From df93fd91d6c2de98e0f43c1a1de0d2142d7d26a9 Mon Sep 17 00:00:00 2001 From: Michael Pleshakov Date: Thu, 16 Dec 2021 19:41:00 -0800 Subject: [PATCH] Update Wildcard TLS Certificate example --- examples/wildcard-tls-certificate/README.md | 49 +++++++++------------ 1 file changed, 22 insertions(+), 27 deletions(-) diff --git a/examples/wildcard-tls-certificate/README.md b/examples/wildcard-tls-certificate/README.md index dc20326854..41452b6798 100644 --- a/examples/wildcard-tls-certificate/README.md +++ b/examples/wildcard-tls-certificate/README.md @@ -1,12 +1,12 @@ # Wildcard TLS Certificate -The wildcard TLS certificate simplifies the configuration of TLS termination if you need to use the same TLS certificate in multiple Ingress resources from various namespaces. Typically, such a certificate is for a subdomain (for example, `*.example.com`), while the hosts in the Ingress resources include that subdomain (for example, `foo.example.com`, `bar.example.com`). +The wildcard TLS certificate simplifies the configuration of TLS termination if you need to use the same TLS certificate in multiple Ingress and VirtualServer resources from various namespaces. Typically, such a certificate is for a subdomain (for example, `*.example.com`), while the hosts in the Ingress and VirtualServer resources include that subdomain (for example, `foo.example.com`, `bar.example.com`). ## Example ### Prerequisites -Start the Ingress Controller with the `-wildcard-tls-secret` [command-line argument](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/) set to a TLS secret with a wildcard cert/key. For example: +Start the Ingress Controller with the `-wildcard-tls-secret` [command-line argument](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-wildcard-tls-secret) set to a TLS secret with a wildcard cert/key. For example: ```yaml -wildcard-tls-secret=nginx-ingress/wildlcard-tls-secret @@ -16,16 +16,16 @@ Start the Ingress Controller with the `-wildcard-tls-secret` [command-line argum ### Configuring TLS Termination -In the example below we configure TLS termination for two Ingress resources for the hosts `foo.example.com` and `bar.example.com` respectively: +In the example below we configure TLS termination for an Ingress for the host `foo.example.com` and a VirtualServer for the host `bar.example.com`: -`foo-ingress` from the namespace `foo-namespace`: +`foo` Ingress from the namespace `foo`: ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: foo-ingress - namespace: foo-namespace + name: foo + namespace: foo annotations: kubernetes.io/ingress.class: "nginx" spec: @@ -45,31 +45,26 @@ spec: number: 80 ``` -`bar-ingress` from the namespace `bar-namespace`: +`bar` VirtualServer from the namespace `bar`: ```yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress +apiVersion: k8s.nginx.org/v1 +kind: VirtualServer metadata: - name: bar-ingress - namespace: bar-namespace - annotations: - kubernetes.io/ingress.class: "nginx" + name: bar + namespace: bar spec: + host: bar.example.com tls: - - hosts: - - bar.example.com - rules: - - host: bar.example.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: bar-service - port: - number: 80 + secret: "" + upstreams: + - name: bar + service: bar-service + port: 80 + routes: + - path: / + action: + pass: bar ``` -Because we don't reference any TLS secret in the `tls` section (there is no `secretName` field) in both Ingress resources, NGINX will use the wildcard secret specified in the `-wildcard-tls-secret` command-line argument. +Because we don't reference any TLS secret in the resources above -- there is no `secret` field in the `tls` section of the Ingress resource and the `secret` field is empty in the VirtualServer -- NGINX will use the wildcard secret specified in the `-wildcard-tls-secret` command-line argument.