nirag tibdewal
Reputation: 81
Enable App Gateway ingress for Azure Kubernetes on 443 (https)
I am new to AKS and trying to set up the cluster and expose it via an app gateway ingress controller. While I was able to set up the cluster using az commands and was able to deploy and hit it using HTTP. I am having some challenges in enabling HTTPS over 443 in-app gateway ingress and looking to get some help.
- Below is our workflow and I am trying to setup app gateway listener on port 443
- Below is the k8 we used for enabling the ingress. If I apply is without ssl cert it woks but if I give ssl cert I get a 502 bad gateway.
- Cert is uploaded to KV and Cluster has KV add-on installed. But I am not sure how to attach this specific kv to cluster and whether the cert should be uploaded to gateway or Kubernetes.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: frontend-web-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/appgw-ssl-certificate: workspace-dev-cluster-cert
appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
appgw.ingress.kubernetes.io/request-timeout: "90"
appgw.ingress.kubernetes.io/backend-path-prefix: "/"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-svc
port:
number: 80
Upvotes: 1
Views: 3594
Answers (1)
Ramazan Kilimci
Reputation: 129
This link can help you with KV add-on certificate on App GW: https://azure.github.io/application-gateway-kubernetes-ingress/features/appgw-ssl-certificate/
I use different configuration to set certs on Appgw.
- I'm getting certificates via the akv2k8s tool. This creates secrets on k8s cluster.
- Then I use those certs in the ingress configuration. Please check tls definition under spec.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: frontend-web-ingress annotations: kubernetes.io/ingress.class: azure/application-gateway appgw.ingress.kubernetes.io/appgw-ssl-certificate: workspace-dev-cluster-cert appgw.ingress.kubernetes.io/cookie-based-affinity: "true" appgw.ingress.kubernetes.io/request-timeout: "90" appgw.ingress.kubernetes.io/backend-path-prefix: "/" spec: tls: - hosts: - yourdomain.com secretName: your-tls-secret-name rules: - http: paths: - path: / pathType: Prefix backend: service: name: frontend-svc port: number: 80
Upvotes: 2
Related Questions
- Azure App Service Certificate ssl to AKS ingress
- Kubernetes ingress controller cannot find TLS certificate secret
- Kubernetes Ingress Controller Fake Certificate error
- Ingress is not working for application gateway ingress controller (AGIC) add-on of AKS
- AKS AGIC Application Gateway Ingress Controller Not Deploying
- Azure application gateway how to connect with kubernetes ingress controller (nginx)
- Application Gateway Ingress Controller only works with root path /
- Can SSL offloading be configured when using the Application Gateway Ingress Controller?
- Setting up ingress controller in azure kubernetes
- setup ingress on azure k8s