Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Custom domain and Azure Kubernetes with ingress controller AKS

I've followed this doc from microsoft Deploy an HTTPS ingress controller on Azure Kubernetes Service (AKS) and have successfully deployed a managed Kubernetes cluster (AKS) with nginx ingress controller. it works with https as expected.

However, the domain that responds of the format subdomain.eastus2.cloudapp.azure.com. However I would like to use my own custom domain www.somedomain.com. I then add a CNAME entry to my custom domain, pointing to the public ip address configured by the kubernetes cluster.

However, when I do this, I get a response on the browser of

default backend - 404

It looks like I need to change the public ip address in Azure (or somewhere) so that it understands that it will be used by a custom domain as well as by an azure subdomain.

I've had a look at the command:

az network

command. However, it's not very clear is this is the right command to use or not. Does anyone know how I can make the changes required so that my custom FQDN can be routed properly to my kubernetes cluster?

thanks

like image 362
ossentoo Avatar asked Aug 14 '18 19:08

ossentoo


3 Answers

Here's the yaml that worked for me.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: webapp-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt-staging
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
    - subdomain.eastus2.cloudapp.azure.com
    - subdomain.domain.com
    secretName: tls-secret
  rules:
  - host: subdomain.eastus2.cloudapp.azure.com
    http:
      paths:
      - path: /
        backend:
          serviceName: aks-helloworld
          servicePort: 80
  - host: subdomain.domain.com
    http:
      paths:
      - path: /
        backend:
          serviceName: aks-helloworld
          servicePort: 80

See here for worked through example: Deploy an HTTPS ingress controller on Azure Kubernetes Service (AKS)

like image 150
ossentoo Avatar answered Oct 08 '22 19:10

ossentoo


The 'default backend 404' indicates that it is hitting the ingress controller. If it were being rejected or not reaching I'd expect a generic 404 without the 'default backend' bit. This response means it is hitting the ingress contoller but the inress controller doesn't know where to send it on to. This is because there's no ingress route/resource matching the host of that request. The steps to create that route/resource are specific to the domain so the ingress rules only match for the azure domain and not the custom one. I think you'll need to go back and repeat the ingress resource and certificate steps for your custom domain as those steps are domain-specific.

like image 4
Ryan Dawson Avatar answered Oct 08 '22 17:10

Ryan Dawson


I've been facing the same problem the last couple of days and came across an awesome step-by-step guide which allowed me to use custom domains and provisioning certs with Letsencrypt.

If you want to use your own custom certificates you may want to follow this article instead

like image 4
gvilarino Avatar answered Oct 08 '22 19:10

gvilarino