Let's create the lets-encrypt HTTPs frontend tunnel. Following is the Quick status update:
- Certificate manager for interfacing with the letsencrypt service √
- Public DNS name for our ingress √
- Certificate for our public FQDN
The missing piece is the connection between our public ingress to the frontend service. The following code will create that for you:
1 apiVersion: extensions/v1beta1
2 kind: Ingress
3 metadata:
4 name: frontend-aks-ingress
5 annotations:
6 kubernetes.io/ingress.class: nginx
7 certmanager.k8s.io/cluster-issuer: letsencrypt-prod
8 nginx.ingress.kubernetes.io/rewrite-target: /
9 spec:
10 tls:
11 - hosts:
12 - handsonaks-ingress.westus2.cloudapp.azure.com
13 secretName: tls-secret
14 rules:
15 - host: handsonaks-ingress.westus2.cloudapp.azure.com
16 http:
17 paths:
18 - path: /
19 backend:
20 serviceName: frontend
21 servicePort: 80
Let's break down the preceding code:
- Lines 1-2: Specifies that we want the Ingress resource.
- Lines 3-8: Gives it a name (frontend-aks-ingress) and, uses the nginx ingress, backed by the letsencrypt-prod certificate issuer, along with nginx specific rewrite target rule, to make the browser think that nginx is the root for all html/css/js files.
- Lines 9-13: Tells nginx ingress to obtain the certificates from secret tls-secret, which is set by the cert manager once it gets it for the handsonaks-ingress.westus2.cloudapp.azure.com host from the LetsEncrypt service.
- Lines 14-21: Specifies to nginx that any request that is coming for handsonaks-ingress.westus2.cloudapp.azure.com on the / path is handled by the frontend service on port 80.
You can verify that the service is up by launching https://handsonaks-ingress.westus2.cloudapp.azure.com/. You should see the following: