Jump to content
Welcome to our new Citrix community!

Citrix ingress controller ignore cert type


Recommended Posts

Hello,

 

I've created ingress with the following definition:
 

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: nginx
  annotations:
    ingress.citrix.com/frontend-ip: "10.29.224.91"
    ingress.citrix.com/secure-port: "443"
    ingress.citrix.com/secure-service-type: "ssl"
    ingress.citrix.com/preconfigured-certkey: '{"certs": [ {"name": "wildcard.hotfix.mmk.local", "type": "default"} ] }'
    ingress.citrix.com/insecure-port: "80"
    ingress.citrix.com/insecure-termination: "redirect"
spec:
  tls:
    - secretName: "wildcard.hotfix.mmk.local"
  backend:
    serviceName: nginx
    servicePort: 80

but in NetScaler ACD i see that certificate has been bind as SNI

> sh ssl vserver k8s-10.29.224.91_443_ssl

        Advanced SSL configuration for VServer k8s-10.29.224.91_443_ssl:
        Profile Name :ns_default_ssl_profile_frontend


1)      CertKey Name: wildcard.hotfix.mmk.local Server Certificate for SNI
 Done

 

I've tried to remove "type": "default" from ingress definition, but nothing changed

Also, CIC created cs vserver for 80 port without redirection policy

> sh cs  vserver k8s-10.29.224.91_80_http
        k8s-10.29.224.91_80_http (10.29.224.91:80) - HTTP       Type: CONTENT
        State: UP
        Last state change was at Mon Mar 30 19:26:26 2020
        Time since last state change: 0 days, 00:26:10.500
        Client Idle Timeout: 180 sec
        Down state flush: ENABLED
        Disable Primary Vserver On Down : DISABLED
        Comment: uid=FEJQLIKUOCTDF5QJUQRP7RBVYDFMFKUZW5IHJ7JMHCILTXJTBLDQ====
        Appflow logging: ENABLED
        Port Rewrite : DISABLED
        State Update: DISABLED
        Default:        Content Precedence: RULE
        Vserver IP and Port insertion: OFF
        L2Conn: OFF     Case Sensitivity: ON
        Authentication: OFF
        401 Based Authentication: OFF
        Push: DISABLED  Push VServer:
        Push Label Rule: none
        Listen Policy: NONE
        IcmpResponse: PASSIVE
        RHIstate:  PASSIVE
        Traffic Domain: 0
 Done

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...