I'm encountering an issue with my Azure Kubernetes Service (AKS) cluster where I can't access my application through the Ingress Controller from the external network, despite seemingly correct configuration. Here are the details:
Environment:
- AKS cluster in Azure (Italy North region)
- Using Azure CNI for networking
- Nginx Ingress Controller(and the default load balancer)
- Application: Mealie (a recipe management app)
- Domain: my custom domain
Configuration:
- Ingress Controller is deployed in the
ingress-basic
namespace
- Mealie application is deployed in the
mealie
namespace
- DNS A record for my domain points to 172.213.193.163 (load balancer's external IP)
What's Working:
- DNS resolution is correct (nslookup my domain returns 172.213.193.163)
- Internal cluster communication works (can access the service from within the cluster)
- Ingress Controller pod is running
- Mealie service and pods are running
What's Not Working:
- Unable to access the application from external network (browser or curl)
- Curl from Azure Cloud Shell also fails to connect
Troubleshooting Steps Taken:
- Verified Ingress resource configuration:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: mealie-ingress
namespace: mealie
spec:
rules:
- host: my domain name
http:
paths:
- backend:
service:
name: mealie-svc
port:
number: 80
path: /
pathType: Prefix
- Checked Ingress Controller logs - no apparent errors
- Verified Network Security Group (NSG) rules:
- Allow inbound traffic from Internet to 172.213.193.163 on ports 80 and 443
- Default rules for VNet communication are in place
- Confirmed Mealie service configuration:
Name: mealie-svc
Namespace: mealie
Type: ClusterIP
IP: 10.0.183.178
Port: <unset> 80/TCP
TargetPort: 9000/TCP
Endpoints: 10.244.0.231:9000
- Tested internal cluster access - successful
- Checked AKS cluster status - shows as "Succeeded"
- Verified Azure Load Balancer configuration
- Examined kube-proxy and CoreDNS - appear to be functioning normally
I've gone through multiple rounds of troubleshooting, including all the standard checks for AKS and Ingress issues. The peculiar thing is that everything seems to be configured correctly, yet external access fails.
Error:
When trying to access my domain, the connection times out. Curl from Azure Cloud Shell shows:
* Trying 172.213.193.163:80...
and it times out eventually.
Any insights or suggestions would be greatly appreciated. I'm at a loss as to what could be preventing external access when all configurations appear to be correct.