I have recently signed up to a free plan for Azure Kubernetes. My question relates to configuring CORS with ingress host based http application routing on Azure Kubernetes Service (AKS). I have tried to find an Azure Kubernetes Service (AKS) forum. This is the closest forum that relates to my question.

I have enabled the http_application_routing add on for my cluster. I have initially followed the documentation at http application routing. This successfully creates DNS zone entries for each of my ingress host endpoints. However, I wish to configure CORS access between the ingress host endpoints. Firstly, I added the annotations below with the kubernetes.io/ingress.class annotation set to addon-http-application-routing.

nginx.ingress.kubernetes.io/enable-cors:               "true"
nginx.ingress.kubernetes.io/secure-backends:        "true"
nginx.ingress.kubernetes.io/cors-allow-origin:        "https://www.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-headers:     "Authorization, Origin, X-Requested-With, Content-Type, Accept"
nginx.ingress.kubernetes.io/cors-allow-methods:     "DELETE, GET, POST, PUT, OPTIONS, HEAD"

However, I could then no longer access the ingress endpoints and no DNS zone entries were created. Subsequently, I installed the nginx ingress controller onto the cluster and set the kubernetes.io/ingress.class annotation to nginx. I then configured the kubernetes DNS Zone to have A and TXT records for the nginx ingress endpoints, (see listing below), to mirror the behaviour of the http application routing add on. However, these only lasted a short while and were then automatically removed from the Kubernetes cluster DNS zone.

Can anyone direct me to resources to:

1. Configure CORS for the ingress controller when using the ingress class addon-http-application-routing

or

2. Correctly configuring the DNS zone for each nginx ingress host endpoint so that record-sets added are not automatically removed.

Kind Regards

dcs3spp

---
apiVersion:                 extensions/v1beta1
kind:                       Ingress
metadata:
  name:                     ingress
      annotations:
      kubernetes.io/ingress.class:                               "nginx"
      nginx.ingress.kubernetes.io/enable-cors:            "true"
      nginx.ingress.kubernetes.io/secure-backends:        "true"
      nginx.ingress.kubernetes.io/cors-allow-origin:     "https://www.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io"
      nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
      nginx.ingress.kubernetes.io/cors-allow-headers:     "Authorization, Origin, X-Requested-With, Content-Type, Accept"
      nginx.ingress.kubernetes.io/cors-allow-methods:     "DELETE, GET, POST, PUT, OPTIONS, HEAD"

spec:
   rules:
   - host:                   www.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
        http:
           paths:
           - backend:
                serviceName:      angular-service
                servicePort:      8080
             path:               /
   - host:                   auth.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
         http:
            paths:
                - backend:
                    serviceName:      auth-server-service
                    servicePort:      4433
                path:               /
  - host:                   api.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
        http:
          paths:
          - backend:
              serviceName:      rest-api-service
              servicePort:      4444
            path:               /
  - host:                   notify.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
    http:
        paths:
        - backend:
           serviceName:      file-upload-notification-service
           servicePort:      4446
        path:               /
  tls:
      - secretName:             ingress-tls
      hosts:
      -                     www.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
      -                     auth.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
      -                     api.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
      -                     notify.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io

Edit 1: Further Information

From further reading, I understand that the HTTP application routing add on uses ExternalDNS + Nginx ingress controller. This would explain why any records I added to the zone, for use with my own Nginx ingress controller, were deleted. ExternalDNS deletes records from a zone that were not created by it.

I have successfully followed the example for one host entry.

Upon further research, when the CORS annotations were removed from the ingress rules yaml file all records were added to the DNS Zone.

I have created a gitlab project that contains two yaml rules files. One with CORS annotations and one without.

Today, I switched the Azure Kubernetes cluster location from westEurope to uksouth, which has recently become available.

Upon the first deployment, after 13 minutes no records were created in the DNS zone. After deleting the ingress rules deployment and then reapplying with CORS annotations, records for all hosts were created in the DNS zone. Maybe, it takes time for ExternalDNS to configure CORS and the westEurope location was slower in relation to my location of UK? Not sure why no DNS zone entries were created after 13 minutes upon first deploy..... Will continue monitoring......