You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When the proxy-protocol is enabled, http01 challenges are not working.
Cert-manager tries to validate the http01 challenge and for some reason, kubernetes redirects the correctly made call to the external ip adress of the loadbalancer, directly to the nginx ingress controller pod. As the external LoadBalancer does use the proxy-protocol and nginx ingress controller has use-proxy-protocol enabled, the call from cert-manager fails.
When the proxy-protocol is enabled, http01 challenges are not working.
Cert-manager tries to validate the http01 challenge and for some reason, kubernetes redirects the correctly made call to the external ip adress of the loadbalancer, directly to the nginx ingress controller pod. As the external LoadBalancer does use the proxy-protocol and nginx ingress controller has use-proxy-protocol enabled, the call from cert-manager fails.
See cert-manager/cert-manager#466 & kubernetes/kubernetes#66607
and see also https://github.com/compumike/hairpin-proxy
The text was updated successfully, but these errors were encountered: