Share via

AKS Ingress works with IP and DNS label but not with Cloudflare DNS Record

Filip Curin 20 Reputation points
2024-09-09T13:34:47.97+00:00

So, I created an AKS cluster with 2 deployments:

  1. C# RESTfull API
  2. C# YARP API Gateway

both have ClusterIP services. I added nginx ingress controller to my cluster and created an ingress component in namespaces where the pods and services of my deployments are running and it looks like this:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api-gateway-ingress
  namespace: apps
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    cert-manager.io/cluster-issuer: letsencrypt-staging
    kubernetes.io/tls-acme: "true"
spec:
  ingressClassName: nginx
  rules:
  - host: myhost.hr 
  - http:
      paths:
      - path: /api(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: api-gateway-service
            port:
              number: 3000
      - path: /(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: aks-helloworld-two
            port:
              number: 80
  tls:
  - hosts:
    - myhost.hr
    secretName: letsencrypt-staging

I got my IP address and my host in Azure portal "Ingresses" on Kubernetes cluster a even went so far as to configure the DNS label for that IP address-

and this worked if I went to http://{ingressIp}/api/{endpoint} I get the response same as for http://{azureDnsLabel}/api/{endpoint} everything works as expected.

Then the next step was to go to Cloudflare and configure the DNS record that I did creating the CNAME entry that points to my Azure DNS label. Also, I created the Cert manager and ClusterIssuer in my AKS as a part of debugging the issue:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
  namespace: cert-manager
spec:
  acme:
    email:
Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,461 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-09-10T00:37:59.6066667+00:00

    Hi Filip Curin,

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
    It looks like your AKS Ingress works with the IP and Azure DNS label but not with the Cloudflare DNS record.
    To resolve this, ensure that the DNS changes have fully propagated using tools like nslookup or dig to verify the DNS records. If you're using Cloudflare's proxy (orange cloud icon), try disabling it (switch to DNS-only mode, grey cloud icon) to see if it resolves the issue. Also, make sure the SSL/TLS settings in Cloudflare are set to Full (Strict) to match your AKS cluster’s certificate (especially if you're using Let's Encrypt). Additionally, check if any firewall rules or network security groups are blocking traffic from Cloudflare to your AKS cluster and verify that your Ingress annotations are correctly configured.
    For more details, refer to this Use Let's Encrypt certificates in AKS on configuring Let's Encrypt with AKS.

    If you have any further queries, do let us know. If the comment is helpful, please click "Upvote"

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.