I have an application running in Azure Kubernetes Service as a part of our marketplace solution. The application is exposed outside to listen on port 443
via nginx
. Internally, the ingress will map the port 443
to some internal port p1
.
The application is exposed outside with custom domain, created using a DNS Zone deployment. Everything is working fine so far.
Now, my application has a health server exposed on port p2
within the cluster. I wish to expose this as a public endpoint. I choose the path where:
- I expose the port
p2
in the service
spec of the application.
- I edit the ingress rules to use another custom domain name (within same DNS Zone), which would map the traffic to port
p2
from 443
, based on all the paths
. ...
- host: <c2>.<dnsZoneName>
http:
paths:
- backend:
serviceName: <myappservice>
servicePort: <p2>
path: /healthz
...
I attempted the scenario using path
as above and without it too.
Next, I add the custom domain name prefix as an A Name
record in the DNS Zone deployment.
Next, I run the curl
command on Azure Cloud Shell to call the health server of the application using the new domain name:
curl -k -v https://<domainNameForHealthServer>:443/healthz
The verbose error I receive is:
Trying <ipAddress1>...
* TCP_NODELAY set
* Connected to <domainNameForHealthServer> (<ipAddress1>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to <domainNameForHealthServer>:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to <domainNameForHealthServer>:443
I am not able to debug the root cause of the issue. If I exec
into the application pod, and run the health test using: curl localhost:<p2>/healthz
then it returns the output correctly.
Regards,
Chintan Rajvir