Azure front door implementation with nginx ingress controller

Question

Hi we are using Azure kubernetes service to run our microservices and we have a requirement to use azure front door as it has features like WAF, compression, caching, SSL offloading etc. We want to implement Azure front door in front of nginx ingress controller. We are confused while adding custom domain name to the azure front door. we are following this link https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain
Suppose say we have domain called www.example.com and as per the above documentation we should create a cname like below:
<www.example.com> CNAME example-frontend.azurefd.net

But here the problem is that we are using nginx ingress controller as the load balancer and creating ingress rules to route the traffic to the appropriate services. And what we are doing is that pointing our custom domain name i.e. ww.example.com to the public IP of nginx controller say 20.204.X.X. And we are using the below ingress-rules to route the traffic.

apiVersion: extensions/v1beta1  
kind: Ingress  
metadata:  
  name: example-ingress-rule  
  namespace: teplay  
  annotations:  
    kubernetes.io/ingress.class: "nginx"  
    nginx.ingress.kubernetes.io/ssl-redirect: "true"  
spec:  
  tls:  
   - hosts:  
     - example.com  
     secretName: secret-example  
  
  rules:  
  - host: example.com  
    http:  
      paths:  
        - path: /xyz/v1/content  
          backend:  
            serviceName: example-service  
            servicePort: 8110  

Can we point same domain i.e www.example.com to point public ip of nginx ingress controller as well as point to example-frontend.azurefd.net?

Please help how we can configure azure front door so that when customer hits our domain it goes through azure front door and forwards it the backend pool.

Also in backend pool we have to specify the IP address of our nginx load balancer right?

Correct me if there is a mistake in understanding the concept. It would be helpful if you can provide document to implement azure front door with nginx contoller.

Answer 1

@Shreyas Arani You can point the CNAME to your Front door FQDN as you mentioned <www.example.com> CNAME example-frontend.azurefd.net

And then you can configure your FrontDoor backend pool to point to the NGinx Ingress Controller Public IP address as described here https://learn.microsoft.com/en-us/azure/frontdoor/front-door-backend-pool
So your traffic is first routed to Frontdoor which in turn forwards the request to Nginx ingress that has the rules for your apps. https://learn.microsoft.com/en-us/azure/frontdoor/front-door-routing-architecture?pivots=front-door-classic

Dont forget to associate your custom domain with Front door as per this link.
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain#associate-the-custom-domain-with-your-front-door

Thanks!

Answer 2

This implementation does not work. I guess the ingress controller is expecting the application custom domain e.g food.abc.com and not the azure front door custom domain

Answer 3

For the nginx controller to work with the Azure Front Door. Change the "Origin/Backend Host Header" in Front Door Backend Pool to point to your sub-domain(food.abc.com) which is mentioned in the nginx controller. In the nginx controller, have the same host as your sub-domain as mentioned below:

rules:

• host: food.abc.com
  http:
  paths:
• path: /xyz/v1/content
  backend:
  serviceName: example-service
  servicePort: 8110

It worked for me !! Hope it works for you @Femi Hamidoke @Shreyas Arani