AGIC connectivity between pod and app gateway

Question

Having issue in the connectivity between app gateway backendpool with aks pod ip. The Pod that I deployed websocket-deployment(10.240.0.17) is on the different subnet as the actual Nodes (aks-agentpool-13682822-vmss000000 --> 10.60.x.4). When I try to add the pod IP as backendpool in application gateway waf v2 ( which is in the same vnet as aks) its not working. The backend pool is not healthy. I guess it’s unable to connect pod with IP (10.240.0.17). Any help is much appreciated. The issue is only when I use AGIC with vmss.

Answer 1

To allow your service to be added to the AppGW as a backendpool member, it will need to be reachable by the AppGW. Since the 10.240.X.X CIDR isn't reachable and its internal to the AKS Cluster, you will need to expose your pod using a Service of type Load Balancer on the private VNET.

Following this DOC: https://learn.microsoft.com/en-us/azure/aks/internal-lb you will be able to create a service for your PODs which will expose your pod over an internal IP on the VNEt/Subnet 10.60.X.X. this IP range will be available to your AppGw is you are using a subnet for AKS that is in the same VNET as your AppGW subnet.

If they are in a different VNET, you should be able to do a VNET peering to connect the two VNET together.

ref: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview