Reputation: 421
AKS application gateway ingress hosts and error 502
I have deployed AKS, vnet, application gateway, public ip using terraform on azure. I have separate subnets for application gateway and AKS subnet. I have also enabled application gateway with AKS as ingress. Now I am trying to deploy a sample app in aks. using this yml. Then applied simple-frontend-ingress.yaml for ingress annotation. Vnet, public ip, app gateway, aks, security group are in same resource group. agent pool, identies, load balancer are in other group. I have not done peering as app gateway and aks both are in same group. dns name is attachhed to public ip. Now I am gettingempty hosts in ingress. When I try to create things manually from console, I can see application working. With my terraform code and kubectl apply I see error 502 in dns name. also empty hosts. Also no entry in backend pool. I followed many articles, may be I need to open some port or like that, but not able to resolve same. Application gateway subnet and other subent do not have any security group and route table.
kubectl create -f guestbook-all-in-one.yaml
kubectl apply -f simple-frontend-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: simple-frontend-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend
port:
number: 80
ashish [ ~ ]$ kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
simple-frontend-ingress <none> * 20.xxx.xx.201 80 13s
ashish [ ~ ]$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
frontend NodePort 10.20.0.xxx <none> 80:31157/TCP 24m
kubernetes ClusterIP 10.20.0.x <none> 443/TCP 52m
redis-master ClusterIP 10.20.0.2xx <none> 6379/TCP 24m
redis-replica ClusterIP 10.20.0.1xx <none> 6379/TCP 24m
ashish [ ~ ]$ kubectl describe service frontend
Name: frontend
Namespace: default
Labels: app=guestbook
tier=frontend
Annotations: <none>
Selector: app=guestbook,tier=frontend
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.20.0.110
IPs: 10.20.0.110
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 31157/TCP
Endpoints: 10.10.1.103:80,10.10.1.50:80,10.10.1.90:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
Upvotes: 0
Views: 180
Answers (1)
Reputation: 421
Ingress Gateway managed identity was missing permission to vnet, AKS cluster. I got this from ingress pod logs. I can delete this question as it was architectural mistake.
Upvotes: 0
Related Questions
- Specify custom backend pool name in Application Gateway via Application Gateway Ingress Controller for Service in AKS
- Application Gateway is not able to route backend traffic to host provided in ingress file with AKS internal load balancer
- Connect Azure Application Gateway with Internal AKS managed loadbalancer
- Exposing AKS cluster application using ingress
- Azure App gateway ingress controller with private AKS cluster not working
- Unable to access AKS ingress public ip from browser or postman
- Enable the Application Gateway Ingress Controller (AGIC) add-on for an AKS cluster using custom subnet
- Kubernetes - AKS : Linking AKS cluster with application gateway. Multiple sites (not sub page) point to same IP
- issue setting up app gateway ingress controller(agic) azure kubernetes service(aks)