If you delete the entire nginx namespace and reinstall again via helm chart, your nginx admission controller may throw a “x509 certificate signed by unknown authority” message when you attempt to create an nginx ingress.
This will happen regardless if the ingress is using http only or secure https. And also whether or not the TLS secret is self-signed or signed by a common certificate authority.
...failed to create resource: Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-controller-admission.default.svc:443/networking/v1beta1/ingresses?timeout=10s": x509: certificate signed by unknown authority...
This can be fixed by taking the CA data from the nginx admission secret, and patching it into the nginx validating web hook like below (provided by damienleger).
# adjust to your namespace ns=default CA=$(kubectl -n $ns get secret ingress-nginx-admission -ojsonpath='{.data.ca}') kubectl patch validatingwebhookconfigurations ingress-nginx-admission -n $ns --type='json' -p='[{"op": "add", "path": "/webhooks/0/clientConfig/caBundle", "value":"'$CA'"}]'
REFERENCES
damienleger, provided this as answer
gitanswer.com, damienleger provided this workaround in his comment here