REGISTRY_NAME=heigoo CONTROLLER_REGISTRY=k8s.gcr.io CONTROLLER_IMAGE=ingress-nginx/controller CONTROLLER_TAG=v0.48.1 PATCH_REGISTRY=docker.io PATCH_IMAGE=jettech/kube-webhook-certgen PATCH_TAG=v1.5.1 DEFAULTBACKEND_REGISTRY=k8s.gcr.io DEFAULTBACKEND_IMAGE=defaultbackend-amd64 DEFAULTBACKEND_TAG=1.5 CERT_MANAGER_REGISTRY=quay.io CERT_MANAGER_TAG=v1.3.1 CERT_MANAGER_IMAGE_CONTROLLER=jetstack/cert-manager-controller CERT_MANAGER_IMAGE_WEBHOOK=jetstack/cert-manager-webhook CERT_MANAGER_IMAGE_CAINJECTOR=jetstack/cert-manager-cainjector az acr import --name $REGISTRY_NAME --source $CONTROLLER_REGISTRY/$CONTROLLER_IMAGE:$CONTROLLER_TAG --image $CONTROLLER_IMAGE:$CONTROLLER_TAG az acr import --name $REGISTRY_NAME --source $PATCH_REGISTRY/$PATCH_IMAGE:$PATCH_TAG --image $PATCH_IMAGE:$PATCH_TAG az acr import --name $REGISTRY_NAME --source $DEFAULTBACKEND_REGISTRY/$DEFAULTBACKEND_IMAGE:$DEFAULTBACKEND_TAG --image $DEFAULTBACKEND_IMAGE:$DEFAULTBACKEND_TAG az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_CONTROLLER:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_CONTROLLER:$CERT_MANAGER_TAG az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_WEBHOOK:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_WEBHOOK:$CERT_MANAGER_TAG az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_CAINJECTOR:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_CAINJECTOR:$CERT_MANAGER_TAG -------- # Create a namespace for your ingress resources kubectl create namespace ingress-basic # Add the ingress-nginx repository helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx # Set variable for ACR location to use for pulling images ACR_URL=heigoo.azurecr.io # Use Helm to deploy an NGINX ingress controller helm install nginx-ingress ingress-nginx/ingress-nginx \ --namespace ingress-basic \ --set controller.replicaCount=2 \ --set controller.nodeSelector."kubernetes\.io/os"=linux \ --set controller.image.registry=$ACR_URL \ --set controller.image.image=$CONTROLLER_IMAGE \ --set controller.image.tag=$CONTROLLER_TAG \ --set controller.image.digest="" \ --set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux \ --set controller.admissionWebhooks.patch.image.registry=$ACR_URL \ --set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE \ --set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG \ --set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \ --set defaultBackend.image.registry=$ACR_URL \ --set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE \ --set defaultBackend.image.tag=$DEFAULTBACKEND_TAG # ----- kubectl --namespace ingress-basic get services -o wide # ---- add a A reacord(and eshop.* subdomain cname) in Azure or DNS register(eg. GoDaddy) with load balancer ip az network dns record-set a add-record \ --resource-group myResourceGroup \ --zone-name MY_CUSTOM_DOMAIN \ --record-set-name "*" \ --ipv4-address MY_EXTERNAL_IP # ---- # install cert manager # ------ # Label the ingress-basic namespace to disable resource validation kubectl label namespace ingress-basic cert-manager.io/disable-validation=true # Add the Jetstack Helm repository helm repo add jetstack https://charts.jetstack.io # Update your local Helm chart repository cache helm repo update # Install the cert-manager Helm chart helm install cert-manager jetstack/cert-manager \ --namespace ingress-basic \ --version $CERT_MANAGER_TAG \ --set installCRDs=true \ --set nodeSelector."kubernetes\.io/os"=linux \ --set image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_CONTROLLER \ --set image.tag=$CERT_MANAGER_TAG \ --set webhook.image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_WEBHOOK \ --set webhook.image.tag=$CERT_MANAGER_TAG \ --set cainjector.image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_CAINJECTOR \ --set cainjector.image.tag=$CERT_MANAGER_TAG # ---- # create ca issuer # run demo https://docs.microsoft.com/en-us/azure/aks/ingress-tls # https://docs.microsoft.com/en-us/azure/aks/static-ip