-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ingress labels copied to certificate, causing issues with applysets #6473
Comments
In terms of possible solutions, just removing the label copying looks straightforward. If we need to keep this behaviour for backwards-compatibility, I could probably manage a PR to either:
Both would solve my issue. I can see the usefullness of applying ingress labels to a certificate, because if the ingress has the label |
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. |
Stale issues rot after 30d of inactivity. |
/remove-lifecycle rotten |
Describe the bug:
I have an ingress for which I am provisioning certificates, with these annotations:
The problem is that my certificate ends up with these labels applied to it, which seem to be copied from the ingress resource:
These copied labels are causing problems because
kubectl --prune
wants to delete my certificate due to the applyset.kubernetes.io/part-of label. This behaviour doesn't seem to be documented anywhere, and from a Slack discussion seems to be a bug.Expected behaviour:
I expect the certificate to be created without any labels. If this is not possible for backwards-compatibility reasons, I would like to be able to deny-list certain labels (specifically
applyset.kubernetes.io/part-of
in my case).Steps to reproduce the bug:
Certificate
has the same labels as the ingress.Anything else we need to know?:
From the Slack thread:
cert-manager/pkg/controller/certificate-shim/sync.go
Line 378 in d2f6bbe
Environment details::
1.28.2
1.13.2
/kind bug
The text was updated successfully, but these errors were encountered: