This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 80%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Timeout on POST request to external URL:
I am following this guide to add a Validatingwebhookconfiguration to my AKS cluster. Here is my configuration which works on my local Kubernetes setup with Kind or Docker-desktop.
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: compliance
webhooks:
- name: compliance.custom.azure.com
clientConfig:
url: https://azure-fx.azurewebsites.net/api/AdmissionControlFx
rules:
- apiGroups: ["apps"]
apiVersions: ["*"]
operations: ["CREATE","UPDATE"]
resources: ["deployments"]
scope: "Namespaced"
timeoutSeconds: 30
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1", "v1beta1"]
On AKS, the api server is able to resolve the IP address of the host but times out on sending a POST request to the URL mentioned. I suspect there is some firewall policy that is not letting api server communicate with external urls.
What you expected to happen:
I expect the validatingwebhookconfiguration to send a POST request to the URL mentioned.
How to reproduce it (as minimally and precisely as possible):
Apply the configuration to AKS after changing the URL to any service e.g. Request bin. You will receive a timeout error when you try to kick off a deployment. The error message contains the correct IP address of the target service, which means that DNS resolution works fine. Just the POST request to endpoint fails.
Anything else we need to know?:
Here are the logs from the API server which show timeouts.
To rule out issues with not setting the caBundle property, I base 64 encoded the CA certificate *.azurewebsites.net as well, which still did not work.
Environment:
Kubernetes version (use kubectl version): 1.17.9
Size of cluster (how many worker nodes are in the cluster?): 1
General description of workloads in the cluster (e.g. HTTP microservices, Java app, Ruby on Rails, machine learning, etc.): NA
Others: NA
Firstly, apologies for the delay in responding on this and any inconvenience this issue may have caused.
As this issues needs more investigation and live troubleshooting for quicker resolution I would recommend you to contact azure support. If you have a support plan, requesting you to file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.
In this case, could you send an email to AzCommunity[at]Microsoft[dot]com referencing this thread as well as your subscription ID. Please mention "ATTN: Vikas" in the subject line. Thank you for your cooperation on this matter and look forward to your reply.