I'm searching for a possibility to validate hostnames from ingress-ressources with different specs for different namespaces.
Scenario:
- Rancher 2.7.5
- k8s-version RKE2 v1.26.6
- on downstream vSphere-Cluster (Ubuntu 22.04 LTS)
- nginx-ingress-controller with default wildcard-certificate for *.cl01.k8s.domain.tld
Idea:
We have set up a "shared" k8s-cluster via Rancher to provide easy-to-use k8s-resources for our DEVs.
They'll get a Rancher project and can use more than one namespace.
The Rancher-PRoject and needed Namespaces will be provided externally via selfService tool only to be sure having the needed naming convention etc.
Each Rancher-project has a unique (randomized) name, f.eg "k12345", so every namespace in a Rancher project get a prefix with the Rancher-project-name, f.eg "k12345-default"
Challenge:
Because of the shared usage we need to validate the Ingress-hostnames per namespace. We don't want to use a separate ingress-controller for each project.
We want to use the default wildcard-certificate for all ingress-resources which are using the ingress-controller. We don't want to set up a subdomain for each project.
The Hostname should be created like something-.cl01.k8s.domain.tld (example: something-k12345.cl01.k8s.domain.tld)
We're able to set up annotations in all created namespaces to have the needed information in each namespace.
I have tried different ways but didn't find a working way. Any help is much appreciated!
