Let's create the lets-encrypt HTTPs frontend tunnel. Following is the Quick status update:

• Certificate manager for interfacing with the letsencrypt service √
• Public DNS name for our ingress √
• Certificate for our public FQDN

The missing piece is the connection between our public ingress to the frontend service. The following code will create that for you:

  1 apiVersion: extensions/v1beta1
  2 kind: Ingress
  3 metadata:
  4   name: frontend-aks-ingress
  5   annotations:
  6     kubernetes.io/ingress.class: nginx
  7     certmanager.k8s.io/cluster-issuer: letsencrypt-prod
  8     nginx.ingress.kubernetes.io/rewrite-target: /
  9 spec:
 10   tls:
 11   - hosts:
 12     - handsonaks-ingress.westus2.cloudapp.azure.com
 13     secretName: tls-secret
 14   rules:
 15   - host: handsonaks-ingress.westus2.cloudapp.azure.com
 16     http:
 17       paths:
 18       - path: /
 19         backend:
 20           serviceName: frontend
 21           servicePort: 80

Let's break down the preceding code:

• Lines 1-2: Specifies that we want the Ingress resource.
• Lines 3-8: Gives it a name (frontend-aks-ingress) and, uses the nginx ingress, backed by the letsencrypt-prod certificate issuer, along with nginx specific rewrite target rule, to make the browser think that nginx is the root for all html/css/js  files.
• Lines 9-13: Tells nginx ingress to obtain the certificates from secret tls-secret, which is set by the cert manager once it gets it for the handsonaks-ingress.westus2.cloudapp.azure.com host from the LetsEncrypt service.
• Lines 14-21: Specifies to nginx that any request that is coming for handsonaks-ingress.westus2.cloudapp.azure.com on the / path is handled by the frontend service on port 80.

You can verify that the service is up by launching https://handsonaks-ingress.westus2.cloudapp.azure.com/. You should see the following: