MountVolume.SetUp failed for volume "ca-download" : references non-existent secret key

[zlingqu]

When I deploy key and CRT with trusted ca, the core module cannot be started.
I think the ./templates/core/core-dpl.yaml file fixes that there must be ca.crt and ca.key in secretname.

My configuration file is as follows

type: ingress
  tls:
    enabled: true
    secretName: "https-key-secret"
    notarySecretName: ""

I user traefik-ingress.

The following error appears when using kubectl describe pod

[tlvenn]

Yes the issue has been introduced with fd3576e by @ywk253100

Certificates generated by let's encrypt with cert-manager dont have the ca.crt set, it's blank. Additionally having the core try to mount that secret creates other issues as well with wildcard certificates which exist in other namespaces. Contour for example will do TLS delegation but it will not allow that pod to read / mount that secret.

Could this behavior be put under a new flag please ?

Thanks

[zlingqu]

Thank you!

[ywk253100]

@zlingqu This isn't fixed yet, let's reopen it to track.

[tlvenn]

The issue is still not entirely fixed, I just tried with the 1.2.0 chart and there is still a volume ca-download which tries to mount the tls secret and it does not seem there is any way to disable this behavior.

As explained, my wildcard tls secret exists in another namespace than harbor so harbor cannot mount it.

Error from the core pod:
MountVolume.SetUp failed for volume "ca-download" : secret "ingress/my-wildcard" not found

[ywk253100]

Reopen the issue as it doesn't work for the secret in the other namespace as mentioned by @tlvenn

[jonhatallasf]

Has there been any traction on a possible solution? We use letsencrypt and thus are bit by the ca.crt empty issue.