Share via

I want to install a private certificate (https) with Azure kubernetes but it is not working

gamelof 1 Reputation point
2022-07-15T19:21:25.527+00:00

I'm trying to install the following certificate that I got for free with azure kubernetes, but it doesn't work. Can you help?

When I do the dns redirect it works like below but not with certificate

http://xxx.com -> working
https://xxx.com -> not working

Dockerfile

FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY ["WebApp/WebApp.csproj", "WebApp/"]
RUN dotnet restore "WebApp/WebApp.csproj"
COPY . .
WORKDIR "/src/WebApp"
RUN dotnet build "WebApp.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "WebApp.csproj" -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "WebApp.dll"]
Docker-Compose

version: "3.4"

services:
webapp:
image: ${DOCKER_REGISTRY-}webapp
ports:

  • "5080:80"
  • "50443:443"
    build:
    context: .
    dockerfile: WebApp/Dockerfile

Docker-compose-ovveride

version: "3.4"

services:
webapp:
environment:

  • ASPNETCORE_ENVIRONMENT=Development
  • ASPNETCORE_URLS=https://+:443;http://+:80
    ports:
  • "5080:80"
  • "50443:443"
    volumes:
  • ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
  • ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro

Yaml File

apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
service.kubernetes.io/azure-load-balancer-internal: "true"
name: webapp
labels:
app: webapp
spec:
replicas: 2
selector:
matchLabels:
service: webapp
template:
metadata:
labels:
app: webapp
service: webapp
spec:
containers:

  • name: webapp
    image: xxx.azurecr.io/webapp:v1
    imagePullPolicy: Always
    ports:
  • containerPort: 80
    name: http
  • containerPort: 443
    name: https
    apiVersion: v1
    kind: Service
    metadata:
    name: webapp
    labels:
    app: webapp
    service: webapp
    spec:
    type: LoadBalancer
    ports:
  • protocol: TCP
    port: 80
    targetPort: 80
    name: http
  • protocol: TCP
    port: 443
    targetPort: 443
    name: https
    selector:
    service: webapp

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tls-example-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/ssl-redirect: "true"
appgw.ingress.kubernetes.io/appgw-ssl-certificate: "mysecret"
spec:
tls:

hosts:
xxx.com
secretName: mysecret
rules:
host: xxx.com
http:
paths:
path: /
pathType: Prefix
backend:
service:
name: webapp
port:
number: 80
apiVersion: v1
kind: Secret
metadata:
name: mysecret
data:
tls.crt: xxxx
tls.key:xxx
type: kubernetes.io/tls

Azure Kubernetes Service
Azure Kubernetes Service

An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.

Developer technologies | ASP.NET Core | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. srbhatta-MSFT 8,591 Reputation points Microsoft Employee
    2022-07-19T06:55:20.327+00:00

    Hi @gamelof , have you tried following this document - certificate ?

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.