Skip to content

`global.ingress.class` value is not used in IngressClass's `metadata.name`

Summary

Upgrading from 5.5.2 to 5.6.0 caused the built-in nginx ingress class to no longer handle ingresses to any of the GitLab services. I needed to remove the ingressClassName from the specs of the ingresses and put back the old kubernetes.io/ingress.class: nginx

Configuration used

(Please provide a sanitized version of the configuration used wrapped in a code block (```yaml))

global:
  edition: ce
  hosts:
    domain: apps.mydomain.com
  ingress:
    proxyBodySize: 8192m
    class: nginx # set this class rather than the default gitlab-nginx, see https://gitlab.com/charts/gitlab/issues/1348
    tls:
      enabled: true
  appConfig:
    dependencyProxy:
      enabled: true
    incomingEmail:
      enabled: true
      address: "gitlab@mydomain.com"
      host: "mail.mydomain.com"
      port: 993
      ssl: true
      startTls: false
      user: "gitlab@mydomain.com"
      password:
        secret: "email-password"
      mailbox: inbox
      idleTimeout: 60
  smtp:
    enabled: true
    address: mail.mydomain.com
    port: 25
    user_name: "gitlab@mydomain.com"
    ## doc/installation/secrets.md#smtp-password
    password:
      secret: "email-password"
      key: password
    # domain:
    authentication: "login"
    starttls_auto: true
    openssl_verify_mode: "peer"
  email:
    from: 'gitlab@mydomain.com'
    display_name: My GitLab
    reply_to: 'gitlab@mydomain.com'
  grafana:
    enabled: true
  extraEnv:
    PLANTUML_ENCODING: deflate

certmanager-issuer:
  email: me@mydomain.com

certmanager:
  # set default issuer and kind to a cluster issuer so it can manage certificates for ingresses in all namespaces
  ingressShim:
    defaultIssuerName: gitlab-cluster-issuer
    defaultIssuerKind: ClusterIssuer
    defaultIssuerGroup: cert-manager.io

nginx-ingress:
  rbac:
    scope: false
  controller:
    config:
      use-http2: "true"
    scope:
      enabled: false
      # we want to use this nginx-ingress deployment across the whole cluster; don't limit scope to the default namespace. see https://gitlab.com/charts/gitlab/issues/1348
    service:
      externalTrafficPolicy: "Cluster"
      annotations:
        metallb.universe.tf/allow-shared-ip: "SharingIsCaring"
        # MetalLB needs this annotation and for the externalTrafficPolicy to be set to "Cluster" in order to share a single IP to different services (so long as they use different ports)

registry:
  ingress:
    tls:
      enabled: true

gitlab-runner:
  install: false

# https://gitlab.com/gitlab-org/charts/gitlab/issues/1647
gitlab:
  # task-runner needs storage in order to keep from being evicted
  # temporarily disabling task runner tmp for now, though, as the main drive is bigger now
  #task-runner:
  #  persistence:
  #    enabled: true
  #    size: 100Gi
  #    storageClass: temp-storage
  # gitaly stores git repos (including wikis)
  # gitaly's size can't be changed after deployed because it's a StatefulSet. other volumes can be expanded
  gitaly:
    persistence:
      size: 500Gi
  sidekiq:
    maxReplicas: 3
    # sidekiq needs too much CPU for the default of 10 replicas, and it doesn't make much sense to have more than one per node anyway

# minio stores registry, lfs, uploads (attached images/files in comments, etc), backups
minio:
  persistence:
    size: 500Gi



prometheus:
  kubeStateMetrics:
    enabled: true

Current behavior

The specified address for the ingress serves default backend (404). nginx ingress controller logs indicate no object matching "nginx" in local store for the affected ingresses.

Expected behavior

Ingress controller services the ingress (e.g. spec.ingressClassName is found by the included nginx ingress controller, or the original method of setting ingress.class is retained so that the included nginx ingress controller picks it up)

Versions

  • Chart: 5.6.0
  • Platform:
    • Self-hosted: kubespray 2.16.0
  • Kubernetes: (kubectl version)
    • Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.7", GitCommit:"132a687512d7fb058d0f5890f07d4121b3f0a2e2", GitTreeState:"clean", BuildDate:"2021-05-12T12:40:09Z", GoVersion:"go1.15.12", Compiler:"gc", Platform:"linux/amd64"}
    • Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.7", GitCommit:"132a687512d7fb058d0f5890f07d4121b3f0a2e2", GitTreeState:"clean", BuildDate:"2021-05-12T12:32:49Z", GoVersion:"go1.15.12", Compiler:"gc", Platform:"linux/amd64"}
  • Helm: version.BuildInfo{Version:"v3.5.4", GitCommit:"1b5edb69df3d3a08df77c9902dc17af864ff05d1", GitTreeState:"clean", GoVersion:"go1.15.11"}

Relevant logs

I1228 23:36:56.481846       6 store.go:367] "Ignoring ingress because of error while validating ingress class" ingress="default/gitlab-webservice-default" error="no object matching key \"nginx\" in local store"

Repeated for minio, grafana, registry...

Started working again once I re-added kubernetes.io/ingress.class: nginx back and also removed ingressClassName from spec. I seem to recall I had to do both, for some reason, as just adding the original annotation back didn't appear to change anything at the time (unless it was just slow on spotting the change to the ingress).

Edited by Mitchell Nielsen