Situation:
I want many customers share a common set of public IPs to access the kubernetes cluster.
Hostname based routing within the cluster it's done. But I want to provide HTTPS for all my customer's domains.
I have a set of edge-router nodes with one public IP each one. There's a Traefik ingress controller configured as DaemonSet listening on these nodes.
Let's supose there can be thousands customers with thousands domains.
My problem is that I want to have mulitple acme sections.
Exctracted from a ConfigMap in my ingress controller manifest:
[acme]
email = "ca@mycompany.com"
storage = "/etc/traefik/acme.json"
entryPoint = "https"
onHostRule = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[[acme.domains]]
main = "mycustomer1.com"
[acme.httpChallenge]
entryPoint = "http"My ideal solution would be have a way to split each customer https configuration in separate files, each one with its own acme settings.
Or, even better, having a way of configure this from the ingress resource:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
namespace: garden
annotations:
kubernetes.io/ingress.class: traefik
#
# LET'S ENCRYPT CONFIGURATION COULD BE HERE.
# THAT WAY IT WOULD BE EASY TO CONFIGURE HTTPS FOR EACH CUSTOMER.
#
spec:
rules:
- host: mycustomer1.com
http:
paths:
- path: /
backend:
serviceName: backend
servicePort: 80Is there any way to achieve this?
I would suggest trying to create multiple kind: Ingress for each customer and manage them. You will have the possibility to use special configmap for each Ingress class