Hi all,
I’m kubernetes newbie, I started to learn about K8S and I have read “Hands-on Kubernetes on Azure, Third Edition” and try AKS trial recently
I get this strange issue when trying to expose my app (nginx+php) with http and https , this is my ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: simple-frontend-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
tls:
- hosts:
- app.mydomain.com
secretName: my-tls
rules:
- host: app.mydomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-frontend-service
port:
number: 80
When I try to browse http://app.mydomain.com/test.php , I get error timeout, can’t connect to the server …
But I can browse https://myapp.mydomain.com/test.php
Instead , I should browse both http and https successfully , right ?
I want to know what’s wrong , please let me know if you need more information.
I wonder if configuring a TLS ingress is not inclusive of non-TLS ingress. When I checked out this I was left uncertain, because if you look at the Expose services over HTTPS section in isolation; you could assume it’s inclusive because it says “Now the guestbook application will be available on both HTTP and HTTPS”. However, if you look at the page from the top down as a guide, it could be exclusive, saying to have two separate configs, but that also doesn’t make sense to me because both resources would have the same name, but the referenced yaml files have different names… ¯\_(ツ)_/¯
If you configure this without spec.tls in it, does http work?
Hi protosam,
It works without spec.tls , I can browse http://app.mydomain.com/test.php successfully.
I was going to do it step by step : expose http → expose http & https both → redirect http to https , you know , to check how it works.
At the beginning they used “OR” word but at the end they used “AND” word 
It seems they applied “ing-guestbook.yaml” (expose http only) first , “ing-guestbook-tls.yaml” (Without specified hostname) next , then “ing-guestbook-tls-sni.yaml” (With specified hostname) finally to override ingress rule because they have same name ?
Should I try to use Nginx as Ingress instead of Azure Application Gateway ?
I’m of the opinion you should use whatever you like that works. These ingress options are just tools. If you like the Nginx controller, use it. If you want to live in the AKS ecosystem, there’s nothing wrong with that, you just gotta figure out how it works.
When I was mentioning the documentation, I was ultimately wondering if you actually just need two objects like this?
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: simple-frontend-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- host: app.mydomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-frontend-service
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: simple-frontend-ingress-tls
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
tls:
- hosts:
- app.mydomain.com
secretName: my-tls
rules:
- host: app.mydomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-frontend-service
port:
number: 80
You are right, I need 2 individual ingress rules for http and https to expose both.