Share via

FrontDoor Origin health probe with private link

anacelto 0 Reputation points
2024-08-27T18:01:10.97+00:00

Hi,

I have an AKS and an Azure Frontdoor with an Origin that uses a private link to connect to the AKS internal Load Balancer.

I am trying to set up HTTPS between frontdoor and AKS. I use cert-manager to manage AKS certificates.

This setup will allow me to just bypass frontdoor whenever I want by just updating some DNS records in case of Frontdoor outages like the one that happened some weeks ago. https://www.youtube.com/watch?v=3l3pvmEDPYA&list=PLmsFUfdnGr3xomlYbZPAYTtFdkcvbv2ye&index=25

The front door origin config looks like this:
User's image

test.example.com has the following DNS record in the public example.com DNS zone:

test.example.com CNAME sdsddsds.z01.azurefd.net (frontdoor endpoint)

I had to put test.example.com as Hostname in the frontdoor origin config because of the Certificate subject name validation.

This is working. But I am wondering how frontdoor manages the resolution of test.example.com while doing the health probes and also when forwarding the traffic. I am worried that this may be causing some loops.

Is anyone able to clarify whether this setup is correct or will cause problems?

Thanks!

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
864 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,490 questions
Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,465 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sina Salam 22,191 Reputation points Volunteer Moderator
    2024-08-27T18:49:28.73+00:00

    Hello anacelto,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you would like to clarify your set up of HTTPS between Azure Front Door and AKS and your configured cert-manager to manage AKS certificates.

    As you explained and depicted above, your setup appears correct, and as long as the DNS records are properly configured, it should not cause any problems. If you experience any issues, you can review the health probe logs and traffic routing configurations in the Azure portal to diagnose and resolve them. https://learn.microsoft.com/en-us/azure/frontdoor/best-practices and https://learn.microsoft.com/en-us/azure/frontdoor/health-probes

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.