Azure App gateway ingress controller with private AKS cluster not working-CodePudding

I am new to kubernetes, so please bear with me. I have created a azure kubernetes private cluster, i have deployed the pods for a basic webapplication & CLusterIP service , I have enabled App gateway ingress controller for the aks and deployed the ingress service that looks like below, in the ingress controller the backend is shown healthy, meaning it is able to reach the pod and get 200 ok response. However when i try to access my application by using the public IP of the ingress controller i get a 404 not found from the Application gateway. My aks cluster and ingress are in same Vnet & I have verified that the route table of the aks cluster subnet has been added to ingress subnet.

I am not sure if there is any special configuration needed for using AGIC with private AKS. Does anyone have any idea about this? Thank you!

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: apigw-ingress
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway

spec:
  rules:
  - host: backendpocwebapp.<location>.cloudapp.azure.com
    http:
      paths:
      
      - path: "/"
        pathType: Prefix
        backend:
          service:
            name: nextjspocapp 
            port: 
              number: 80

Below is my clusterIp service exposing port 80:

apiVersion: v1
kind: Service
metadata:
  name: nextjspocapp
  annotations:
     service.beta.kubernetes.io/azure-dns-label-name: backendpocwebapp

  labels:
    run: nextjspocapp
spec:
  ports:
    - port: 80
      protocol: TCP
      targetPort: 3000
  selector:
    app: nextjspocapp

Below is the deployment:


apiVersion: apps/v1
kind: Deployment
metadata:
    name: nextjspocapp
    labels: 
        app: nextjspocapp
        tier: poc
spec:
    revisionHistoryLimit: 5
    replicas: 2
    selector: 
        matchLabels:
            tier: poc
    template:
        metadata: 
            name: nextjspocapp
            labels:
                app: nextjspocapp
                tier: poc

        spec:
            containers:
                - name: nextjspocapp
                  image: <imagename>:tag
                  ports:
                    - containerPort: 3000

Added ingress controller and ingress service to aks , expected to access the pods using ingress public IP

CodePudding user response：

Not an expert at all in AKS, but from the App Gateway perspective, it looks like the HTTP requests sent by your probes are the correct port and hostname, while your regular traffic isn't sending the correct hostname. Usually 404's are experienced when the site is alive, listening, but the requested hostname doesn't match any bindings. Your regular traffic might even be using the IP as a hostname.

The hostname can either be specified in the backend HTTP settings by overriding the hostname received by App Gateway clients, or by making sure the hostname you are hitting the App Gateway with matches what the backend is expecting.

This page has all the annotations but the anchor is for the backend hostname: https://azure.github.io/application-gateway-kubernetes-ingress/annotations/#backend-hostname