Ingress configuration for multi-domain acme certificates

I have a case where I need to have a certificate with two subjects (main subject + alt subject) be created through ACME provider. I see in the documentation how to do it with ingressroutes but I'm stucked with kubernetes ingress for this setup.

The use case is two ingresses (one per cluster) with a GSLB in front of them that will redirect traffic for a different name that is normally configured for the ingresses. Something like:

So normally, I'd create two ingresses on each cluster:

The thing is that the certificate validation won't work for, as there's wouldn't be anyway to figure out if this is the cluster for that will get the request or the other one. So my only option is having, on each cluster, a cert created for the main ingress (either or, both having as alt subject.

How can I achieve this with the kubernetes ingress provider ?


P.S. Using Traefik 2.5.4

Finally found out by digging into ingress annotations for traefik.

The goal is achieved by the use of these annotations:

which will be sent to the certificate authority to create a certificate with subject: (domains.0.main) and alternate subjects: (domains.n.sans)

1 Like