How to use a wildcard certificate with ingress-nginx installed with Helm?

Question

How to use a custom wildcard TLS certificate for all hosts in a ingress-nginx?

I use an ingress-nginx as a ingress controller. It is installed using Helm chart:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

# create secret
kubectl create secret tls example-com-certificate --namespace ingress-nginx \
    --key certs/tls.key \
    --cert certs/tls.crt   
   
# install ingress-nginx and use the secret
helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx \
  --set controller.wildcardTLS.cert=ingress-nginx/example-com-certificate \
  --set controller.service.loadBalancerIP=10.0.0.1

And here the ingress resource example

kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: myservice-ingress
  namespace: myservice
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.allow-http: "false"    
    nginx.ingress.kubernetes.io/backend-protocol: "http"
    nginx.ingress.kubernetes.io/default-backend: myservice
spec:  
  tls:  
  - hosts:
    - myservice.example.com
    #secretName omitted to use default wildcard certificate
  rules:
  - host: myservice.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: myservice
          servicePort: 80

It is expected that when accessing https://myservice.example.com my example-com-certificate is used.

However a Kubernetes Ingress Controller Fake Certificate is used instead. Why?

Answer 1

The tls secret needs to be in the same namespace as your application,

in this command you specified ingress-nginx as your namespace

kubectl create secret tls example-com-certificate --namespace ingress-nginx \
--key certs/tls.key \
--cert certs/tls.crt   

but the ingress rule is in another namespace "myservice"