I don't mean this as critical feedback! I love the article and will go over it reading in a bit more detail later, but that one thing I noticed off the top of my head made me want to ask why not use the provided nginx-ingress addon?
(I can think of a few reasons why myself, but if you are OP, I thought it might be better to ask why _you_ did this rather than just throwing in my own $0.02.)
Thanks for pointing out the Azure's nginx-ingress add-on. The reason why I haven't mentioned it in the article is simply because I didn't know about it. I also haven't seen it used or mentioned in the articles published by Microsoft.
This article was the artefact of my personal effort of trying to understand what are the moving parts of a k8s cluster and what tools are used in what ways.
I am sure there are better/different ways of achieving the same and I am happy to hear all!
I contacted my friend at Azure (my cluster is not high-stakes production) and learned that they were aware of the issue and had engineers already on the case.
I figured it out on my own before the Azure team resolved the issue globally, there were some versions out of sync. And when I applied the fix to my own cluster, the ingress addon... put it back, breaking my traffic serving again.
The fix would have been to install nginx-ingress manually and point my DNS at the LB belonging to my manually configured ingress. I just waited for them to get it solved instead. Meanwhile my cluster was not serving ingresses.
That may (hopefully) never happen again, but the moral of the story is, one good reason to configure ingress yourself is that when it breaks, you can also fix it for yourself.
Create a set of focused how-to guides for building a Kubernetes + Workflow + cert-manager + nginx-ingress cluster, that you can run your blog or anything else on. This can be a tutorial for intermediate to beginner audience, but it should cover everything that you need to harden your basic internet-facing Kubernetes+Workflow cluster, updated for 2019.
+1 thank you for sharing your stuff
- Azure control nodes have problems all the time, running my own is easy
- With aka engine multiple nodepool support is easy and not a “preview”
- we use low priority nodes and those are not supported in stock aks, and it won’t probably for a year
Just an anecdote to counter your anecdote, I know that the plural of anecdote isn't data...