Need to expose web application running on kubernetes

Question

Need to expose web application running on kubernetes

Manpreet Singh 0

Hi Team,

I have deployed applications on kubernetes. I need help to expose my application via ingress controller. I have certificate in place. I need ingress controller file with ssl and http-https redirect configuration for Azure.

Please find below ingress file I have used for GCP .

apiVersion: networking.gke.io/v1beta1

kind: FrontendConfig

metadata:

name: hubonweb-frontend-config

spec:

redirectToHttps:

enabled: true

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

name: ingress-staging-hubon

annotations:

kubernetes.io/ingress.global-static-ip-name: staging-hubon

networking.gke.io/managed-certificates: managed-cert-staging-hubon

kubernetes.io/ingress.class: "gce"

networking.gke.io/v1beta1.FrontendConfig: hubonweb-frontend-config

spec:

defaultBackend:

service:

  name: hubon-web

  port:

    number: 80

rules:

host: "staging.letshubon.com" http: paths:
- pathType: Prefix path: "/" backend: service:
```
name: hubon-web

port:

  number: 80
```
host: "staging.gardeneur.com" http: paths:
- pathType: Prefix path: "/lets" backend: service:
```
name: hubon-web

port:

  number: 80
```
host: "staging-api.letshubon.com" http: paths:
- pathType: Prefix path: "/" backend: service:
```
name: hubon-api

port:

  number: 3010
```
host: "staging-route.letshubon.com" http: paths:
- pathType: Prefix path: "/" backend: service:
```
name: hubon-route

port:

  number: 80
```
host: "staging.letshubon.com" http: paths:
- pathType: Prefix path: "/shop" backend: service:
```
name: hubon-shop

port:

  number: 80
```
host: "staging-localpickup.letshubon.com" http: paths:
- pathType: Prefix path: "/" backend: service:
```
name: hubon-localpickup

port:

  number: 3000
```

Pramidha Yathipathi 1,135 Microsoft External Staff Moderator

Hi Manpreet Singh,

Ensure you have the NGINX Ingress Controller installed in your AKS cluster. If not, you can deploy it using Helm:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install nginx-ingress ingress-nginx/ingress-nginx \
  --set controller.publishService.enabled=true

TLS certificate should be stored as a Kubernetes secret:

kubectl create secret tls hubon-tls-secret --cert=your-cert.pem --key=your-key.pem -n your-namespace

Ingress Configuration for AKS

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-aks-hubon
  namespace: your-namespace
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
      - staging.letshubon.com
      - staging-api.letshubon.com
      - staging-route.letshubon.com
      - staging-localpickup.letshubon.com
    secretName: hubon-tls-secret
  rules:
  - host: "staging.letshubon.com"
    http:
      paths:
      - path: "/"
        pathType: Prefix
        backend:
          service:
            name: hubon-web
            port:
              number: 80
      - path: "/shop"
        pathType: Prefix
        backend:
          service:
            name: hubon-shop
            port:
              number: 80
  - host: "staging-api.letshubon.com"
    http:
      paths:
      - path: "/"
        pathType: Prefix
        backend:
          service:
            name: hubon-api
            port:
              number: 3010
  - host: "staging-route.letshubon.com"
    http:
      paths:
      - path: "/"
        pathType: Prefix
        backend:
          service:
            name: hubon-route
            port:
              number: 80
  - host: "staging-localpickup.letshubon.com"
    http:
      paths:
      - path: "/"
        pathType: Prefix
        backend:
          service:
            name: hubon-localpickup
            port:
              number: 3000

Save the YAML file as aks-ingress.yaml

Apply it to your AKS cluster

kubectl apply -f aks-ingress.yaml -n your-namespace

This configuration should enable HTTPS with automatic HTTP redirection and routing based on hostnames. If you are using Azure Application Gateway Ingress Controller (AGIC) instead of NGINX.

Please refer the documents below:

https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-nginx-tls

https://learn.microsoft.com/en-us/azure/aks/app-routing-dns-ssl

https://learn.microsoft.com/en-us/azure/application-gateway/ingress-controller-annotations

If the comment was helpful, please don't forget to click "Upvote".

If you have any further queries, please let us know we are glad to help you.

Thank You.

Manpreet Singh 0 Reputation points

2025-03-27T16:11:45.2733333+00:00

How can I get certificate cert and key files. I have requested wildcard certificate on Azure a(App service certificate).
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-03-31T01:04:00.7133333+00:00

Hi Manpreet Singh,

Just checking in to see if you had a chance to review the comment on your question. Feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-04-01T01:37:04.2+00:00

Hi Manpreet Singh,

Just checking in to see if you had a chance to review the comment on your question. Feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.

2 answers

Your answer

Manpreet Singh 0 Reputation points

2025-03-27T16:11:45.2733333+00:00

How can I get certificate cert and key files. I have requested wildcard certificate on Azure a(App service certificate).
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-03-31T01:04:00.7133333+00:00

Hi Manpreet Singh,

Just checking in to see if you had a chance to review the comment on your question. Feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-04-01T01:37:04.2+00:00

Hi Manpreet Singh,

Just checking in to see if you had a chance to review the comment on your question. Feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.

Answer 1

Hello ManPreet,

Hope all is well.

Here you can find the concepts in AKS ingress:
https://learn.microsoft.com/en-us/azure/aks/concepts-network-ingress

In AKS we have the Managed NGINX ingress with the application routing add-on:

https://learn.microsoft.com/en-us/azure/aks/app-routing

With several example about how to config it. This is and add-on and you won't have to take care of upgrade nginx ingress controller any more .

In this link you will be able to find how to use the unmanaged ingress.
https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/load-bal-ingress-c/create-unmanaged-ingress-controller?tabs=azure-cli

Regards

Answer 2

Hi Manpreet Singh,

Export the Certificate from Azure

1.Navigate to Azure Portal → App Service Certificates.

2.Find your wildcard certificate and click on it.

3.Under “Certificate Configuration”, click “Export Certificate”.

4.Choose PFX format and download the certificate (.pfx file).

Once you have the .pfx file, you need to extract the certificate and private key using OpenSSL:

Extract the private key

openssl pkcs12 -in your-certificate.pfx -nocerts -nodes -out key.pem

Extract the certificate

openssl pkcs12 -in your-certificate.pfx -clcerts -nokeys -out cert.pem

You will be prompted, specify a password for the export operation. When you upload your TLS/SSL certificate to App Service later, you must provide the password.

Now, create a Kubernetes secret using the extracted cert.pem and key.pem:

kubectl create secret tls hubon-tls-secret \
  --cert=cert.pem \
  --key=key.pem \
  -n your-namespace

This will store your wildcard certificate as a TLS secret, which can be referenced in your Ingress configuration.

Ensure your Ingress YAML file references the hubon-tls-secret:

 tls:
- hosts:
    - staging.letshubon.com
  secretName: hubon-tls-secret

Once applied, your Ingress should use the wildcard certificate for secure HTTPS traffic.

Please refer this document:

https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Crbac%2Cazure-cli

If the comment was helpful, please don't forget to click "Upvote".

If you have any further queries, please let us know we are glad to help you.

Thank You.

Share via

Need to expose web application running on kubernetes

2 answers

Your answer