I'm playing with k8s and Nginx ingress controller
(https://docs.nginx.com/nginx-ingress-controller/).
I have a hostname test.example.com, that handles HTTPS connections, using two certificates (RSA and GOST) signed for the same name.
Is there a proper way of terminating those TLS connections, using Nginx Ingress? Or am I better of using an external load-balancer?
So, the answer was actually in the discussion on GitHub page https://github.com/nginxinc/kubernetes-ingress/issues/1899#issuecomment-905952871
There is no direct support, but one can try a workaround with server-snippets:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cafe-ingress
annotations:
nginx.org/server-snippets: |
ssl_certificate /etc/nginx/secrets/default-second-cafe-secret; # namespace-name
ssl_certificate_key /etc/nginx/secrets/default-second-cafe-secret; # namespace-name
spec:
ingressClassName: nginx
tls:
- hosts:
- cafe.example.com
secretName: cafe-secret
- hosts: # this part is needed so that the IC gets the second-cafe-secret from k8s API and store it on the file system at /etc/nginx/secrets/namespace-name
- random-workaround-host
secretName: second-cafe-secret
rules:
- host: cafe.example.com