New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ingress: Allow for multiple hosts #43633
Comments
+1 for this as well. As referenced by both @klausenbusk and me at #41881 , this would go a long way. I prefer to have a wildcard or a subdomain-only option, so I can specify Personally, I also think the ingress controller (which usually is deployed by cluster admins) should have a restriction that says, "only service the following domains or subdomains of them...", but that is a separate issue. |
Another +1. I think almost anyone with a non-trivial ingress use-case will benefit from this. |
+1 |
and redirect. We initially wanted to use [the redirect-from-to-www annotation](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/annotations.md#redirect-from-to-www), as this is nice and neat, but unfortunately that [isn't able to serve a TLS certificate for the redirected domain](kubernetes/ingress-nginx#605). Until that's fixed, we have to use this solution, [as others are doing](kubernetes/ingress-nginx#605 (comment)). (It would also help to make this more DRY if we were able to [specify multiple hosts in a http rule](kubernetes/kubernetes#43633))
Issues go stale after 90d of inactivity. Prevent issues from auto-closing with an If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or |
/remove-lifecycle stale |
Apparently, I cannot remove it from stale... |
looks like it worked @deitch ! |
I also would like to see this feature, but as a workaround, I use YAML ids. Here is how it would look for given example.
|
I don't have much to add except to say this would be very welcome. Hopefully the rules for beta APIs still allow some flexibility to modify this. |
same here - have to add multiple domains i.e.
what is not really comfortable in the current implementation... so, vote up... |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
This is much needed :(( |
+1 for this feature. I also tried @kramarz suggested workaround, and I get the following error: |
+1 for this feature. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
feature needed indeed |
Use case I haven't seen yet, we have some domains that look like |
We really need this feature |
Another vote for this feature |
another work around using range loop:
and in values yaml:
and set a variable fullName... Still i'd prefer an array or regex or ... for the hosts element |
This is almost certainly not happening in Ingress , but we should keep it in mind for the API to follow Ingress (proposals coming soon?) |
API to follow Ingress, @thockin? Is there a replacement in the works? |
No? Seems a frequently requested feature to avoid a lot of duplication. -- What's our alternatives? |
Might be useful for someone, I use server-alias option on the nginx ingress to have multiple domains for a single ingress. |
@catalinpan how does it work on your end? My server-alias doesn't work with this config.
|
@angelogwapo is worth checking if the nginx ingress version you have supports the alias implementation. If the version is newer check here how the As long as the above case doesn't apply to you and the DNS record for I manage the server alias in Route 53 using terraform because of my specific use case, multiple deployments in different regions = multiple server alias CNAMEs pointing to multiple hosts with health checks and few more options. example: Below is an example of something I use.
|
This feature would be great to have for users of traefik who are also using the automated Let's Encrypt feature. Here, traefik expects a comma-separated list of domains as the Host (https://docs.traefik.io/v1.7/configuration/acme/#onhostrule), where the first domain will become the main domain of the certificate and all others will be |
@catalinpan I am also struggling with the server-alias annotation.
Both are pointing to the same loadbalancer. Both have a valid TLS certificate. apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
app.kubernetes.io/instance: ngress-rules
cert-manager.io/issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/server-alias: two-app.two-domain.dev
nginx.ingress.kubernetes.io/ssl-redirect: "true"
name: ingress-rules
namespace: default
spec:
rules:
- host: one-app.one-domain.dev
http:
paths:
- backend:
serviceName: service1
servicePort: 80
path: /
- backend:
serviceName: service2
servicePort: 80
path: /portal/
tls:
- hosts:
- one-app.one-domain.dev
secretName: one-app-tls
- hosts:
- two-app.two-domain.dev
secretName: two-app-tls Btw, I am using version 0.27 which should contain this change: https://github.com/kubernetes/ingress-nginx/pull/4472/files#diff-9bba411a7c28f1ef63c3a5339db109d5 |
@jacqinthebox: Your EDIT: My bad, I was too quick. I didn't realize you were talking about the server alias annotation. |
you may use multiple independent domains in one TLS secret
|
You can always use a helm chart to create the dup config for each domain in an array. "If" you are using helm of course :) |
+1 |
@kramarz , Thanks, this workround work for me. |
The workaround works also perfectly with https://github.com/jetstack/cert-manager . apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: site
annotations:
cert-manager.io/issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/server-alias: host2.com
spec:
rules:
- host: host1.com
http:
paths:
- path: /
backend:
serviceName: site
servicePort: 8080
tls:
- secretName: nice-name
hosts:
- host1.com
- host2.com |
@AndreKoepke thank you for this. It worked somewhat for me but after adding Any suggestions? |
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: ingress-{{ .Release.Name }}-webapp
labels:
app.kubernetes.io/name: "{{ .Chart.Name }}"
app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
app.kubernetes.io/component: "ingress-webapp"
app.kubernetes.io/part-of: "{{ .Chart.Name }}"
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: {{ .Values.LETSENCRYPT.ISSUER }}
nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.NGINX.PROXY_BODY_SIZE }}
spec:
tls:
- hosts:
{{- range .Values.LETSENCRYPT.DOMAINS }}
- {{ . }}
{{- end }}
secretName: tls
rules:
{{- range .Values.LETSENCRYPT.DOMAINS }}
- host: {{ . }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: {{ $.Release.Name }}-webapp
port:
number: 3000
{{- end }} LETSENCRYPT:
...
DOMAINS:
- "wir.social"
- "www.wir.social" |
this is the way :) |
Does host2.com return a valid cert or do you get "Kubernetes Ingress Controller Fake Certificate"? How did you combine them so both domains use the same secret |
What was the fix for this? I cannot get it to return anything but "Kubernetes Ingress Controller Fake Certificate" for the aliased domain. |
Is this a request for help?
No
What keywords did you search in Kubernetes issues before filing this one?
Ingress controller, "hosts", multiple host.
I found this issue: kubernetes/ingress-nginx#87 but it was closed as it was in the wrong repo.
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
FEATURE REQUEST
With the current implementation, if you have a few sub-/domains which need to point to the same service, you get a "lot" of duplicated code.
Example:
So I propose that the
Host
field get changed from a single FQDN to a array of FQDN.So I could do something like:
It save me 18 lines and makes the config more clear.
Maybe dup of: #41881 , but this seems easier to implement.
cc @aledbf (you closed the last issues, not sure if you "work" in this part of k8s)
Kubernetes version (use
kubectl version
):Environment:
DigitalOcean, CoreOS.
The text was updated successfully, but these errors were encountered: