aks 1.24 ingress not exposed

owen.kim 176 Reputation points
2022-09-15T07:52:49.423+00:00

As soon as you upgrade from aks 1.2x version to 1.24, you will not be able to access the ingress through the controller.

In other words, I can't connect to the pod.
Is there any way to check this?
It worked fine in 1.23, but I can't connect as soon as I upgrade to 1.24.

With port-forward, the host connects to the pod.

241329-aks.png

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,075 questions
{count} votes

Accepted answer
  1. srbhatta-MSFT 8,551 Reputation points Microsoft Employee
    2022-09-19T05:41:11.79+00:00

    Hi @owen.kim ,
    Thanks for reaching out to Microsoft QnA.
    Can you check the load balancer health probe configuration corresponding to nginx-ingress-controller service IP. If the health probe is configured with protocol “HTTP” and path “/” the nginx-ingress-controller service will most likely fail the load balancer probes.
    Check the nginx ingress controller service describe output. If the "service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path=/healthz" annotation is missing the LB health probes will possibly fail.
    Could you please update the nginx-ingress-controller service to use the annotation "service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path=/healthz" which will set the correct path of /healthz . That should make the health probes work as expected. If this doesn't help, please reach back and I would check into this further.
    Thanks :)

    ----------

    Please don't forget to Accept as answer and Upvote if you think the information provided was useful so that it can help others in the community looking for help on similar issues.

    7 people found this answer helpful.

5 additional answers

Sort by: Most helpful
  1. Braun, Nico (WDE N-NTD) 11 Reputation points
    2022-12-01T20:17:37.673+00:00

    I found out that it only works with local traffic policy. May it help someone.

       service:  
         externalTrafficPolicy: Local  
         annotations:  
           service.beta.kubernetes.io/azure-load-balancer-internal: "true"  
           service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /healthz  
    
    2 people found this answer helpful.

  2. owen.kim 176 Reputation points
    2022-09-15T07:59:20.15+00:00
    apiVersion: apps/v1  
    kind: Deployment  
    metadata:  
      name: mario  
      labels:  
        app: mario  
    spec:  
      replicas: 1  
      selector:  
        matchLabels:  
          app: mario  
      template:  
        metadata:  
          labels:  
            app: mario  
        spec:  
          containers:  
          - name: mario  
            image: pengbai/docker-supermario  
    ---  
    apiVersion: v1  
    kind: Service  
    metadata:  
       name: mario  
    spec:  
      selector:  
        app: mario  
      ports:  
      - port: 80  
        protocol: TCP  
        targetPort: 8080  
      type: ClusterIP  
    ---  
      
    apiVersion: networking.k8s.io/v1  
    kind: Ingress  
    metadata:  
      name: mario    
    spec:  
      ingressClassName: nginx  
      rules:  
      - host: mario.test.com  
        http:  
          paths:  
          - path: /  
            pathType: Prefix  
            backend:  
              service:   
                name: mario  
                port:  
                  number: 80  
      tls:  
      - hosts:  
        - mario.test.com  
        secretName: aks-ingress-tls  
    

    sample yaml


  3. Carlyle R. Komalram 1 Reputation point
    2022-11-16T16:17:18.303+00:00

    Thanks! solution still working.... at nov 2022 for kubernetes 1.24.6.

    0 comments No comments

  4. Braun, Nico (WDE N-NTD) 11 Reputation points
    2022-11-22T17:40:00.853+00:00

    This isn't doing it for me, using internal load balancer. I have these annotations:

       service.beta.kubernetes.io/azure-load-balancer-internal: "true"  
       service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /healthz  
    

    Any idea @srbhatta-MSFT ?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.