Sub-subdomain with nginx ingress on Kubernetes (GKE)

I have a domain at Cloudflare and some wildcards for subdomains

which both point to the load balancer of an nginx ingress of a Kubernetes cluster (GKE) of the GCP. Now, we have two pods and services running each (echo1 and echo2, which are essentially identical) and when I apply an ingress

kind: Ingress
metadata:
  name: echo-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - host: "echo1.eu3.example.com"
    http:
        paths:
        - pathType: Prefix
          path: "/"
          backend:
            service:
              name: echo1
              port:
                number: 80
  - host: "echo2.example.com"
    http:
        paths:
        - pathType: Prefix
          path: "/"
          backend:
            service:
              name: echo2
              port:
                number: 80

I can reach echo2 under echo2.example.com, but not echo1.eu3.example.com. My question is how I can make the second one reachable as well.

Do you have Advanced Certificate Manager?

Universal SSL doesn’t cover subdomains that are two levels deep.

1 Like

Hi @KianNH ,

many thanks for your reply.

How does it work with Advanced Certificate Manager? Can I buy one certificate for ..example.com and ..*.example.com or do I have to buy one for each domain? Also it could be that I have several regions to which I want to direct traffic like *.eu1.example.com, ..eu1.example.com, *.us1.example.com and ..us1.example.com.

Is it possible to buy just one certificate and have access to all those regions or do I have to buy one for each?

https://developers.cloudflare.com/ssl/edge-certificates/advanced-certificate-manager/

You get 100 advanced certificates and each one can have up to 50 hostnames, including wildcards - for $10/month/zone

@KianNH Okay, so I could buy one certificate and then just add

*.eu.example.com
*.us.example.com
..eu.example.com
..us.example.com

and all that with just one certificate?

I mean theoretically, yeah - but you don’t buy a certificate.

You buy a subscription to ACM for $10/month that entitles you to 100 certificates. If you use 1 or 100, the pricing is the same.

But just to be clear, I could also add some double wildcards like * . * .eu.example.com and * . * .us.example.com?

That would be awesome.

Multiple wildcards in a SAN are not an option.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.