CODEWITHSUNDEEP
kuberneteskubernetes-ingressazure-aks
gunnarst
gunnarst

Reputation: 53

AKS ingress controller with static ip for a sub-domain

I'm been doing the steps in this tutorial: Create an ingress controller with a static public IP address in Azure Kubernetes Service (AKS)

When I finish the tutorial, I can browse to the DNS name label for the static ip: https://demo-aks-ingress.eastus.cloudapp.azure.com

What I don't get is, lets say I have a sub-domain hello.john.com. How can I configure the DNS of the sub-domain to point to https://demo-aks-ingress.eastus.cloudapp.azure.com so it will work with https and letsencrypt that I setup in the AKS tutorial above?

Upvotes: 1

Views: 1371

Answers (1)

Matt
Matt

Reputation: 8162

Based on this issue comment on k8s github repo, it looks like it should work if you do the following:

  • create a CNAME record for hello.john.com domain and point it to demo-aks-ingress.eastus.cloudapp.azure.com
  • add second domain to ingress (so that ingress knows how to route it)
  • add second domain to certificate object (so that cert-manager can generate a valid certificate for this domain)

Ingress part:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: hello-world-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-staging
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/server-alias: "hello.john.com"  #👈
spec:
  tls:
  - hosts:
    - demo-aks-ingress.eastus.cloudapp.azure.com
    - hello.john.com      #👈
    secretName: tls-secret
  rules:
  - host: demo-aks-ingress.eastus.cloudapp.azure.com
    http:
      paths:
      - backend:
          serviceName: aks-helloworld
          servicePort: 80
        path: /hello-world-one(/|$)(.*)
      - backend:
          serviceName: ingress-demo
          servicePort: 80
        path: /hello-world-two(/|$)(.*)
      - backend:
          serviceName: aks-helloworld
          servicePort: 80
        path: /(.*)

Docs:

Certificate part:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: tls-secret
  namespace: ingress-basic
spec:
  secretName: tls-secret
  dnsNames:
  - demo-aks-ingress.eastus.cloudapp.azure.com
  - hello.john.com      #👈
  acme:
    config:
    - http01:
        ingressClass: nginx
      domains:
      - demo-aks-ingress.eastus.cloudapp.azure.com
      - hello.john.com      #👈
  issuerRef:
    name: letsencrypt-staging
    kind: ClusterIssuer

Docs:

Upvotes: 3

Related Questions