SSL Certificate conflict

[merqurio]

Summary

After a rolling update of the Kong ingress controller, the new ingress controller tries to create a new SSL certificate when one is in place already.

I0905 09:07:43.165264       7 controller.go:127] syncing Ingress configuration...
I0905 09:07:43.167129       7 kong.go:1057] creating Kong SSL Certificate for host metabase.testing.myurl.org located in Secret default/metabase-letsencrypt-prod
E0905 09:07:43.168743       7 kong.go:1062] Unexpected error creating Kong Certificate: [400] {"fields":{"snis":"metabase.testing.myurl.org already associated with existing certificate 'b8371df4-bbb4-460e-bb78-8e7b66c16ef3'"},"name":"schema violation","code":2,"message":"schema violation (snis: metabase.testing.myurl.org already associated with existing certificate 'b8371df4-bbb4-460e-bb78-8e7b66c16ef3')"}
E0905 09:07:43.168759       7 controller.go:130] unexpected failure updating Kong configuration:
the server rejected our request for an unknown reason (post certificates.meta.k8s.io)
W0905 09:07:43.168766       7 queue.go:113] requeuing ci-cd/runner-c4990634-project-4440767-concurrent-1drq5z, err the server rejected our request for an unknown reason (post certificates.meta.k8s.io)

Kong Ingress controller version
0.1.0

Kubernetes version

Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:17:39Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:05:37Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

Environment

• Cloud provider or hardware configuration:
  AWS EC2,
• OS (e.g. from /etc/os-release):

PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

• Kernel (e.g. uname -a):
  Linux ip-172-20-102-121 4.4.121-k8s Status of controller? #1 SMP Sun Mar 11 19:39:47 UTC 2018 x86_64 GNU/Linux
• Install tools:
  Kops, Kubectl, Helm (from PR)
• Others:
  Configured using postgres

What happened

Ingress controller rolling update failed.

Expected behvaior

Not creating a new SSL certificate

Steps To Reproduce

1. Install Kong-ingress controller
2. Add a certificate to a ingress (via cert-manager)
3. Works as expected
4. Modify deployment (added a label)
5. A new deployment launches and replaces the old one, the error raises

[merqurio]

Ingress resource:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/acme-challenge-type: dns01
    certmanager.k8s.io/acme-dns01-provider: xxx
    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
  creationTimestamp: 2018-09-05T08:12:18Z
  generation: 1
  labels:
    chart: xxx
    heritage: Tiller
    release: black-unicorn
  name: black-unicorn-metabase
  namespace: default
spec:
  rules:
  - host: metabase.testing.myurl.org
    http:
      paths:
      - backend:
          serviceName: black-unicorn-metabase
          servicePort: 80
        path: /
  tls:
  - hosts:
    - metabase.testing.myurl.org
    secretName: metabase-letsencrypt-prod
status:
  loadBalancer:
    ingress:
    - hostname: xxx

[merqurio]

This it's been resolved with the 0.2.0 release. Thanks @hbagdi