Hello Taqi H. Rizvi,
Thank you for reaching out!
As per this Behavioral Change from AKS Release Notes:
"For Kubernetes 1.24+ the services of type LoadBalancer
with appProtocol HTTP/HTTPS will switch to use HTTP/HTTPS as health probe protocol (while before v1.24.0 it uses TCP). And /
will be used as the default health probe request path. If your service doesn’t respond 200
for /
, please ensure you're setting the service annotation service.beta.kubernetes.io/port_{port}_health-probe_request-path
or service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path
(applies to all ports) with the correct request path to avoid service breakage."
This can lead to ingress traffic is not being forwarded to the respective services in the AKS cluster, due to the failure in the load balancer's health probes.
The most common scenario faced is with the nginx ingress controller, where the default path for the probe is /healthz
.
As mentioned in the release notes, prior to the upgrade, the health probe would be using TCP, and thus the issue is not occurring.
After the upgrade, the health probe would start using HTTP/s on the /
path, which would cause it to fail.
To resolve the issue, add the following annotation to the affected nginx-ingress controller Kubernetes service type LoadBalancer to point it to the correct path.
service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: "/healthz"
I hope this is helpful. If any clarification needed, let me know and I will do my best to answer.
Please "Accept as Answer" and Upvote if it helped, so that it can help others in the community looking for help on similar topics.
Thank you!