v0.7.0 — Multiple `ingress {}` blocks per workload, with parse-time conflict detection.
Multiple ingress {} blocks per workload, with parse-time conflict detection.
Changes
deploymentandstatefulsetblocks now accept any number ofingress {}sub-blocks. Each block becomes its own KubernetesIngressresource (and a cert-managerCertificate, whentls = truewithout an explicittls_secret). Previously, a secondingress {}block silently overwrote the first.- Resource naming for ingress blocks: the first block defaults to the workload name (e.g.
web), and subsequent blocks are auto-suffixed (web-2,web-3, ...). Setname = "..."to override. ingress_defaultsnow applies to everyingress {}block on every workload — not just the first.- New parse-time validation rejects two error classes that would otherwise produce broken or conflicting manifests:
- Two ingresses in the same namespace resolving to the same Ingress resource name (whether by explicit
name, auto-suffix collision, or cross-workload conflict). - Two ingresses in the same namespace deriving the same cert-manager
Certificatesecret name (e.g. both TLS, notls_secret, same first host). The error message points you attls_secretto BYO and skip Certificate generation, or at changing the first host.
- Two ingresses in the same namespace resolving to the same Ingress resource name (whether by explicit
kdef importnow round-trips multiple ingresses against the same backend service as separateingress {}blocks.
Use cases
- Apex →
wwwredirect vianginx.ingress.kubernetes.io/permanent-redirectannotation alongside the main TLS ingress. - Splitting hosts onto separate Ingress resources for distinct annotation sets (proxy timeouts, body-size limits) without leaving the deployment block.
Docs
docs/block-types.md— rewritten ingress section with naming rules and conflict semantics.docs/variables.md— clarifiedingress_defaultsapplies per-block.
Compatibility
Backward compatible. Existing configs with a single ingress {} produce identical manifests.