Share via

Azure Frontdoor using wrong port to forward traffic to AKS

Redel, Renan Augusto 20 Reputation points
2024-05-12T20:59:39.4933333+00:00

Hello all,

I'm using Azure Front Door (AFD) with Azure Kubernetes Service (AKS), employing a Private Link Service (PLS) to provide internal access (AFD > PLS > Private Link > Internal Load Balancer > Pod).

I've configured one endpoint in AFD with two routes:

Route A: domain.com/*

Origin: pls-alias:8443

Route B: domain.com/api/*

Origin: pls-alias:8444

However, when I access the URL of Route A, I'm being redirected to the port of Route B.

I've checked the logs (FrontDoorAccessLog), and I can confirm that the rule mappings are correct (the traffic is mapped to Route A but redirects to the port of Route B). The Origin URL in the logs is domain.com:8444/.

When accessing the internal IP from the Internal Load Balancer, I can access the backend correctly on ports 8444 and 8443 (as expected).

Can someone help me?

Thanks.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
596 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,894 questions
Accepted answer
  1. KapilAnanth-MSFT 37,406 Reputation points Microsoft Employee
    2024-05-13T05:12:32.8433333+00:00

    @Redel, Renan Augusto ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I tried to repo your set up and I was not able to.

    I had an IIS Service with 2 Ports - 80 and 81.

    • A single end point
    • Route1
      • Patterns to match - /*
      • OriginGroup - origingroup1 has one origin with a PublicIP
      • origingroup1's origin has HTTP port as 80
    • Route2
      • Patterns to match - /api/*
      • OriginGroup - origingroup2 with a PublicIP (I am using a second origin group with same IP as origingroup1)
      • origingroup2's origin has HTTP port as 81

    Please see the logs :

    • User's image

    P.S : You have to make sure there exists a folder called "api" in your origin.

    I'd suggest you check the configuration once again.

    Should the issue persist, can you please share the results of this Kusto query so I can verify it.

    AzureDiagnostics
| where Category == "FrontDoorAccessLog"
|where routingRuleName_s == "
| project TimeGenerated, requestUri_s, httpStatusCode_s, httpStatusDetails_s, routingRuleName_s, originUrl_s , domain_s

    i.e. write an AND condition to Match RouteA in "routingRuleName_s" and the Port of RouteB in "originUrl_s"

    If the result is empty set, this means Route A never redirected traffic to the Port of RouteB.

    Cheers,

    Kapil

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest