Custom domain and Azure Kubernetes with ingress controller AKS

Here's the yaml that worked for me.

apiVersion: extensions/v1beta1kind: Ingressmetadata:  name: webapp-ingress  annotations:    kubernetes.io/ingress.class: nginx    certmanager.k8s.io/cluster-issuer: letsencrypt-staging    nginx.ingress.kubernetes.io/rewrite-target: /spec:  tls:  - hosts:    - subdomain.eastus2.cloudapp.azure.com    - subdomain.domain.com    secretName: tls-secret  rules:  - host: subdomain.eastus2.cloudapp.azure.com    http:      paths:      - path: /        backend:          serviceName: aks-helloworld          servicePort: 80  - host: subdomain.domain.com    http:      paths:      - path: /        backend:          serviceName: aks-helloworld          servicePort: 80

See here for worked through example: Deploy an HTTPS ingress controller on Azure Kubernetes Service (AKS)

The 'default backend 404' indicates that it is hitting the ingress controller. If it were being rejected or not reaching I'd expect a generic 404 without the 'default backend' bit. This response means it is hitting the ingress contoller but the inress controller doesn't know where to send it on to. This is because there's no ingress route/resource matching the host of that request. The steps to create that route/resource are specific to the domain so the ingress rules only match for the azure domain and not the custom one. I think you'll need to go back and repeat the ingress resource and certificate steps for your custom domain as those steps are domain-specific.

I've been facing the same problem the last couple of days and came across an awesome step-by-step guide which allowed me to use custom domains and provisioning certs with Letsencrypt.

If you want to use your own custom certificates you may want to follow this article instead