Everything in my Kubernetes configuration works great with a single TLS certificate. I define the cert as a Secret and reference it in my Ingress object configuration by name and my HTTPS traffic is served with the certificate.
My problem comes in when I try to use my other certificate as well. One of my certs has www.DomainA.com as the CN and DomainA.com,DomainB.com,DomainC.com as SAN's. The other one of my certs is a wildcard for *.DomainA.com.
When I add both certs to my Kubenetes configuration (with or without a defined hosts field for either/both), only the first specified cert is added in the interface and served to any traffic.
What is odd is that when I run a kubectl describe ingress my-ingress I see:
TLS:
non-wildcard-cert terminates DomainA.com,DomainB.com,DomainC.com
wildcard-cert terminates *.DomainA.comSo I know both certs were picked up by Kubernetes, it just doesn't seem to be used (or stored) in GCP.
How can I use both of these certs?
Looks like, for now, GCP doesn't support the Kubernetes spec correctly according to the GCE Ingress Controller doc. When they do add the full SNI support from the spec, I should be able to do what I need.
I see that the nginx Ingress controller has SNI support but I only want to use the official, transparent, Google-maintained Ingress controller.