My company has an existing CA certificate for fake.example.com and an A record that maps fake.example.com to the IP of our load balancer
The load balancer is forwarding traffic to our Kubernetes cluster.
In the cluster, I've deployed the nginx-ingress helm chart, exposing NodePort for https at 30200
I've created a k8s TLS secret named test-secret from the above certificate.
I've deployed an app with service 'test' and have installed the following ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: nginx
spec:
tls:
- hosts:
- fake.example.com
secretName: test-secret
rules:
- host: fake.example.com
http:
paths:
- path: /myapp
backend:
serviceName: test
servicePort: 8080
So, if i execute
curl https://{ip for k8s node}:30200/myapp/ping -H 'Host:fake.example.com' -k --verbose
I get the expected response from my app, but I also see
* Server certificate:
* subject: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate
* start date: Jan 25 20:52:16 2018 GMT
* expire date: Jan 25 20:52:16 2019 GMT
* issuer: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate
I've confirmed in the nginx.conf file that for server_name fake.exampe.com the ssl_certificate, ssl_certificate_key , and ssl_trusted_certificate are pointing the the correct location
So my question is, is it possible to configure nginx to use the correct certificate in this scenario?