Certificate is not updated if ingress tls hosts is a wildcard and rules use specific hosts

[dgaffuri]

Hi

Using version 1.4.1 with certificate update support on secret change, the controller sees that the secret containing a wildcard certificate is updated but does not update the certificate if the only host listed in tls is a wildcard one

  - host: host1.example.com
    http:
      paths:
      - backend:
          service:
            name: aservice
            port:
              name: https
        path: /
        pathType: Prefix
  - host: host2.example.com
    http:
      paths:
      - backend:
          service:
            name: aservice
            port:
              name: https
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - '*.example.com'
    secretName: lets-encrypt-wildcard

The controller logs the following but noting happens

I0214 17:31:00.228716 1 ingress.go:181] updating ingress namespace/example because of secret namespace/lets-encrypt-wildcard

Adding one of the two hosts to the tls list will work.

Thanks for your attention

[nirpai]

@dgaffuri Hosts in the tls section need to explicitly match the hosts in the rules section for this to work.

[dgaffuri]

@nirpai Thank for your answer, but in fact the wildcard host matches any of the routes below, even if not explicitly, don't you think so?