Search code examples
.netazureasp.net-coreazure-aks

Azure kubernates Connection refused

I am new at Kubernetes . I have Duende identity server deployed on azure Kubernetes the pod is running, however when I open via browser I get 502 Bad Gateway- ingress logs

6818062 connect() failed (111: Connection refused) while connecting to upstream, client here is my deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-server-depl
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test-server
  template:
    metadata:
      labels:
        app: test-server
        azure.workload.identity/use: "true"
      annotations:
        azure.workload.identity/inject-proxy-sidecar: "true"
    spec:
      serviceAccountName: test-dev-service-account
      containers:
        - name: test-server
          image: test.azurecr.io/test-server
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 9443          
          env:
            - name: "ASPNETCORE_ENVIRONMENT"
              value: "Development"
          volumeMounts:
            - name: secrets
              mountPath: /app/secrets
              readOnly: true
      imagePullSecrets:
        - name: workers-secret
      volumes:
        - name: secrets
          secret:
            secretName: test-identity-secret-appsettings
---
apiVersion: v1
kind: Service
metadata:
  name: test-clusterip-srv
spec:
  type: ClusterIP
  selector:
    app: test-server
  ports:
    - name: test-server-http
      protocol: TCP
      port: 80
      targetPort: 980
    - name: test-worker-https
      port: 443
      targetPort: 9443
      protocol: TCP
---
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    azure.workload.identity/client-id: 

  labels:
    azure.workload.identity/use: "true"
  name: test-dev-service-account
  namespace: default

I tried to open it via external IP but got ERR_CONNECTION_TIMED_OUT.

Here is my ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /test$1
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  ingressClassName: nginx
  tls:
  - hosts:
      - test.eastus.cloudapp.azure.com
    secretName: tls-secret  
  rules:
  - host: test.eastus.cloudapp.azure.com
    http:
      paths:
        - path: /test(.*)
          pathType: ImplementationSpecific
          backend:
            service:
              name: test-clusterip-srv
              port:
                number: 80

Please help me to figure out

Solution

  • I found the issue, everything is fine except ingress, following needs to be added - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" here is full ingress

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /test$1
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: "nginx"
    appgw.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
      - galaxy-dev.eastus.cloudapp.azure.com
    secretName: tls-secret  
  rules:
  - host: test.eastus.cloudapp.azure.com
    http:
      paths:
        - path: /test(.*)
          pathType: ImplementationSpecific
          backend:
            service:
              name: test-clusterip-srv
              port:
                number: 80
            service:
              name: test-clusterip-srv
              port:
                number: 443