Add support for fallback TLS #1944
Comments
|
cc @coresolve |
|
This feature is useful for the upcoming wildcard certificates in Let's Encrypt |
|
From looking at the controller source and my limited understanding about how the sections I looked at fit into the grand scheme of things, I gathered that it:
If you have multiple ingresses, with only one of them containing a reference to the secret, you'll end up with either:
Wouldn't it be possible to rewrite the controller to set the default certificate after processing all rules, or keep processing that rule if no certificate or the default certificate was set? This way you could define an ingress without rules but with a secret as a fallback, and wouldn't have to set a flag. |
|
I'm needing this feature as well. |
k8s-ci-robot
added
kind/feature
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
lifecycle/rotten
|
Closing. This is already implemented. By default, uses the default nginx certificate or the one behind the flag --default-ssl-certificate |
Using a new flag like
--fallback-tls-secret.When this flag is configured we can omit the tls section in the Ingress rules and still listen in port 443.
The use case for this could be the use of a wildcard SSL certificate as default for a list of hosts.
This is useful because right now we need to copy the wildcard certificate in different namespaces.
The text was updated successfully, but these errors were encountered: