Reputation: 510
Error 502 after changing the application gateway in the AKS application gateway ingress controller
After the change of the application gateway in the agic we are no longer able to access our application from the internet. The application is divided into various microservices that still seem to communicate with each other but we are unable to connect in any way. The only clue we have is in the "Backend health" blade of the application gateway, one of the backends gives us this error "The backend health status could not be retrieved. This happens when an NSG / UDR / Firewall on the application gateway subnet is blocking traffic on ports 65503-65534 in case of v1 SKU, and ports 65200-65535 in case of the v2 SKU or if the FQDN configured in the backend pool could not be resolved to an IP address. To learn more visit - https: / /aka.ms/UnknownBackendHealth "browsing the page says it is a traffic problem entering the NSG, too bad we don't have a NSG associated with the vnet ... I ask for your help to unblock this situation.
Upvotes: 0
Views: 786
Answers (2)
Reputation: 510
In the end, the problem was found in the parameters' IP range sent to the ingress controller. The IP range was not compatible with what was used by the new Application gateway, we realized it by following this guide.
Upvotes: 0
Reputation: 5550
The backend health status could not be retrieved. This happens when an NSG/UDR/Firewall on the application gateway subnet is blocking traffic on ports 65503-65534 in case of v1 SKU, and ports 65200-65535 in case of the v2 SKU or if the FQDN configured in the backend pool could not be resolved to an IP address. To learn more visit - [https://aka.ms/UnknownBackendHealth](https://aka.ms/UnknownBackendHealth).
This error may occur if Application Gateway does not dynamically update the DNS entries for the backend pool at the time of startup
You can make use of below PowerShell command to resolve the issue like below:
$appgw=Get-AzApplicationGateway -Name <appgw_name> -ResourceGroupName <rg_name>
Stop-AzApplicationGateway -ApplicationGateway $appgw
Start-AzApplicationGateway -ApplicationGateway $appgw
To get azure application gateway :
Stopped:
start:
Note that, it may take some time to complete the process
Reference:
Upvotes: 1
Related Questions
- Azure AKS Application Gateway 502 bad gateway
- AKS create with App gateway ingress control fails with IngressAppGwAddonConfigInvalidSubnetCIDRNotContainedWithinVirtualNetwork error
- Enable App Gateway ingress for Azure Kubernetes on 443 (https)
- Ingress is not working for application gateway ingress controller (AGIC) add-on of AKS
- AKS AGIC Application Gateway Ingress Controller Not Deploying
- Azure Application Gateway 502 error
- AKS BAD Gateway 502 Error when accessing Gateway IP
- Azure Application Gateway error 502 when using application gateway
- Application Gateway - 502 error
- Azure Application Gateway : 502 error