github.com/nginxinc/kubernetes-ingress@v1.12.5/examples/wildcard-tls-certificate/README.md

github.com/nginxinc/kubernetes-ingress@v1.12.5/examples/wildcard-tls-certificate/README.md (about)

     1  # Wildcard TLS Certificate
     2  
     3  The wildcard TLS certificate simplifies the configuration of TLS termination if you need to use the same TLS certificate in multiple Ingress resources from various namespaces. Typically, such a certificate is for a subdomain (for example, `*.example.com`), while the hosts in the Ingress resources include that subdomain (for example, `foo.example.com`, `bar.example.com`).
     4  
     5  ## Example
     6  
     7  ### Prerequisites
     8  
     9  Start the Ingress Controller with the `-wildcard-tls-secret` [command-line argument](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/) set to a TLS secret with a wildcard cert/key. For example:
    10  
    11  ```yaml
    12  -wildcard-tls-secret=nginx-ingress/wildlcard-tls-secret
    13  ```
    14  
    15  **Note**: the Ingress Controller supports only one wildcard TLS secret.
    16  
    17  ### Configuring TLS Termination
    18  
    19  In the example below we configure TLS termination for two Ingress resources for the hosts `foo.example.com` and `bar.example.com` respectively:
    20  
    21  `foo-ingress` from the namespace `foo-namespace`:
    22  
    23   ```yaml
    24  apiVersion: networking.k8s.io/v1beta1
    25  kind: Ingress
    26  metadata:
    27    name: foo-ingress
    28    namespace: foo-namespace
    29    annotations:
    30      kubernetes.io/ingress.class: "nginx"
    31  spec:
    32    tls:
    33    - hosts:
    34      - foo.example.com
    35    rules:
    36    - host: foo.example.com
    37      http:
    38        paths:
    39        - path: /
    40          backend:
    41            serviceName: foo-service
    42            servicePort: 80
    43   ```
    44  
    45  `bar-ingress` from the namespace `bar-namespace`:
    46  
    47  ```yaml
    48  apiVersion: networking.k8s.io/v1beta1
    49  kind: Ingress
    50  metadata:
    51    name: bar-ingress
    52    namespace: bar-namespace
    53    annotations:
    54      kubernetes.io/ingress.class: "nginx"
    55  spec:
    56    tls:
    57    - hosts:
    58      - bar.example.com
    59    rules:
    60    - host: bar.example.com
    61      http:
    62        paths:
    63        - path: /
    64          backend:
    65            serviceName: bar-service
    66            servicePort: 80
    67  ```
    68  
    69  Because we don't reference any TLS secret in the `tls` section (there is no `secretName` field) in both Ingress resources, NGINX will use the wildcard secret specified in the `-wildcard-tls-secret` command-line argument.