AKS AGIC Application Gateway Ingress Controller Not Deploying

2
votes

I created a new cluster, created an application gateway and then installed AGIC per the tutorial. I then configured the ingress controller with the following config:

# This file contains the essential configs for the ingress controller helm chart

# Verbosity level of the App Gateway Ingress Controller
verbosityLevel: 3

################################################################################
# Specify which application gateway the ingress controller will manage
#
appgw:
    subscriptionId: <<subscriptionid>>
    resourceGroup: experimental-cluster-rg
    name: experimental-cluster-ag
    usePrivateIP: false

    # Setting appgw.shared to "true" will create an AzureIngressProhibitedTarget CRD.
    # This prohibits AGIC from applying config for any host/path.
    # Use "kubectl get AzureIngressProhibitedTargets" to view and change this.
    shared: false

################################################################################
# Specify which kubernetes namespace the ingress controller will watch
# Default value is "default"
# Leaving this variable out or setting it to blank or empty string would
# result in Ingress Controller observing all acessible namespaces.
#
# kubernetes:
#   watchNamespace: <namespace>

################################################################################
# Specify the authentication with Azure Resource Manager
#
# Two authentication methods are available:
# - Option 1: AAD-Pod-Identity (https://github.com/Azure/aad-pod-identity)
# armAuth:
#     type: aadPodIdentity
#     identityResourceID: <identityResourceId>
##     identityClientID:  <identityClientId>

## Alternatively you can use Service Principal credentials
armAuth:
    type: servicePrincipal
    secretJSON: <<hash>>

################################################################################
# Specify if the cluster is RBAC enabled or not
rbac:
    enabled: true

When I deploy the application and check the gateway, it appears to be updating the gateway through the ingress controller by creating its own settings. The problem seems to be that the application never gets exposed. I checked the health probe and it stated it was unhealthy due to 404 status. I was unable to access the application directly by IP. I get a 404 or 502 depending on how I try to access the application.

I tried deploying both an nginx and agic ingress and the nginx seems to work fine:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: aks-seed-ingress-main
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    # appgw.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  tls:
    - hosts:
      - agic-cluster.company.com
      - frontend.<ip0>.nip.io
      secretName: zigzypfxtls
  rules:
  - host: agic-cluster.company.com
    http:
      paths:
      - backend:
          serviceName: aks-seed
          servicePort: 80
        path: /
  - host: frontend.<ip0>.nip.io
    http:
      paths:
      - backend:
          serviceName: aks-seed
          servicePort: 80
        path: /
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: aks-seed-ingress-nginx
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  tls:
    - hosts:
      - frontend.<ip>.nip.io
  rules:
  - host: frontend.<ip>.nip.io
    http:
      paths:
      - backend:
          serviceName: aks-seed # Modify
          servicePort: 80
        path: /

I am unsure what I am missing. I followed the tutorials as best I could and the agic controller and application gateway appear to be communicating. However the application is inaccessible on the agic controller but accessible on the nginx controller. I only installed the nginx controller afterwards to ensure there was no issue with the application itself.

2
kubernetes-ingressazure-aksazure-application-gateway

2 Answers

0
votes

I am facing the same issue, I followed below article and deployed the resources

https://docs.microsoft.com/en-us/azure/developer/terraform/create-k8s-cluster-with-aks-applicationgateway-ingress Azure ingress never came up Ready state

NAME                                                              READY   STATUS    RESTARTS   AGE
aspnetapp                                                         1/1     Running   0          25h
ingress-azure-1616064464-6694ff48f8-pptnp                         0/1     Running   0          72s

    $ helm list
NAME                            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                           APP VERSION
ingress-azure-1616064464        default         1               2021-03-18 06:47:45.959459087 -0400 EDT deployed        ingress-azure-1.4.0             1.4.0
myrelease                       default         1               2021-03-18 05:45:12.419235356 -0400 EDT deployed        nginx-ingress-controller-7.4.10 0.44.0

From describe pod I see below message

$ kubectl describe pod ingress-azure-1616064464-6694ff48f8-pptnp
Name:         ingress-azure-1616064464-6694ff48f8-pptnp
Namespace:    default

  Warning  Unhealthy  4s (x8 over 74s)  kubelet            Readiness probe failed: Get http://15.0.0.68:8123/health/ready: net/http: request canceled (Client.Timeout exceeded while awaiting headers)

$ kubectl get ingress
NAME                            CLASS    HOSTS              ADDRESS         PORTS   AGE
aspnetapp                       <none>   *                                  80      10s
cafe-ingress-with-annotations   <none>   cafe.example.com   20.XX.XX.XX   80      63m
0
votes

Please check the permission assigned to the identity Might be you are Missing the Managed Identity Operator assignment please check it