Using cert-manager on AKS with LetsEncrypt and multiple certs

2/25/2019

Are there any working samples of using cert-manager on AKS with an Nginx ingress where multiple domains have been granted SSL via LetsEncrypt, and then those dns names are directed to separate containers?

I’ve had a single SSL setup for a while, but upon adding a second everything stopped working.

I have several clusters I’ll need to apply this to, so I’m hoping to ind a bullet proof example.

-- Kieron
azure
azure-aks
azure-kubernetes
cert-manager
kubernetes

1 Answer

2/25/2019

I dont think it should matter, i didnt really test that, but if you add 2 individual ingress resources with different domains\secrets, it should work (at least I dont see any reason why it shouldnt):

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tls-example-ingress
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
    certmanager.k8s.io/issuer: letsencrypt-production
    kubernetes.io/ingress.class: "nginx
spec:
  tls:
  - hosts:
    - sslexample.foo.com
    secretName: testsecret-tls
  rules:
    - host: sslexample.foo.com
      http:
        paths:
        - path: /
          backend:
            serviceName: service1
            servicePort: 80

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tls-example-ingress
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
    certmanager.k8s.io/issuer: letsencrypt-production
    kubernetes.io/ingress.class: "nginx
spec:
  tls:
  - hosts:
    - sslexample1.foo.com
    secretName: testsecret-tls1
  rules:
    - host: sslexample1.foo.com
      http:
        paths:
        - path: /
          backend:
            serviceName: service2
            servicePort: 80

tls is an array, so should take more than 1 item. not sure about interaction with cert-manager, though

tls:
- hosts:
  - sslexample.foo.com
  secretName: testsecret-tls
- hosts:
  - sslexample1.foo.com
  secretName: testsecret1-tls
-- 4c74356b41
Source: StackOverflow