Deploy ingress nginx with a domain in kubernetes

0
votes

I have deployed airflow in kubernetes as is descrived in this link: https://github.com/apache/airflow/tree/master/chart

To access the airflow UI I can do:

 kubectl port-forward svc/airflow2-webserver 8080:8080 --namespace default

But I would want to expose it in a url. I found this guide:

https://godatadriven.com/blog/deploying-apache-airflow-on-azure-kubernetes-service/

In the bottom part: FQDN with Ingress controller, he installs an nginx-ingress-controller and a cert manager.

Then I create a Cluster-issuer:

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
    - http01:
        ingress:
          class: nginx
          podTemplate:
            spec:
              nodeSelector:
                "kubernetes.io/os": linux

I install the ingress-routes.yml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: airflow-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt-staging
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
    - mydomain.westeurope.cloudapp.azure.com
    secretName: tls-secret-test2
  rules:
    - host: mydomain.westeurope.cloudapp.azure.com
      http:
        paths:
          - path: /
            backend:
              serviceName: airflow2-webserver
              servicePort: 8080

But when I try to get my certificate:

kubectl describe certificate

No resources found in default namespace.

I have deployed everything but I don´t know what is missing but when I go to my domain is still not trusted

1
kuberneteskubernetes-ingressnginx-ingress
What kubernetes version are you using? Could you confirm, that you have annotation "kubernetes.io/os": linux in at least one on your nodes? Your cluster is on Azure or you only followed tutorial on azure?PjoterS
Azure kubernetes service. Version: 1.16.13. OS type: LinuxJ.C Guzman

1 Answers

0
votes

It looks like your DNS A record is not pointing to your Ingress LoadBalancer public IP. Thus your cert-manager issuer is not able to validate your domain ownership from outside using http challange.

To verify you can use tool called MXToolBox. In your configuration (https://mxtoolbox.com/SuperTool.aspx?action=a%3amydomain.westeurope.cloudapp.azure.com&run=toolpage) it's pointing to private IP.

Solution

To resolve this issue, you should Add an A record to your DNS zone

az network dns record-set a add-record \
    --resource-group myResourceGroup \
    --zone-name MY_CUSTOM_DOMAIN \
    --record-set-name '*' \
    --ipv4-address MY_EXTERNAL_IP