When you install a AKS cluster you can configure it to deploy the http application routing addon or you you can update an existing cluster to deploy it.
Either way you end up with an NGINX Ingress Controller running, in the kube-system namespace of your cluster, with the following properties:
- ingress-class: addon-http-application-routing
- annotations-prefix: nginx.ingress.kubernetes.io
Does this means that you can use this controller for TLS termination? The answer is yes! And you can also use rate limits, and whitelisting as described in my post Secure your Kubernetes services with NGINX ingress controller, tls and more.
So to try it out, follow steps 2 and 5 of the previous post, but be sure to replace the contents of the ingress_rules.yaml file with the following yaml (Don’t forget to replace the DNS Zone Name):
1apiVersion: extensions/v1beta1
2kind: Ingress
3metadata:
4 name: dni-function
5 namespace: default
6 annotations:
7 kubernetes.io/ingress.class: addon-http-application-routing
8 nginx.ingress.kubernetes.io/rewrite-target: /
9spec:
10 tls:
11 - hosts:
12 - dni-function.<YOUR CLUSTERS DNS ZONE NAME>
13 secretName: tls-secret
14 rules:
15 - host: dni-function.<YOUR CLUSTERS DNS ZONE NAME>
16 http:
17 paths:
18 - path: /
19 backend:
20 serviceName: dni-function
21 servicePort: 80
Note that the kubernetes.io/ingress.class value must be: addon-http-application-routing
Once you have tls working go ahead and try rate limits and whitelisting!
Hope it helps.
Please download all code and files here and be sure to check the online documentation to learn more about the annotations and other NGINX features.
Comments