Multiple domains

Setting up environment-specific domains with TLS

Example: Use different domains for production and staging environments

Add acme chart to helmfiles/jx-production/helmfile.yaml

- chart: jx3/acme
  version: 0.0.19
  condition: jxRequirementsIngressTLS.enabled
  name: acme-jx
  namespace: jx-production
  values:
  - jx-values.yaml
  - acme-values.yaml

Create a file helmfiles/jx-production/acme-values.yaml

issuer:
  enabled: true
  cluster: false

Do the same for other environments, e.g. staging. Make sure the correct namespace is set.

Add ingress and tls configuration to the environments in jx-requirements.yaml

  environments:
    - ingress:
        domain: staging.foo.io
        externalDNS: true
        tls:
          email: admin@foo.com
          enabled: true
          production: true
          secretName: tls-staging-foo-io-p
      key: staging
    - ingress:
        domain: foo.io
        externalDNS: true
        tls:
          email: admin@foo.com
          enabled: true
          production: true
          secretName: tls-foo-io-p
      key: production

Make sure to use the correct secretName, as it’s being generated (production or staging) by the acme chart.

Since you don’t need namespaceSubDomain any more, set it to . in the root ingress config.

Commit and push the changes

git commit -m 'chore: update ingress config'
git push

After the pipeline has successfully run, you should have

a ClusterIssuer for the dev domain
a Issuer for production in the namespace jx-production
a Issuer for staging in the namespace jx-staging

Applications should pick up the secret name from jx-values.yaml and use the correct certificate.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified June 15, 2021: chore: add docs for domain per env with tls (238f444092)