Can We use Multiple AWS ACM Certificates at Nginx-Ingress-Contoller OR Multiple ACM certificate at Ingress object level?

5
votes

We are using EKS and Nginx-ingress(NLB). I'm trying to configure multiple AWS ACM certificates in the AWS-load-balancer-SSL-cert annotation for NLB. But with no luck. Could someone help if it possible at all? Thanks

If that not possible, Please guide me any other way on how to use multiple ACM cert in the ingress object-level if possible.

My EXACT Scenario:-

I am using an NLB (FYI)

If we able to add multiple ACM certificate at controller level that also works for me (I am using a single certificate in my NLB currently see below annotations)

At the controller level, these flags help me to add a single certificate:-

service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:1234556677:certificate/3a1d5a-469b-dffe4bad3182
service.beta.kubernetes.io/aws-load-balancer-type: nlb

or

I am maintaining an ingress object as per NameSpace. if we are able to attach a Certificate at the ingress object level, which also solves my problem.

1
amazon-web-servicessslkubernetesamazon-eks

1 Answers

5
votes

Good question.

There is no support for multiple ACM certificates on an ALB/NLB that points to an nginx ingress controller (or any other ingress controller AFAIK).

The dirty hack from Kubernetes is to create another Service that points to the same nginx ingress controller (same selectors) but in this case, it will just create another ALB/NLB and you may not want that.

The non-Kubernetes way which is the way might work better for you is just to do it from AWS itself and modify the ALB/NLB that sends traffic to your nginx ingress.

Image1 Image2

✌️