Home > other >  Enable App Gateway ingress for Azure Kubernetes on 443 (https)
Enable App Gateway ingress for Azure Kubernetes on 443 (https)

Time:03-06

I am new to AKS and trying to set up the cluster and expose it via an app gateway ingress controller. While I was able to set up the cluster using az commands and was able to deploy and hit it using HTTP. I am having some challenges in enabling HTTPS over 443 in-app gateway ingress and looking to get some help.

  1. Below is our workflow and I am trying to setup app gateway listener on port 443
  2. Below is the k8 we used for enabling the ingress. If I apply is without ssl cert it woks but if I give ssl cert I get a 502 bad gateway.
  3. Cert is uploaded to KV and Cluster has KV add-on installed. But I am not sure how to attach this specific kv to cluster and whether the cert should be uploaded to gateway or Kubernetes.

enter image description here

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: frontend-web-ingress
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/appgw-ssl-certificate: workspace-dev-cluster-cert
    appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
    appgw.ingress.kubernetes.io/request-timeout: "90"
    appgw.ingress.kubernetes.io/backend-path-prefix: "/"
spec:
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend-svc
                port:
                  number: 80

CodePudding user response:

This link can help you with KV add-on certificate on App GW: https://azure.github.io/application-gateway-kubernetes-ingress/features/appgw-ssl-certificate/

I use different configuration to set certs on Appgw.

  1. I'm getting certificates via the akv2k8s tool. This creates secrets on k8s cluster.
  2. Then I use those certs in the ingress configuration. Please check tls definition under spec.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: frontend-web-ingress
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/appgw-ssl-certificate: workspace-dev-cluster-cert
    appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
    appgw.ingress.kubernetes.io/request-timeout: "90"
    appgw.ingress.kubernetes.io/backend-path-prefix: "/"
spec:
  tls:
    - hosts:
      - yourdomain.com
      secretName: your-tls-secret-name
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend-svc
                port:
                  number: 80
  • Related