Open chrismilson opened 1 year ago
chrismilson
commented
1 year ago There is a comment in the code: // To use an HTTP setting with a trusted root certificate, we must either override with a specific domain name or choose "Pick host name from backend target".
When configuring backend settings in the Azure Portal, however, there is no limitation to supply extra trusted root certificates without overriding the host name.
chrismilson
commented
7 months ago There is a workaround for this which seems obvious now. Don't try to put multiple hosts on the one Ingress resource, just create a different Ingress for each host, and set the hostname override to whatever that host is.
dragorosson
commented
7 months ago There is a workaround for this which seems obvious now. Don't try to put multiple hosts on the one Ingress resource, just create a different Ingress for each host.
Preserving the host header would be great for when the requests are all sent to a backend that does routing itself. Otherwise, yes, a separate ingress needs to be created for each host for the app gateway in addition to an ingress per host for the backend router (an istio gateway in my case). It would be great to not have to create two ingresses per host!
Describe the bug
When setting the
appgw.ingress.kubernetes.io/appgw-trusted-root-certificateannotation on an ingress resource in AKS, the corresponding backend settings will contain "Override with new host name" set to "Yes". (Defined in code here)This breaks my current use case:
To Reproduce
Create an ingress resource that sets the
appgw.ingress.kubernetes.io/appgw-trusted-root-certificateannotation but does not set theappgw.ingress.kubernetes.io/backend-hostnameannotation.Associated Azure Support Ticket
TrackingID#2303040040001140