#}

Deploy API on Azure AKS WITH NginX Ingress and Let's Encrypt SSL

Deploy GEMVC API on Azure AKS with NginX Ingress and Let's Encrypt SSL

Get Started Learn Architecture
Documentation / Getting Started / Azure AKS

Deploy GEMVC to Azure AKS

Complete guide for deploying a containerized GEMVC application to Azure Kubernetes Service (AKS) with NGINX Ingress and automatic Let's Encrypt SSL certificates.

Azure AKS

Kubernetes

Helm

cert-manager

Core Concepts

  • AKS: Azure's managed Kubernetes - free control plane, pay for worker nodes
  • az CLI: Command-line tool for Azure resources
  • Helm: Kubernetes package manager for complex apps
  • cert-manager: Automates Let's Encrypt SSL certificates

Part 1: Prerequisites

Step 1: Install Azure CLI

Azure CLI Setup 
# Log in to Azure
az login

# Set your subscription (if you have multiple)
az account set --subscription "Your Subscription Name"

Step 2: Install kubectl

Install kubectl 
# Install kubectl via Azure CLI
az aks install-cli

# Verify
kubectl version --client

Step 3: Install Helm

Install Helm 
# Install Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

# Verify
helm version

Part 2: Create AKS Cluster

Step 4: Create Resource Group

Create Resource Group 
az group create --name gemvcResourceGroup --location eastus

Step 5: Provision Cluster

info: This process takes 5-10 minutes. Azure manages the control plane for free.
Create AKS Cluster 
az aks create \
  --resource-group gemvcResourceGroup \
  --name gemvcCluster \
  --node-count 2 \
  --enable-managed-identity \
  --generate-ssh-keys

Step 6: Configure kubectl

Connect to Cluster 
# Get credentials
az aks get-credentials --resource-group gemvcResourceGroup --name gemvcCluster

# Verify connection
kubectl get nodes

Part 3: Ingress & SSL Setup

Step 7: Install NGINX Ingress

Install NGINX Ingress 
# Add Helm repo
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

# Install NGINX Ingress Controller
helm install ingress-nginx ingress-nginx/ingress-nginx \
  --create-namespace \
  --namespace ingress-nginx

Step 8: Install cert-manager

Install cert-manager 
# Add Jetstack repo
helm repo add jetstack https://charts.jetstack.io
helm repo update

# Install cert-manager
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.14.4 \
  --set installCRDs=true

Part 4: Kubernetes Manifests

Create an aks-k8s/ folder with these files:

Step 9: deployment.yaml

aks-k8s/deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gemvc-app-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: gemvc-app
  template:
    metadata:
      labels:
        app: gemvc-app
    spec:
      containers:
      - name: gemvc-app
        image: your-dockerhub/gemvc-api:latest
        ports:
        - containerPort: 9501  # OpenSwoole port
        envFrom:
        - secretRef:
            name: gemvc-app-secrets

Step 10: Create Secrets

Tip: Never commit .env files to Git! Use Kubernetes Secrets for sensitive data.
.env (local only) 
# Create .env file locally (NOT in Git!)
APP_ENV=production
DB_HOST=production-db.internal
DB_USER=prod_user
DB_PASSWORD=your-secure-password
TOKEN_SECRET=your-jwt-secret-key
Create Secret 
kubectl create secret generic gemvc-app-secrets --from-env-file=.env

Step 11: service.yaml

aks-k8s/service.yaml 
apiVersion: v1
kind: Service
metadata:
  name: gemvc-app-service
spec:
  selector:
    app: gemvc-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9501
  type: ClusterIP

Step 12: cluster-issuer.yaml

aks-k8s/cluster-issuer.yaml 
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: your-email@example.com
    privateKeySecretRef:
      name: letsencrypt-prod-private-key
    solvers:
    - http01:
        ingress:
          class: nginx

Step 13: ingress.yaml

aks-k8s/ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gemvc-app-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - api.your-domain.com
    secretName: gemvc-app-tls-secret
  rules:
  - host: api.your-domain.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gemvc-app-service
            port:
              number: 80

Part 5: Deploy Application

Step 14: Apply Manifests

Deploy to AKS 
# Create ClusterIssuer
kubectl apply -f aks-k8s/cluster-issuer.yaml

# Deploy application
kubectl apply -f aks-k8s/deployment.yaml
kubectl apply -f aks-k8s/service.yaml
kubectl apply -f aks-k8s/ingress.yaml

Step 15: Get External IP

Get External IP 
# Get NGINX Ingress external IP
kubectl get service --namespace ingress-nginx ingress-nginx-controller

# Look for EXTERNAL-IP column

DNS Setup: Create an A record pointing your domain to the NGINX Ingress external IP.

Part 6: Updates (Zero Downtime)

Zero-Downtime Update 
# Update image tag in deployment.yaml, then:
kubectl apply -f aks-k8s/deployment.yaml

# AKS performs rolling update automatically!

Deployment Checklist

  • Azure CLI installed and logged in
  • kubectl and Helm installed
  • AKS cluster created and connected
  • NGINX Ingress and cert-manager installed
  • Kubernetes secrets created from .env
  • DNS A record pointing to Ingress IP

Next Steps

AWS EKS Guide Google GKE Guide Security Guide