Based on this issue comment on k8s github repo, it looks like it should work if you do the following:
- create a CNAME record for
hello.john.com domain and point it to demo-aks-ingress.eastus.cloudapp.azure.com - add second domain to ingress (so that ingress knows how to route it)
- add second domain to certificate object (so that cert-manager can generate a valid certificate for this domain)
Ingress part:
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: hello-world-ingress annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/rewrite-target: /$1 nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/server-alias: "hello.john.com" #👈 spec: tls: - hosts: - demo-aks-ingress.eastus.cloudapp.azure.com - hello.john.com #👈 secretName: tls-secret rules: - host: demo-aks-ingress.eastus.cloudapp.azure.com http: paths: - backend: serviceName: aks-helloworld servicePort: 80 path: /hello-world-one(/|$)(.*) - backend: serviceName: ingress-demo servicePort: 80 path: /hello-world-two(/|$)(.*) - backend: serviceName: aks-helloworld servicePort: 80 path: /(.*)
Docs:
Certificate part:
apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: tls-secret namespace: ingress-basic spec: secretName: tls-secret dnsNames: - demo-aks-ingress.eastus.cloudapp.azure.com - hello.john.com #👈 acme: config: - http01: ingressClass: nginx domains: - demo-aks-ingress.eastus.cloudapp.azure.com - hello.john.com #👈 issuerRef: name: letsencrypt-staging kind: ClusterIssuer
Docs:
