When running applications in Azure Kubernetes Service (AKS), NGINX Ingress does a great job in routing inbound traffic. The flexible routing engine allows a wide variety of scenarios to expose different parts of cloud-native applications using different URLs. Unfortunately, there is no documentation on how to map such a custom domain to a public IP address without using the Azure Portal.
This article outlines the process of mapping a custom domain to the public IP address acquired by NGINX Ingress in AKS using Azure CLI. I assume you have already deployed your application and corresponding NGINX Ingress to your AKS.
Identify Ingress Public IP
Identifying the public IP address, associated with your NGINX Ingress can be achieved using
kubectl get svc -l='app=nginx-ingress'
As you can see, the Ingress is exposed to the internet at
Query Object Identifier using Azure CLI
This public IP address is also represented in Azure and can be queried using
az. The snippet below stores the unique resource identifier as an environment variable.
PUBLIC_IP_ID=$(az network public-ip list --query "[?ipAddress=='220.127.116.11'].id" -o tsv)
The dynamically created varibale
PUBLIC_IP_ID will contain something like
Create the Network Zone
Before you can create and manage DNS records, a DNS Zone has to be created. Let’s create a DNS zone for the domain
az network dns zone create \ --resource-group thh-aks \ --name thns.dev
Create the A Record
Having the DNS zone in place, a temporary
A record has to be created. A temporary record is required because it is currently not possible to link a new A record immediately to an existing Azure resource.
The snippet generates a wildcard entry (by setting the
name attribute to
@, if you want to point just a subdomain to your public IP, provide the subdomain as
az network dns record-set a add-record \ --resource-group thh-aks \ --record-set-name @ \ --zone-name thns.dev \ --ipv4-address 18.104.22.168
Having the temporary A record in place, go ahead and issue an update command and point the A record finally to the existing Azure resource.
az network dns record-set a update --name @ \ --resource-group thh-aks \ --zone-name thns.dev \ --target-resource $PUBLIC_IP_ID
Query DNS Zone Nameservers
The custom domain needs to point to Azures Nameservers. You can query the nameservers from the DNS Zone like this:
az network dns zone show \ --resource-group thh-aks \ --name thns.dev \ --query nameServers
The command will show a result similar to this:
Update domain settings
Finally, configure your domain settings and point to Azures Nameservers. Once DNS servers have updated their configuration for your domain, you’re all set.