I am new to kubernetes, so please bear with me. I have created a azure kubernetes private cluster, i have deployed the pods for a basic webapplication & CLusterIP service , I have enabled App gateway ingress controller for the aks and deployed the ingress service that looks like below, in the ingress controller the backend is shown healthy, meaning it is able to reach the pod and get 200 ok response. However when i try to access my application by using the public IP of the ingress controller i get a 404 not found from the Application gateway. My aks cluster and ingress are in same Vnet & I have verified that the route table of the aks cluster subnet has been added to ingress subnet.
I am not sure if there is any special configuration needed for using AGIC with private AKS. Does anyone have any idea about this? Thank you!
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: apigw-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- host: backendpocwebapp.<location>.cloudapp.azure.com
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: nextjspocapp
port:
number: 80
Below is my clusterIp service exposing port 80:
apiVersion: v1
kind: Service
metadata:
name: nextjspocapp
annotations:
service.beta.kubernetes.io/azure-dns-label-name: backendpocwebapp
labels:
run: nextjspocapp
spec:
ports:
- port: 80
protocol: TCP
targetPort: 3000
selector:
app: nextjspocapp
Below is the deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextjspocapp
labels:
app: nextjspocapp
tier: poc
spec:
revisionHistoryLimit: 5
replicas: 2
selector:
matchLabels:
tier: poc
template:
metadata:
name: nextjspocapp
labels:
app: nextjspocapp
tier: poc
spec:
containers:
- name: nextjspocapp
image: <imagename>:tag
ports:
- containerPort: 3000
Added ingress controller and ingress service to aks , expected to access the pods using ingress public IP
Not an expert at all in AKS, but from the App Gateway perspective, it looks like the HTTP requests sent by your probes are the correct port and hostname, while your regular traffic isn't sending the correct hostname. Usually 404's are experienced when the site is alive, listening, but the requested hostname doesn't match any bindings. Your regular traffic might even be using the IP as a hostname.
The hostname can either be specified in the backend HTTP settings by overriding the hostname received by App Gateway clients, or by making sure the hostname you are hitting the App Gateway with matches what the backend is expecting.
This page has all the annotations but the anchor is for the backend hostname: https://azure.github.io/application-gateway-kubernetes-ingress/annotations/#backend-hostname