This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 9%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFC%3C/text%3E%3C/svg%3E)
So, I created an AKS cluster with 2 deployments:
both have ClusterIP services. I added nginx ingress controller to my cluster and created an ingress component in namespaces where the pods and services of my deployments are running and it looks like this:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api-gateway-ingress
namespace: apps
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
cert-manager.io/cluster-issuer: letsencrypt-staging
kubernetes.io/tls-acme: "true"
spec:
ingressClassName: nginx
rules:
- host: myhost.hr
- http:
paths:
- path: /api(/|$)(.*)
pathType: Prefix
backend:
service:
name: api-gateway-service
port:
number: 3000
- path: /(/|$)(.*)
pathType: Prefix
backend:
service:
name: aks-helloworld-two
port:
number: 80
tls:
- hosts:
- myhost.hr
secretName: letsencrypt-staging
I got my IP address and my host in Azure portal "Ingresses" on Kubernetes cluster a even went so far as to configure the DNS label for that IP address-
and this worked if I went to http://{ingressIp}/api/{endpoint} I get the response same as for http://{azureDnsLabel}/api/{endpoint} everything works as expected.
Then the next step was to go to Cloudflare and configure the DNS record that I did creating the CNAME entry that points to my Azure DNS label. Also, I created the Cert manager and ClusterIssuer in my AKS as a part of debugging the issue:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
namespace: cert-manager
spec:
acme:
email:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 3%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Hi Filip Curin,
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
It looks like your AKS Ingress works with the IP and Azure DNS label but not with the Cloudflare DNS record.
To resolve this, ensure that the DNS changes have fully propagated using tools like nslookup or dig to verify the DNS records. If you're using Cloudflare's proxy (orange cloud icon), try disabling it (switch to DNS-only mode, grey cloud icon) to see if it resolves the issue. Also, make sure the SSL/TLS settings in Cloudflare are set to Full (Strict) to match your AKS cluster’s certificate (especially if you're using Let's Encrypt). Additionally, check if any firewall rules or network security groups are blocking traffic from Cloudflare to your AKS cluster and verify that your Ingress annotations are correctly configured.
For more details, refer to this Use Let's Encrypt certificates in AKS on configuring Let's Encrypt with AKS.
If you have any further queries, do let us know. If the comment is helpful, please click "Upvote"
Hi Filip Curin,
Just checking in to see if you had a chance to see my comment to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.
If it was helpful, please click "Upvote" on his post to let us know.
Thank You.
Hi Filip Curin,
I wanted to check if you had the opportunity to review the information which was provided in my previous posted comment.
If it was helpful, please click "Upvote" on his post to let us know.
Thank You.