Setting a default certificate in nginx ingress controller gets overridden

[MunierSaadeh]

We deployed the Web Application Routing Add-on for AKS ingress solution, which enables a Managed Nginx Ingress Controller. While testing, we noticed that when reaching out the Public IP of the managed load balancer (without host headers), a default fake certificate is being created on the Ingress controller.

To avoid this, we instead relied on the Ingress controller’s Default SSL Certificate flag --default-ssl-certificate which contains the default ssl cert for “catch-all” scenario. However, this setting is always getting overridden (may be because it is managed, and there are settings that we cannot override). Wondering if there is a way to persist this setting?

[OliverMKing]

Hello @MunierSaadeh. Thank you for making this issue.

Like you said, Web App Routing doesn’t support this feature currently as this setting will get reconciled to the default managed NGINX Ingress Controller Deployment App Routing offers. The experience is in preview and features are actively being worked on and added. Soon we are adding ways to customize the NGINX experience further than what’s currently being offered. This request is a good candidate for a configuration option we could potentially add.

I've passed this ask on to @sabbour (the App Routing PM) so he's aware of the request.

[sabbour]

I added this to the backlog.

[sabbour]

Related #160

[MXClyde]

I believe this issue can be closed with the availability of #160 in all regions.