06/04/2021, 1:56 PM
Hey all! I have an ingress that is managed via the aws LB controller. I use its tls cert as the secretName in the tls section of the ingress, and list the three hosts that are in the rules section of the ing.
I use a transformation in the LB controller to tell Pulumi to ignoreChanges on the LB ctrl tls secret. Subsequent ups regenerate the secret causing problems with the ing’s. I also make all ing’s dependsOn the cntrl. This is bec the cntrl pods don’t spin up fast enough, and the ing is still attempted to be created. I get a service not found error. So it is a race condition. This is the current context of my setup. I want to try auto tls discovery via host used in ing rules. I tried removing tls section but it wouldn’t find certs. Even though I have certs created in ACM. Perhaps it can’t find ACM certs? the error I get:
Failed build model due to ingress: waterrecharge/waterrecharge-ingress: none certificate found for host: <|>"
That’s referring to the ACM cert i’ve created, right? It can’t find it? I try putting back the tls section in the ing, and I still have the same issue. What’s happening is bec of that error, the ing doesn’t resolve in pulumi. I can’t get the hostname. So the record alias can’t be created. I get:
error: aws:route53/record:Record resource '<|>' has a problem: Required attribute is not set. Examine values at 'Record.Aliases'.
I have to do a refresh for pulumi to get the ing data and be able to resolve the hostname.