Kubernetes ingress How to set default-ssl-certificate?

Question

I have a generic SSL certificate *.domain.com I want configure a HTTPS for a 4 level domain (my4.level.domain.com) I read in this discussion, that i need to use --default-ssl-certificate

But i don't understand how to use it

How should I change this configuration?

ingress:
  enabled: true
  annotations: {}
  labels: {}
  path: /
  hosts:
    - my4.level.domain.com
  extraPaths: []
  tls:
   - secretName: tls-tierra-ingress
     hosts:
       - '*.level.domain.com'
       - level.domain.com
       - my4.level.domain.com

Or do I have to run a special command?

Answer 1

--default-ssl-certificate is an argument used inside Ingress controller. Here is a list of all command line arguments that are accepted by the Ingress Controller.

To see which arguments are used you can do kubectl describe deployment/nginx-ingress-controller --namespace

You might see:

Args:
  --default-backend-service=$(POD_NAMESPACE)/default-http-backend
  --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
  --annotations-prefix=nginx.ingress.kubernetes.io

You can edit the controller yaml and put what's needed by your setup, if You don't have the file you can save deployed ingress as ingress-controller.yaml by using: kubectl get deployment/nginx-ingress-controller --namespace -o yaml > ingress-controller.yaml

Also you can edit the ingress on the fly by using: kubectl edit deployment/nginx-ingress-controller --namespace

As for 4 level domain SSL Certificate, I haven't tried that so sadly I cannot help.

Answer 2

i dont have kubernetes, but judging by this article: https://kubernetes.github.io/ingress-nginx/user-guide/tls/

you need to specify the default secret with the parameter --default-ssl-ceritifcate in the ingress controller, and then just remove the "secretName" option in the yalm, and it should use the default certificate.