szuecs
commented
10 months ago Because SNI should be used anyways by all clients
Closed szuecs closed 10 months ago
szuecs
commented
10 months ago Because SNI should be used anyways by all clients
Some 3rd parties require to have non SNI calls to succeed and such we should not change the DefaultTLSCertificate on a running cloud load balancer if possible.
AWS documentation page https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#default-certificate
Copy cert slice and sort by ARN (last code change 5y ago): https://github.com/zalando-incubator/kube-ingress-aws-controller/blob/master/aws/cf_template.go#L208-L214 First cert in this slice is used as default certificate (last code change 2y ago): https://github.com/zalando-incubator/kube-ingress-aws-controller/blob/master/aws/cf_template.go#L227