From f7bf556ff7e7e6039799116c2269b533126166b7 Mon Sep 17 00:00:00 2001 From: Makhtar Date: Wed, 25 Dec 2024 21:28:12 +0000 Subject: [PATCH] Add note for TLS settings on default rule Alternative to make TLS work on the default rule or when faced with specific Subject Alternative Name requirements (e.g mandatory IPs instead of FQDN) --- .../concepts/services-networking/ingress.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/content/en/docs/concepts/services-networking/ingress.md b/content/en/docs/concepts/services-networking/ingress.md index 9cd6f62d8c390..8f0485d05c9c7 100644 --- a/content/en/docs/concepts/services-networking/ingress.md +++ b/content/en/docs/concepts/services-networking/ingress.md @@ -519,6 +519,24 @@ section. {{% code_sample file="service/networking/tls-example-ingress.yaml" %}} +{{< note >}} +As an alternative to make TLS work on the default rule or when faced with specific +Subject Alternative Name requirements (e.g mandatory IPs instead of FQDN), user can update the +Ingress Controller to set as default certificate a custom Secret that satifies those requirements. + +If using Nginx Ingress: + +kubectl -n ingress-nginx edit deployment ingress-controller + +Edit the args section as follows: + +args: + - /nginx-ingress-controller + - '--publish-service=$(POD_NAMESPACE)/ingress-nginx-controller' + - '--default-ssl-certificate=default/testsecret-tls' + - ... +{{< /note >}} + {{< note >}} There is a gap between TLS features supported by various Ingress controllers. Please refer to documentation on