External https on azure kubernetes managed service

8/12/2018

I've managed to deploy a .netcore api to azure kubernetes managed service (ACS) and it's working as expected. The image is hosted in an azure container registry.

I'm now trying to get the service to be accessible via https. I'd like a very simple setup.

  • firstly, do I have to create an openssl cert or register with letencrypt? I'd ideally like to avoid having to manage ssl certs separately, but from documentation, it's not clear if this is required.

  • secondly, I've got a manifest file below. I can still access port 80 using this manifest. However, i am not able to access port 443. I don't see any errors, so it's not clear what the problem is. Any ideas?

thanks

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: someappservice-deployment
  annotations:
    service.beta.kubernetes.io/openstack-internal-load-balancer: "false"
    loadbalancer.openstack.org/floating-network-id: "9be23551-38e2-4d27-b5ea-ea2ea1321bd6"
spec:
  replicas: 3
  template:
    metadata:
      labels:
        app: someappservices
    spec:
      containers:
      - name: someappservices
        image: myimage.azurecr.io/someappservices
        ports:
        - containerPort: 80
        - containerPort: 443
---
kind: Service
apiVersion: v1
metadata:
  name: external-http-someappservice
spec:
  selector:
    app: someappservices
  type: LoadBalancer
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    port: 443
    protocol: TCP        
    targetPort: 443
-- ossentoo
azure
kubernetes

2 Answers

8/13/2018

If I do not misunderstand that you want to access your service via https with simple steps. Yes, If you don't have particularly strict security requirements such as SSL certs, you can just expose the ports to load balancer and access your service from the Internet, it's simple to configure.

The yaml file you posted looks all right. You can check from the Kubernetes dashboard and Azure portal, and the screenshot like this:

enter image description here enter image description here

You also can check with the command kubectl get svc and the screenshot will like this: enter image description here

But if you have particularly strict security requirements, you need nginx ingress controller like the answer in this case. Actually, the https is a network security protocol, you need to configure nginx ingress controller indeed.

-- Charles Xu
Source: StackOverflow

8/12/2018

From what I understand, you will need something like an NGINX ingress controller to handle the SSL termination and will also need to manage certificates. Kubernetes cert-manager is a nice package that can help with the certs.

Here is a write up on how to do both in an AKS cluster:

Deploy an HTTPS enabled ingress controller on AKS

-- Neil Peterson
Source: StackOverflow