Clarify ingress-nginx in-cluster config warning is benign#103
Draft
Copilot wants to merge 19 commits intodevelopmentfrom
Draft
Clarify ingress-nginx in-cluster config warning is benign#103Copilot wants to merge 19 commits intodevelopmentfrom
Copilot wants to merge 19 commits intodevelopmentfrom
Conversation
* Initial plan * Add comprehensive Copilot instruction files Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Add README and validation script for Copilot instructions Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com>
…ized auth (#93) * Initial plan * Implement ingress-authz-overlay chart per issue #91 Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Address code review: remove unused helpers, add container security context Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Add Let's Encrypt / cert-manager documentation to user guide Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com>
* Initial plan * Add documentation for Let's Encrypt ACME account key secrets Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Add cert-manager installation instructions and troubleshooting Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Fix installation order list formatting Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Add troubleshooting for Helm ownership conflict with ClusterIssuer Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Improve Helm ownership conflict documentation clarity Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com>
…rlay (#96) * Initial plan * Fix cert-manager certificate ownership conflict by using primary route flag Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com>
* Initial plan * Configure overlay to use centralized authz-adapter in security namespace Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com>
…figuration documentation (#98) * Initial plan * Add Ingress and Connectivity troubleshooting section to docs Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Add AWS EKS and on-premises ingress configuration docs Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Fix code review issues in ingress docs Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com>
…#99) * Initial plan * Fix github-repo-registrations-eventsource ingress to use spec.ingressClassName instead of deprecated annotation Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Add quote to ingressClassName for proper YAML parsing Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com>
* Initial plan * Add cross-namespace routing support via ExternalName services Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Add cross-namespace routing troubleshooting documentation Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com>
… cert-manager issues (#101) * Initial plan * Add troubleshooting docs for external connection issues when internal services work Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Add kind cluster and cert-manager troubleshooting to docs Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Add DNS-01 challenge docs for No-IP.com and kind clusters Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com>
…, and NodePort external IP configuration to troubleshooting docs (#102) * Initial plan * Add comprehensive DNS-01 challenge debugging guide with propagation error fixes Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> * Add manual certificate installation guide to troubleshooting docs Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bwalsh <47808+bwalsh@users.noreply.github.com>
Merged
Copilot
AI
changed the title
[WIP] Add authz-aware ingress overlay for multi-tenant UIs and APIs
Clarify ingress-nginx in-cluster config warning is benign
Nov 26, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User observed a warning in ingress-nginx controller logs:
Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.This is standard Kubernetes client-go behavior when controllers run as pods. The warning message is misleading—in-cluster configuration (via service account tokens at
/var/run/secrets/kubernetes.io/serviceaccount/) is the expected and correct authentication method for in-cluster workloads.Changes:
No code changes needed—this is working as designed.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.