Question 98553 in Nginx Question posted in
The official documentation can be found here.

How to use a wildcard certificate with ingress-nginx installed with Helm?

How to use a custom wildcard TLS certificate for all hosts in a ingress-nginx?

I use an ingress-nginx as a ingress controller. It is installed using Helm chart:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

# create secret
kubectl create secret tls example-com-certificate --namespace ingress-nginx 
    --key certs/tls.key 
    --cert certs/tls.crt   
   
# install ingress-nginx and use the secret
helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx 
  --set controller.wildcardTLS.cert=ingress-nginx/example-com-certificate 
  --set controller.service.loadBalancerIP=10.0.0.1

And here the ingress resource example

kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: myservice-ingress
  namespace: myservice
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.allow-http: "false"    
    nginx.ingress.kubernetes.io/backend-protocol: "http"
    nginx.ingress.kubernetes.io/default-backend: myservice
spec:  
  tls:  
  - hosts:
    - myservice.example.com
    #secretName omitted to use default wildcard certificate
  rules:
  - host: myservice.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: myservice
          servicePort: 80

It is expected that when accessing https://myservice.example.com my example-com-certificate is used.

However a Kubernetes Ingress Controller Fake Certificate is used instead.
Why?

Tags:

2

Answers


  1. 0

    Try according to this example:

    apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myservice-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: my.example.com
    http:
      paths:
      - backend:
          serviceName: myservice
          servicePort: 80
        path: /
  tls:
  - hosts:
    - '*.example.com'
    - my.example.com
    secretName: wildcard-example-com-tls
    Login or Signup to reply.
  2. 0

    The tls secret needs to be in the same namespace as your application,

    in this command you specified ingress-nginx as your namespace

    kubectl create secret tls example-com-certificate --namespace ingress-nginx 
--key certs/tls.key 
--cert certs/tls.crt

    but the ingress rule is in another namespace "myservice"

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search