You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: site/content/docs/main/config/ingress.md
+6-3Lines changed: 6 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -61,9 +61,12 @@ See upstream [documentation][7] on TLS configuration.
61
61
A secret specified in an Ingress TLS element will only be applied to Ingress rules with `Host` configuration that exactly matches an element of the TLS `Hosts` field.
62
62
Any secrets that do not match an Ingress rule `Host` will be ignored.
63
63
64
-
Ingress v1 does not allow the `secretName` field to contain a string with a full `namespace/name` identifier.
65
-
This is a major change from Ingress v1beta1 and causes secrets referenced by v1 resources to be in the same namespace as the Ingress resource.
66
-
This also disables Contour's [TLS secret delegation][8] behavior across namespaces in Ingress v1.
64
+
In Ingress v1beta1, the `secretName` field could contain a string with a full `namespace/name` identifier.
65
+
When used with Contour's [TLS certificate delegation][8], this allowed Ingresses to use a TLS certificate from a different namespace.
66
+
However, Ingress v1 does not allow the `secretName` field to contain a string with a full `namespace/name` identifier, because the field validation disallows the `/` character.
67
+
Instead, Ingress v1 resources can now use the `projectcontour.io/tls-cert-namespace` annotation, to define the namespace that contains the TLS certificate (if different than the Ingress's namespace).
68
+
This enables the TLS certificate delegation functionality to continue working for Ingress v1.
69
+
For more information and an example, see the [TLS certificate delegation documentation][8].
0 commit comments