Can SSL offloading be configured when using the Application Gateway Ingress Controller?

Question

I am using the Azure Application Gateway Ingress Controller for Kubernetes. I was able to successfully configure the controller to expose my Kubernetes Services over http. However, I would like the Application Gateway to do SSL offload. So that the Application Gateway will handle https requests, and then forward a plain http request to my Kubernetes service. Currently the Ingress Controller documentation for https requires you to specify the certificate for your Kubernetes Service.

Is it possible to configure the Ingress Controller to do SSL offload so that I don't have to configure https on my Kubernetes Services?

That looks like a feature request someone proposed for the Application Gateway. So I can't use it to fix my problem. — ilooner
Application gateway supports SSL termination at the gateway, after which traffic typically flows unencrypted to the backend servers. This feature allows web servers to be unburdened from costly encryption and decryption overhead. This is the feature of Application Gateway. But application gateway supports end to end SSL encryption. See this. — Charles Xu

4c74356b41 4c74356b41 · Accepted Answer · 2018-11-22T06:04:05

I would assume this is the document you are looking for.

  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    name: guestbook
    annotations:
      kubernetes.io/ingress.class: azure/application-gateway
  spec:
    tls:
      - secretName: <guestbook-secret-name>
    rules:
    - http:
        paths:
        - backend:
            serviceName: frontend
            servicePort: 80

ps. no idea why you would use application gateway with k8s. its garbage.

Can SSL offloading be configured when using the Application Gateway Ingress Controller?

2 Answers