Home > Net >  AKS with LetsEncrypt and multiple certs for different containers
AKS with LetsEncrypt and multiple certs for different containers

Time:09-21

I'm looking for any working samples of applying different certificates on AKS with Application Gateway as Ingress Controller. I have Key Vault with a certificate that is used imported in ApGw/Ingress as sitecomcert and here is Ingress manifest:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: site-agic-ig
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/appgw-ssl-certificate: sitecomcert
    appgw.ingress.kubernetes.io/ssl-redirect: "true"
    appgw.ingress.kubernetes.io/request-timeout: "180"
    appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
spec:
  rules:
  - host: "site.com"
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: site-svc
            port:
              number: 80

...

Everything works perfect here. Now I have a second certificate in Key Vault for site2.com and this cert is already imported in Ap Gw as site2comcert and I have container that should serve requests coming to site2.com which point to Ap Gw Public IP. So I'm about to add

- host: "site2.com"   <--- How can I attach **site2comcert** cert? 
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: site2-svc
            port:
              number: 80

but with this setup I receive Untrusted Connection warning in browser because sitecomcert is used. How to configure ApGw / Ingress in a way that allows to use site2comcert for site2.com host specified above?

CodePudding user response:

You can have multiple ingress resource definitions (snipped for brevity):

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: site-agic-ig
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/appgw-ssl-certificate: sitecomcert
spec:
  rules:
  - host: "site.com"

and

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: site-agic-ig-site2
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/appgw-ssl-certificate: site2comcert
spec:
  rules:
  - host: "site2.com"
  • Related