0
votes

I am trying to integrate APIM(External) to the VNet where AKS is running. right now, I have created /29 CIDR subnet where AKS subnet is there and assigned to the APIM but APIM keep complaining that port 3443 is blocked. I have specifically added the rule to allow 3443 as mentioned in the troubleshooting steps https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet#-common-network-configuration-issues to NSG assigned to the subnet, but still it throws the error? can someone help me how to troubleshoot further?

NSG Rule for subnet -> Inbound

> priority- 102, Name - Port_3443, port - 3443, protocol - TCP, Source -
> ApiManagement, Destination - VirtualNetwork, Action - Allow

Update: I have removed NSG from the subnet where APIM is, still its showing the same issue

1
Did you open 80 / 443 outbound to the AKS subnet and there particularly open inbound coming from APIM subnet?Kai Walter
actually I don't have any NSG assigned to the APIM subnet which means its wide open right?. I am wondering is there any thing I can check from the Vnet perspective. apart from this I don't have an option to troubleshoot.threeleggedrabbit

1 Answers

0
votes

From the document, you need to deploy the APIM instance in a dedicated subnet that does not contains other resources.

When deploying an Azure API Management instance to a Resource Manager VNET, the service must be in a dedicated subnet that contains no other resources except for Azure API Management instances. If an attempt is made to deploy an Azure API Management instance to a Resource Manager VNET subnet that contains other resources, the deployment will fail.

You could deploy an AKS in a different subnet in that VNet that APIM instance exists. If there is no NSG assigned, it means wide open to or from that VNet.

You can get more references at https://blog.baeke.info/2019/06/10/azure-api-management-and-azure-kubernetes-service/