Azure AKS .NET Core with SignalR SSL Ingress

10/23/2019

What's the recommended way to setup SSL/TLS with AKS for a .NET Core website that uses SignalR?

From what I can tell Azure Front Door doesn't work because it doesn't support Websockets.

And AKS doesn't have a service like AWS does for doing SSL/TLS.

Do I really have to use a ngnix proxy on top to make this work?

Also, looks like same problem for gRPC in .NET Core and Azure. Basically no way to hose gRPC on Azure at all right now.

Suggestions?

-- James Hancock
azure
azure-front-door
azure-kubernetes

1 Answer

10/24/2019

Application Gateway provides native support for WebSocket across all gateway sizes. There is no user-configurable setting to selectively enable or disable WebSocket support. see Overview of WebSocket support in Application Gateway.

With the application gateway, you can create listeners on port 80/443 to support WebSocket traffic and health probe supports for HTTP and HTTPS protocols. APP GW also support SSL offload and end to end SSL traffic.

There are two options for App GW conjunction with AKS. One is simply to put the APP GW in front of the internal or public Loadbalancers with AKS, see this blog. Another better one currently is using Application Gateway Ingress Controller. This is supported by Application Gateway v2 only. enter image description here

For more references:

-- Nancy Xiong
Source: StackOverflow