Mapping the Azure FQDN to the nginx ingress public IP

LetsEncrypt requires a publicly-available DNS entry to verify ownership of the DNS entry before it issues the certificate. This ensures that you cannot hijack someone else's site. We have to map the public domain name given to us by azure to the external IP we get from Azure Loadbalancer in order to prove ownership.

Let's map our public domain, say handsonaks-ingress.westus2.cloudapp.azure.com, to <external-ip> (public IP from "kc get svc |grep ingress").

In case it is already taken, change the FQDN to something more unique to you, such as handsonaks-yourpetname-ing.

For LetsEncrypt, we need a valid FQDN in order for the certificate to be issued. LetsEncrypt assumes that if you are able to provide the valid IP for a given Domain Name System (DNS) entry, you have the rights to the domain. It will issue the certificate only after such verification. This is to prevent certificates being issued for your domain by bad actors.

The following script obtains a DNS name for a given Azure Public IP:

#!/bin/bash
# Public IP address of your ingress controller
IP="<external IP of the ingress service>"

# Name to associate with public IP address
DNSNAME="handsonaks-ingress-<yourname>"
# Get the resource-id of the public ip
PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv)
# Update public ip address with DNS name
az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME

Write down the DNS name. It will be handsonaks-ingress-<yourname>.westus2.cloudapp.azure.com.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset