Working AKS with EasyAuth, changed Ingress classes to webapprouting

Author: dminkovski

app/backend/manifests/ingress.yml

@@ -3,7 +3,7 @@ kind: Ingress
 metadata:
   name: ingress-api
   namespace: azure-open-ai
-#  annotations: 
+# annotations: 
 #   nginx.ingress.kubernetes.io/use-regex: "true"
 #   nginx.ingress.kubernetes.io/rewrite-target: /$2
 spec:

app/frontend/Dockerfile-aks

@@ -14,7 +14,6 @@ FROM nginx:alpine
 
 WORKDIR /usr/share/nginx/html
 COPY --from=build /app/build .
-COPY --from=build /app/nginx/default.conf /etc/nginx/conf.d
 
 EXPOSE 80
 

app/frontend/nginx/default.conf

@@ -58,10 +58,4 @@ hooks:
       shell: pwsh
       run: ./scripts/easyauth.ps1
       interactive: true
-      continueOnError: false
-  postdown:
-    windows:
-      shell: pwsh
-      run: ./scripts/easyauth-down.ps1
-      interactive: true
-      continueOnError: false
+      continueOnError: false

deploy/aks/azure.yaml

@@ -8,15 +8,14 @@ metadata:
     nginx.ingress.kubernetes.io/auth-response-headers: "x-injected-userinfo,x-injected-name,x-injected-oid,x-injected-preferred-username,x-injected-sub,x-injected-tid,x-injected-email,x-injected-groups,x-injected-scp,x-injected-roles,x-injected-graph"
     cert-manager.io/cluster-issuer: letsencrypt
     #nginx.ingress.kubernetes.io/rewrite-target: "/$1"
-    kubernetes.io/ingress.class: "nginx"
 spec:
-  ingressClassName: nginx
+  ingressClassName: webapprouting.kubernetes.azure.com
   tls:
   - hosts:
-    - aks-openai-easy-auth-proxy.westeurope.cloudapp.azure.com
-    secretName: aks-openai-easy-auth-proxy.westeurope.cloudapp.azure.com-tls
+    - aks-openai-demo-easy-auth-proxy.westeurope.cloudapp.azure.com
+    secretName: aks-openai-demo-easy-auth-proxy.westeurope.cloudapp.azure.com-tls
   rules:
-  - host: aks-openai-easy-auth-proxy.westeurope.cloudapp.azure.com
+  - host: aks-openai-demo-easy-auth-proxy.westeurope.cloudapp.azure.com
     http:
       paths:
       - path: /api

deploy/aks/easyauth/easyauth-ingress.yaml

@@ -123,6 +123,8 @@ kubectl get pods -n cert-manager
 # Deploy the issuer config to the cluster
 kubectl apply -f ./easyauth/cluster-issuer.yaml
 
+$clientId = $appId
+
 # ---------------------
 # Deploy Easy Auth Proxy
 helm install --set azureAd.tenantId=$azureTenantId --set azureAd.clientId=$clientId --set secret.name=easyauth-proxy-$adAppName-secret --set secret.azureclientsecret=$clientSecret --set appHostName=$appHostName --set tlsSecretName=$tlsSecretName easyauth-proxy-$adAppName ./easyauth/easyauth-proxy
@@ -142,7 +144,7 @@ metadata:
     cert-manager.io/cluster-issuer: letsencrypt
     #nginx.ingress.kubernetes.io/rewrite-target: "/`$1"
 spec:
-  ingressClassName: nginx
+  ingressClassName: webapprouting.kubernetes.azure.com
   tls:
   - hosts:
     - ${appHostName}
@@ -174,7 +176,7 @@ $easyauthIngressYaml | Out-File -FilePath ./easyauth/easyauth-ingress.yaml
 kubectl apply -f ./easyauth/easyauth-ingress.yaml
 
 # Remove old ingress without auth
-#kubectl delete ingress ingress-api -n 'azure-open-ai'
+kubectl delete ingress ingress-api -n 'azure-open-ai'
 
 azd env set "AZURE_AD_APP_NAME" $adAppName
 azd env set "AZURE_AD_APP_ID" $appId
@@ -202,4 +204,12 @@ Configuration AKS details:
 - TLS Secret Name: $tlsSecretName
 "@
 
-$easyAuthConfig | Out-File -FilePath ./easyauth/config-output.md
+Write-Host $easyAuthConfig
+
+# Add annotation to ALL ingress
+# kubectl annotate ingress azure-open-ai/cm-acme-http-solver-s9fkg 
+# with class webapprouting.kubernetes.azure.com
+# spec-->ingressClassName: webapprouting.kubernetes.azure.com
+# --> investigate http applicaton routing
+# --> ingresses do not map to the host (are not exposed)
+