Question 98675 in Nginx Question posted in
The official documentation can be found here.

Several TLS certs for the same host nginxinc kubernetes ingress

I’m playing with k8s and Nginx ingress controller
(https://docs.nginx.com/nginx-ingress-controller/).

I have a hostname test.example.com, that handles HTTPS connections, using two certificates (RSA and GOST) signed for the same name.

Is there a proper way of terminating those TLS connections, using Nginx Ingress? Or am I better of using an external load-balancer?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    So, the answer was actually in the discussion on GitHub page https://github.com/nginxinc/kubernetes-ingress/issues/1899#issuecomment-905952871

    There is no direct support, but one can try a workaround with server-snippets:

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: cafe-ingress
  annotations:
    nginx.org/server-snippets: |
      ssl_certificate /etc/nginx/secrets/default-second-cafe-secret; # namespace-name
      ssl_certificate_key /etc/nginx/secrets/default-second-cafe-secret; # namespace-name
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - cafe.example.com
    secretName: cafe-secret
  - hosts: # this part is needed so that the IC gets the second-cafe-secret from k8s API and store it on the file system at /etc/nginx/secrets/namespace-name
    - random-workaround-host 
    secretName: second-cafe-secret
  rules:
  - host: cafe.example.com

  2. 0

    First leats clear out what terminating is:

    SSL termination refers to the process of decrypting encrypted traffic before passing it along to a web server.

    There are other ways as well as you mentioned like using external LoadBalancer but sine Nginx is a LoadBalancer there is no need to add another external LoadBalancer

    Keep it simple

    • Keep it simple, and you’ll have fewer problems in the long run.
    • Using nginx-controller is a suitable way to accomplish it.
    • Adding more "tools" will require you to maintain them as well which increases the complexicity.

    enter image description here

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search