I have an application running in Azure Kubernetes Service as a part of our marketplace solution. The application is exposed outside to listen on port
nginx. Internally, the ingress will map the port
443 to some internal port
The application is exposed outside with custom domain, created using a DNS Zone deployment. Everything is working fine so far.
Now, my application has a health server exposed on port
p2 within the cluster. I wish to expose this as a public endpoint. I choose the path where:
- I expose the port
p2 in the
service spec of the application.
- I edit the ingress rules to use another custom domain name (within same DNS Zone), which would map the traffic to port
443, based on
all the paths. ...
- host: <c2>.<dnsZoneName>
I attempted the scenario using
path as above and without it too.
Next, I add the custom domain name prefix as an
A Name record in the DNS Zone deployment.
Next, I run the
curl command on Azure Cloud Shell to call the health server of the application using the new domain name:
curl -k -v https://<domainNameForHealthServer>:443/healthz
The verbose error I receive is:
* TCP_NODELAY set
* Connected to <domainNameForHealthServer> (<ipAddress1>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to <domainNameForHealthServer>:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to <domainNameForHealthServer>:443
I am not able to debug the root cause of the issue. If I
exec into the application pod, and run the health test using:
curl localhost:<p2>/healthz then it returns the output correctly.