How to add additional ACM certificate in separate Ressource?

[MartinEmrich]

I would like to add additional ACM certificates to an existing ingress group, without editing an existing ressource (which might reside in a different namespace)

Intuitively, I should be able to add an Ingress without any rules, just adding the annotation to be merged in:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: just-another-certificate
  annotations:
    alb.ingress.kubernetes.io/group.name: my-existing-ingress-group
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-central-1:000000000000:certificate/1234-5678-1234-5678-1234567890whatever
spec:
  ingressClassName: alb
  rules: []

Sadly, a Kubernetes Ingress object must have either a rule or a defaultBackend: https://github.com/kubernetes/kubernetes/issues/82203

My current workaround is to add a dummy rule (fixed response on an unlikely path), but this consumes one rule on the ALB.

Is there a better way I happen to have missed?

[shraddhabang]

Unfortunately, we dont have any other way. I would have recommend to use IngressClassParam crd if you are using the ingresss-group. But this will also require one time change to update all your existing ingresses to use this IngressClass.

But honestly, I don't think its a good idea to add a certificate like this since it might impact the existing ingresses in the group. If you can, you should just update the existing ingress instead.

[MartinEmrich]

Ok thanks. I also think using IngressClassParams is too unwieldy for this.

I guess we'll do a compromise: use exactly one of those "dummy-ingress-objects", and list all ACM Certificate ARNs there.