How can I add multiple certificates to ingress for the same IP with SUB domain (SNI)?

12/10/2018

I would like to add multiple certificates for the same IP with different sub domain. I've created cluster and added ingress. i have HTTPS applications installed as well. I succeeded to add certificated to two different hosts (using the same ingress but 2 public IPs).

How can i write in ingress to use cert X for aks-hello-world and in cert Y for ingress-demo? (see attachment)

Is there something i should do in azure as well?

Ingress example

Screen Shot

-- inza
azure-aks
kubernetes
kubernetes-ingress
nginx-ingress

1 Answer

12/10/2018

You can deploy the Kubernetes nginx ingress controller and forward the traffic from one (public accessible) load balancer to the exposed node port service of the ingress service (type: LoadBalancer). This forwarding is done via TCP (no TLS happening here). You need to point the multiple DNS entries to the IP of the load balancer.

The ingress controller is capable of SNI and handles the forwarding from there on.

This approach however requires that your TLS certificates are added to Kubernetes as secrets (for example via Cert Manager).

For configuration see the docs.

-- Ohmen
Source: StackOverflow