event grid validation with AKS

6/17/2019

Azure eventgrid subscription verification with AKS/ingress TLS certificates generated by certificate manager

Trying to add a subscription to azure eventgrid custom topic with webhook. Webhook is springboot application deployed on AKS. Exposed using ingress controller. Used certificate manager to generate certificates.

No problem with the application code as i could successfully create a event subscription with the same code running on my local(exposing through public IP).

I am able to access the application from postman. When I POST validation JSON from postman i am getting valid response. {"validationResponse": "0000000000-0000-0000-0000-00000000000000"}

So the problem should be with certificates or security or ingress.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
    name: sample-ingress
    namespace: hello
    annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt-staging
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
    tls:
    - hosts:
        - demo-test.eastus.cloudapp.azure.com
        secretName: tls-secret
    rules:
    - host: demo-test.eastus.cloudapp.azure.com
        http:
        paths:
            - backend:
                serviceName: api
                servicePort: 80
            path: /(.*)
            - backend:
                serviceName: api
                servicePort: 80
            path: /api/(.*)
            - backend:
                serviceName: workflow
                servicePort: 80
            path: /workflow/(.*)

---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
    name: letsencrypt-staging
    namespace: hello
spec:
    acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: user@contoso.com
    privateKeySecretRef:
        name: letsencrypt-staging
    http01: {}

Azure eventgrid subscription validation should be success. https://docs.microsoft.com/en-us/azure/aks/ingress-tls followed the above link.

-- Naresh Buruzula
azure
azure-eventgrid
azure-kubernetes
kubernetes-ingress

1 Answer

6/18/2019

The problem was with self signed certificates. Things worked after giving valid certificates

-- Naresh Buruzula
Source: StackOverflow