I am running a web service that can be accessed from my company's domain name. I have setup automatic SSL certificates with Lets Encrypt as seen below.
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: basic-ingress annotations: certmanager.k8s.io/issuer: letsencrypt spec: tls: - hosts: - my.domain.net secretName: my-domain-net-tls rules: - host: my.domain.net http: paths: - backend: serviceName: frontend-service servicePort: 80-to-8080-tcp
I want to offer clients the option of serving the frontend from their own domains. What is the best way to go about this with certificates? I understand that I can setup the load balancer to use multiple secrets as shown here: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl, but I will need to be serving from more than the stated max of 10 domains.
Is there a more efficient way to go about this? What's the industry standard for serving one frontend service from multiple domains?
Many thanks!
If you don't require a global IP and can do with a regional one you can install the nginx-ingress and use multiple ingress to handle multiple domains and certificates for the same IP.
If you do require a global IP you can do as suggested by @John.
And if you don't mind having your clients pointing their domains to the different IPs as you do you can just use different ingress without anything more. But be aware that the normal ingress on GKE instantiates a L7 global load balancer so consider the cost of doing this
The standard method to support more than one domain name and / or subdomain names is to use one SSL Certificate and implement SAN (Subject Alternative Names). The extra domain names are stored together in the SAN. All SSL certificates support SAN, but not all certificate authorities will issue multi-domain certificates. Let's Encrypt does support SAN so their certificates will meet your goal.