I have an application running in Azure Kubernetes Service as a part of our marketplace solution. The application is exposed outside to listen on port 443 via nginx. Internally, the ingress will map the port 443 to some internal port p1.
The application is exposed outside with custom domain, created using a DNS Zone deployment. Everything is working fine so far.
Now, my application has a health server exposed on port p2 within the cluster. I wish to expose this as a public endpoint. I choose the path where:
- I expose the port
p2 in the service spec of the application.
- I edit the ingress rules to use another custom domain name (within same DNS Zone), which would map the traffic to port
p2 from 443, based on all the paths. ...
- host: <c2>.<dnsZoneName>
http:
paths:
- backend:
serviceName: <myappservice>
servicePort: <p2>
path: /healthz
...
I attempted the scenario using path as above and without it too.
Next, I add the custom domain name prefix as an A Name record in the DNS Zone deployment.
Next, I run the curl command on Azure Cloud Shell to call the health server of the application using the new domain name:
curl -k -v https://<domainNameForHealthServer>:443/healthz
The verbose error I receive is:
Trying <ipAddress1>...
* TCP_NODELAY set
* Connected to <domainNameForHealthServer> (<ipAddress1>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to <domainNameForHealthServer>:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to <domainNameForHealthServer>:443
I am not able to debug the root cause of the issue. If I exec into the application pod, and run the health test using: curl localhost:<p2>/healthz then it returns the output correctly.
Regards,
Chintan Rajvir
