K
Q

Enable App Gateway ingress for Azure Kubernetes on 443 (https)

3/4/2022

I am new to AKS and trying to set up the cluster and expose it via an app gateway ingress controller. While I was able to set up the cluster using az commands and was able to deploy and hit it using HTTP. I am having some challenges in enabling HTTPS over 443 in-app gateway ingress and looking to get some help.

  1. Below is our workflow and I am trying to setup app gateway listener on port 443
  2. Below is the k8 we used for enabling the ingress. If I apply is without ssl cert it woks but if I give ssl cert I get a 502 bad gateway.
  3. Cert is uploaded to KV and Cluster has KV add-on installed. But I am not sure how to attach this specific kv to cluster and whether the cert should be uploaded to gateway or Kubernetes.

enter image description here

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: frontend-web-ingress
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/appgw-ssl-certificate: workspace-dev-cluster-cert
    appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
    appgw.ingress.kubernetes.io/request-timeout: "90"
    appgw.ingress.kubernetes.io/backend-path-prefix: "/"
spec:
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend-svc
                port:
                  number: 80
-- nirag tibdewal
azure-aks
azure-application-gateway
ingress-controller
kubernetes
ssl-certificate

Similar Questions

kube2iam - Invalid role: does not match annotated role
What is the reconciliation time for a controller in kubernetes deployed with operator-sdk or in general? Can you set a custom time to recon?
Error pushing images to docker registry inside kubernetes and ingress
How to expose an external IP address for a sample Istio application
Run Kubernetes api server in minikube in verbose mode

1 Answer

3/4/2022

This link can help you with KV add-on certificate on App GW: https://azure.github.io/application-gateway-kubernetes-ingress/features/appgw-ssl-certificate/

I use different configuration to set certs on Appgw.

1) I'm getting certificates via the akv2k8s tool. This creates secrets on k8s cluster. 2) Then I use those certs in the ingress configuration. Please check tls definition under spec.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: frontend-web-ingress
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/appgw-ssl-certificate: workspace-dev-cluster-cert
    appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
    appgw.ingress.kubernetes.io/request-timeout: "90"
    appgw.ingress.kubernetes.io/backend-path-prefix: "/"
spec:
  tls:
    - hosts:
      - yourdomain.com
      secretName: your-tls-secret-name
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend-svc
                port:
                  number: 80
-- Ramazan Kilimci
Source: StackOverflow