question

gamelof avatar image
0 Votes"
gamelof asked srbhatta-msft answered

I want to install a private certificate (https) with Azure kubernetes but it is not working

I'm trying to install the following certificate that I got for free with azure kubernetes, but it doesn't work. Can you help?

When I do the dns redirect it works like below but not with certificate

http://xxx.com -> working
https://xxx.com -> not working

Dockerfile

FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY ["WebApp/WebApp.csproj", "WebApp/"]
RUN dotnet restore "WebApp/WebApp.csproj"
COPY . .
WORKDIR "/src/WebApp"
RUN dotnet build "WebApp.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "WebApp.csproj" -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "WebApp.dll"]
Docker-Compose

version: "3.4"

services:
webapp:
image: ${DOCKER_REGISTRY-}webapp
ports:
- "5080:80"
- "50443:443"
build:
context: .
dockerfile: WebApp/Dockerfile

Docker-compose-ovveride

version: "3.4"

services:
webapp:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
ports:
- "5080:80"
- "50443:443"
volumes:
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro

Yaml File

apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
service.kubernetes.io/azure-load-balancer-internal: "true"
name: webapp
labels:
app: webapp
spec:
replicas: 2
selector:
matchLabels:
service: webapp
template:
metadata:
labels:
app: webapp
service: webapp
spec:
containers:
- name: webapp
image: xxx.azurecr.io/webapp:v1
imagePullPolicy: Always
ports:
- containerPort: 80
name: http
- containerPort: 443
name: https
apiVersion: v1
kind: Service
metadata:
name: webapp
labels:
app: webapp
service: webapp
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 80
name: http
- protocol: TCP
port: 443
targetPort: 443
name: https
selector:
service: webapp

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tls-example-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/ssl-redirect: "true"
appgw.ingress.kubernetes.io/appgw-ssl-certificate: "mysecret"
spec:
tls:

hosts:
xxx.com
secretName: mysecret
rules:
host: xxx.com
http:
paths:
path: /
pathType: Prefix
backend:
service:
name: webapp
port:
number: 80
apiVersion: v1
kind: Secret
metadata:
name: mysecret
data:
tls.crt: xxxx
tls.key:xxx
type: kubernetes.io/tls

azure-kubernetes-servicedotnet-aspnet-core-mvc
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @gamelof ,
Thanks for reaching out to Microsoft QnA and apologies for the delay in response. I am looking into this query of yours and researching and will shortly get back to you. Thanks.

0 Votes 0 ·

Hi @gamelof , any update?

0 Votes 0 ·

1 Answer

srbhatta-msft avatar image
0 Votes"
srbhatta-msft answered

Hi @gamelof , have you tried following this document - certificate ?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.