How to setup Aks Ingress with Azure Private DNS

0
votes

I created AKS with internal ingress Nginx. This comes up like below in the cluster.

enter image description here

Then I created Azure private DNS Service. In the Azure private DNS service, I created a 'Record set' like

Blockquote

enter image description here

Technically, i should be able to access LoadBalancer External ip with promotion.mydomain.com (as example). Insted of this, I'm having '502 Bad Gateway' error when i hit http://promotion.mydomain.com in the browser. Any advice?

2
azurenginx-ingressazure-aksazure-dns
is your ingress configured to use that domain name? are your ingress deployments working properly? are they bound to the services correctly?4c74356b41
ingress deployment is fine. If i access the application like http:10.240.0.42/promotion.Tun
Any more updates for the question? Does it solve your problem? If yes, please accept it. Just give a response.Charles Xu

2 Answers

1
votes

I see your purpose is to create AKS with internal Ingress Nginx and use the custom DNS. And I see your Ingress external IP is 10.240.0.42. It seems it's a private IP of the subnet which you AKS nodes in.

So I think you need to create An Azure Application Gateway or Azure Load Balancer to route your request from the Internet to your internal Ingress Nginx interface. And the A record also needs to be changed, you need to change the IP into the public IP of the one which you choose from Azure Application Gateway and Azure Load Balancer. I think you know you need to update your custom DNS setting in the DNS server which you DNS in.

When all things are being done. The requests routing path will like this:

  1. Internet ( your custom DNS)
  2. Azure DNS Server
  3. Azure Public IP of the Application Gateway or Load Balancer ( this is what I think you missed)
  4. 10.240.0.42 ( ingress Nginx internal IP)
  5. AKS Ingress Nginx
  6. Service
  7. Deployment or Pod
1
votes

I faced the same issue and have been able to solve it recently.

I created another Ingress but in the desired namespace (mine was default) with the following definition :

(I have enabled tls but you can remove that part)

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
  name: my-custom-ingress
spec:
  tls:
  - hosts:
    - foo.mydomain.com
    secretName: my-tls-secret
  rules:
    - host: foo.mydomain.com
      http:
        paths:
        - path: /
          backend:
            serviceName: my-foo-app-service-nodeport
            servicePort: 4444

First of all find the EXTERNAL IP of your nginx ingress and keep it in mind:

kubectl get svc --namespace ingress-basic

Then in the Azure DNS zone you can attach the domain to an Azure Resource :

  1. Open azure portal.
  2. Go in the MC_... resource group created by your AKS cluster.
  3. Find the LoadBalancer resource and click it.
  4. On the LoadBalancer, go into "Frontend IP Configuration". You'll then see a list of public IP with a related ResourceId (example: 11.22.33.44 (xxx-yyyy-bbb))
  5. Find the IP that is corresponding to the LoadBalancer IP you found on the LoadBalancer (before step 1) and memorize the associated object id.
  6. Open you Azure DNS zone and create new domain (or edit one)
  7. Set "Alias Record Set: Yes" then "Alias type: Resource"
  8. Under "Azure Resource" find the resource that has the ResourceId you found in step 5 and select it.
  9. Save

Now it should work.