Cannot preserve original host header when setting trusted root certificate

[chrismilson]

Describe the bug

When setting the appgw.ingress.kubernetes.io/appgw-trusted-root-certificate annotation on an ingress resource in AKS, the corresponding backend settings will contain "Override with new host name" set to "Yes". (Defined in code here)

This breaks my current use case:

• I have multiple clients each accessing the same backend via different hostnames.
• The TLS certificate for communication between the AGW and the backend is signed with an internal CA, but it does include all of the hostnames that clients may be requesting from.

To Reproduce

Create an ingress resource that sets the appgw.ingress.kubernetes.io/appgw-trusted-root-certificate annotation but does not set the appgw.ingress.kubernetes.io/backend-hostname annotation.

Associated Azure Support Ticket

TrackingID#2303040040001140

[chrismilson]

There is a comment in the code: // To use an HTTP setting with a trusted root certificate, we must either override with a specific domain name or choose "Pick host name from backend target".

When configuring backend settings in the Azure Portal, however, there is no limitation to supply extra trusted root certificates without overriding the host name.

[chrismilson]

There is a workaround for this which seems obvious now. Don't try to put multiple hosts on the one Ingress resource, just create a different Ingress for each host, and set the hostname override to whatever that host is.

[dragorosson]

There is a workaround for this which seems obvious now. Don't try to put multiple hosts on the one Ingress resource, just create a different Ingress for each host.

Preserving the host header would be great for when the requests are all sent to a backend that does routing itself. Otherwise, yes, a separate ingress needs to be created for each host for the app gateway in addition to an ingress per host for the backend router (an istio gateway in my case). It would be great to not have to create two ingresses per host!