I am new at Kubernetes . I have Duende identity server deployed on azure Kubernetes the pod is running, however when I open via browser I get 502 Bad Gateway- ingress logs
6818062 connect() failed (111: Connection refused) while connecting to upstream, client here is my deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-server-depl
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: test-server
template:
metadata:
labels:
app: test-server
azure.workload.identity/use: "true"
annotations:
azure.workload.identity/inject-proxy-sidecar: "true"
spec:
serviceAccountName: test-dev-service-account
containers:
- name: test-server
image: test.azurecr.io/test-server
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9443
env:
- name: "ASPNETCORE_ENVIRONMENT"
value: "Development"
volumeMounts:
- name: secrets
mountPath: /app/secrets
readOnly: true
imagePullSecrets:
- name: workers-secret
volumes:
- name: secrets
secret:
secretName: test-identity-secret-appsettings
---
apiVersion: v1
kind: Service
metadata:
name: test-clusterip-srv
spec:
type: ClusterIP
selector:
app: test-server
ports:
- name: test-server-http
protocol: TCP
port: 80
targetPort: 980
- name: test-worker-https
port: 443
targetPort: 9443
protocol: TCP
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
azure.workload.identity/client-id:
labels:
azure.workload.identity/use: "true"
name: test-dev-service-account
namespace: default
I tried to open it via external IP but got ERR_CONNECTION_TIMED_OUT.
Here is my ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /test$1
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: nginx
tls:
- hosts:
- test.eastus.cloudapp.azure.com
secretName: tls-secret
rules:
- host: test.eastus.cloudapp.azure.com
http:
paths:
- path: /test(.*)
pathType: ImplementationSpecific
backend:
service:
name: test-clusterip-srv
port:
number: 80
Please help me to figure out
I found the issue, everything is fine except ingress, following needs to be added - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
here is full ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /test$1
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.class: "nginx"
appgw.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
ingressClassName: nginx
tls:
- hosts:
- galaxy-dev.eastus.cloudapp.azure.com
secretName: tls-secret
rules:
- host: test.eastus.cloudapp.azure.com
http:
paths:
- path: /test(.*)
pathType: ImplementationSpecific
backend:
service:
name: test-clusterip-srv
port:
number: 80
service:
name: test-clusterip-srv
port:
number: 443