My setup is this: Azure AKS with application gateway as the ingress. I have a deploy.yml and a service.yml describing my service, and I have a tls secret set up properly.
Problem is this, I can use the Azure portal to manually create an HTTPS listener with the secret I created, and everything works just fine. How do I know it's working properly? I use curl with the https protocol and I get the desired result. Also I look at the pod log and see the request coming in properly.
However as soon as I update a deployment (using kubectl apply -f deploy.yml) all my manual work is reset and the listeners are recreated using HTTP, and I have to redo all the work: Create an HTTPS listener, move the rules to the new listener, etc.
This is my ingress.yml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/backend-path-prefix: "/"
appgw.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- my.website.com
secretName: my-secret
rules:
- http:
paths:
- path: /api1/*
backend:
serviceName: my-first-svc
servicePort: 80
- path: /api2/*
backend:
serviceName: my-first-svc
servicePort: 8081
And this is my deploy.yml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-pod
image: myuser/my-app:v10
ports:
- containerPort: 80
- containerPort: 6666
env:
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: app-secrets
key: connection-string
livenessProbe:
httpGet:
path: /api/values
port: 80
initialDelaySeconds: 10
periodSeconds: 10
What am I doing wrong? Thanks
UPDATE Found the answer, the problem is with the ingress.yml file, I was missing a host entry in the first spec.rules object:
spec:
tls:
- hosts:
- my.website.com
secretName: my-secret
rules:
- host: my.website.com # <----- THIS WAS MISSING!
http:
paths:
- path: /api1/*
backend:
