Using wildcard and non-wildcard TLS certificate with Kubernetes 1.3 Ingress

Question

Everything in my Kubernetes configuration works great with a single TLS certificate. I define the cert as a Secret and reference it in my Ingress object configuration by name and my HTTPS traffic is served with the certificate.

My problem comes in when I try to use my other certificate as well. One of my certs has www.DomainA.com as the CN and DomainA.com,DomainB.com,DomainC.com as SAN's. The other one of my certs is a wildcard for *.DomainA.com.

When I add both certs to my Kubenetes configuration (with or without a defined hosts field for either/both), only the first specified cert is added in the interface and served to any traffic.

What is odd is that when I run a kubectl describe ingress my-ingress I see:

TLS:
  non-wildcard-cert terminates DomainA.com,DomainB.com,DomainC.com
  wildcard-cert terminates *.DomainA.com

So I know both certs were picked up by Kubernetes, it just doesn't seem to be used (or stored) in GCP.

How can I use both of these certs?

Answer 1

Looks like, for now, GCP doesn't support the Kubernetes spec correctly according to the GCE Ingress Controller doc. When they do add the full SNI support from the spec, I should be able to do what I need.

I see that the nginx Ingress controller has SNI support but I only want to use the official, transparent, Google-maintained Ingress controller.