, so an extra couple of minutes to update pems is OK |
|
Ok. No big deal. I worked around it. For my use case, certs will be updated relatively frequently as new domains are added up to Let's Encrypt limit of 100 domains/cert. |
|
Just make it resync more often> :) |
|
Fyi you can configure the resync interval through https://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/main.go#L76 like https://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/rc.yaml#L98. I don't think this will have an adverse effect on nginx, we should only be hupping it if the config or something else actually changed. |
|
Ah, I didn't even notice the resync flag. Please forgive my stupidity if I'm misinterpreting that code; is that re-syncing every 30 seconds already by default? Seems like it didn't catch the newly available cert within several minutes that I waited. |
That sounds like a bug, I'll need to investigate when I have some time to comment more |
Actually the issue here is that the generated |
|
Ah, so compare certificates as well? |
It seems that updating a secret does not trigger the config file to be updated. I have a script that is automating let's encrypt. But after the certificate is fetched and the Secret resource updated, the nginx configuration is not rebuilt (so hosts waiting on the certificate are updated). Is this intentional?
The text was updated successfully, but these errors were encountered: