Can't use a ACM certificate with multiples wildcard

[jwillker]

I have a use case where I need to create a gateway, and the ALB listener should use an ACM certificate, but this certificate has at least 8 wildcard domains.

So I tried to create the gateway without using a hostname field and got the following error: Failed build model due to No hostnames found for TLS cert discovery for listener on gateway XXXXX with protocol:port HTTPS:443

After using a hostname, it also created a listener rule to only match this single domain, but I have more than one. I don't see a way to add a regex to catch all domains.

Also, I can't create all possible domains as new gateway listeners because each gateway has different certificates, which makes this hard to maintain.

My Gateway:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: alb-ingress-public-test
  namespace: envoy-gateway-system
spec:
  gatewayClassName: aws-alb
  infrastructure:
    parametersRef:
      group: gateway.k8s.aws
      kind: LoadBalancerConfiguration
      name: alb-config-ingress-public
  listeners:
  - allowedRoutes:
      namespaces:
        from: All
    name: http
    port: 80
    protocol: HTTP
  - allowedRoutes:
      namespaces:
        from: All
    hostname: '*.my.domain-1.net'
    name: https
    port: 443
    protocol: HTTPS
    tls:
      certificateRefs:
      - group: ""
        kind: Secret
        name: arn:aws:acm:XXXXXXXXXXXXXXXXXX
      mode: Terminate

I also tried using one more listener without a hostname to merge and create a new listener, but it didn't work.
What can I do to achieve this behavior?

[zac-nixon]

Can you use a LoadBalancerConfiguration to specify the ARN?
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/gateway/loadbalancerconfig/#listenerconfiguration

You can attach the cert ARN to the listener that way.