Sub-subdomain with nginx ingress on Kubernetes (GKE)

accounts74 · June 20, 2022, 10:50pm

I have a domain at Cloudflare and some wildcards for subdomains

which both point to the load balancer of an nginx ingress of a Kubernetes cluster (GKE) of the GCP. Now, we have two pods and services running each (echo1 and echo2, which are essentially identical) and when I apply an ingress

kind: Ingress
metadata:
  name: echo-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - host: "echo1.eu3.example.com"
    http:
        paths:
        - pathType: Prefix
          path: "/"
          backend:
            service:
              name: echo1
              port:
                number: 80
  - host: "echo2.example.com"
    http:
        paths:
        - pathType: Prefix
          path: "/"
          backend:
            service:
              name: echo2
              port:
                number: 80

I can reach echo2 under echo2.example.com, but not echo1.eu3.example.com. My question is how I can make the second one reachable as well.

KianNH · June 20, 2022, 10:51pm

Do you have Advanced Certificate Manager?

Universal SSL doesn’t cover subdomains that are two levels deep.

accounts74 · June 21, 2022, 11:35am

Hi @KianNH ,

many thanks for your reply.

How does it work with Advanced Certificate Manager? Can I buy one certificate for ..example.com and ..*.example.com or do I have to buy one for each domain? Also it could be that I have several regions to which I want to direct traffic like *.eu1.example.com, ..eu1.example.com, *.us1.example.com and ..us1.example.com.

Is it possible to buy just one certificate and have access to all those regions or do I have to buy one for each?

KianNH · June 21, 2022, 3:33pm

You get 100 advanced certificates and each one can have up to 50 hostnames, including wildcards - for $10/month/zone

accounts74 · June 21, 2022, 3:48pm

@KianNH Okay, so I could buy one certificate and then just add

*.eu.example.com
*.us.example.com
..eu.example.com
..us.example.com

and all that with just one certificate?

KianNH · June 21, 2022, 3:49pm

I mean theoretically, yeah - but you don’t buy a certificate.

You buy a subscription to ACM for $10/month that entitles you to 100 certificates. If you use 1 or 100, the pricing is the same.

accounts74 · June 21, 2022, 3:51pm

But just to be clear, I could also add some double wildcards like * . * .eu.example.com and * . * .us.example.com?

That would be awesome.

epic.network · June 21, 2022, 5:42pm

Multiple wildcards in a SAN are not an option.

system · July 6, 2022, 5:43pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problems setting up https on subdomain Getting Started	9	2757	February 26, 2021
Cloudflare SSL + GCP managed SSL Security	4	5144	May 16, 2021
Use a second-level sub domains with ssl Security	5	9717	August 17, 2022
Adding a fourth-level domain leads to "Connection to this site is not secure" error DNS & Network CloudflareTunnel	7	3560	April 13, 2022
Argo Tunnel nested subdomain Cloudflare Tunnel	2	6602	May 28, 2021

Sub-subdomain with nginx ingress on Kubernetes (GKE)

Related topics