This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 36%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDW%3C/text%3E%3C/svg%3E)
I'm having trouble understanding Azure Kubernetes. I successfully completed the tutorial for the voting application, but I don't see anywhere in the portal where it says that port 80 coming in to the public IP address goes to the azure vote front pod. I'm having a hard time figuring this stuff out. What if I wanted another pod to also respond to port 80. What if I wanted 443 to a pod? I can't even get the dashboard to let me log in. Could somebody help me please in understanding how this all works? One of the pods that they stood up is istio, and they want end to end TLS, which no one can figure out either.
I'm sorry if this is all basic and simple, I just don't follow what's happening here.
Hi,
In the Azure Sample application, it has two services.
azure-vote-front - This service is used to expose the application to external via a load balancer. Please refer to Services Doc
azure-vote-back - This service is used to route traffic from frontend to the backend Redis application
For the second question exposing other port, Yes we can first you need to make sure you docker or the deployment image ports are open for 443 if so you can add 443 in the azure-vote-front service spec to accept traffic from 443.
Hi @Duane Wolford ,
Thanks for the question, I'm happy to explain how you configured the traffic in the sample voting application tutorial. So when you deployed the Kubernetes Manifest file you specified port 80 to be open for the azure-vote-front pod. See the ports section in the below snippet from the tutorials YAML file:
containers:
- name: azure-vote-front
image: mcr.microsoft.com/azuredocs/azure-vote-front:v1
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
ports:
- containerPort: 80
env:
- name: REDIS
value: "azure-vote-back"
At the same time another section of the YAML file specifies for a load balancer to be created and to pass outbound traffic on that port, see here:
apiVersion: v1
kind: Service
metadata:
name: azure-vote-front
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: azure-vote-front
So the deploy configuration in that tutorial is done using the Kubernetes manifest file to specify the constraints for the resources once they are spun up. Hope this helps.
----
If this answer helped you answer your question please mark it as accepted to help others with similar questions.
Thanks for the details, it helped a lot. For end to end TLS, how do I make this happen? We have Istio running in the Azure Kubernetes Cluster. If we connect directly to Istio through the AKS load balancer, Istio sees TLS traffic. But our design has an app gateway in front of it so that we can use WAF. If we try to hit Istio through the app gateway, we don't end up with end to end TLS. Any ideas what may be wrong?
Second question, how would I get a second pod in the AKS cluster to also receive port 80 traffic?
Thanks again, I'm such a noob
Hey,
If you are using istio then you have to configure istio VirtualServer resource and Gateways. Istio use different CRDs(Custom Resource Definitions).
Refer below Istio Doc
https://istio.io/latest/docs/tasks/traffic-management/ingress/
Thanks