Share via

Azure application gateway giving BAD Gateway 502

Aldrine Einsteen 1 Reputation point
2022-02-17T11:02:02.257+00:00

Hi everyone,

When deploying ingress with Azure Kubernetes service with Azure Application Gateway enabled at the cluster level. The ingress controller fails to route to the back end.

Followed the documentation at https://stackoverflow.com/questions/67915527/aks-bad-gateway-502-error-when-accessing-gateway-ip to configure the annotation
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/use-private-ip: "false"

But Still the gateway give 502.

Please find the configuration below

Am i missing something?

Regards,
Aldrine

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,213 questions
Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,447 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Aldrine Einsteen 1 Reputation point
    2022-02-17T11:03:16.867+00:00

    Adding some additional information. the Application Gateway reports, the backend is unhealthy. But the Backend is healthy in service level.

    0 comments
  2. Aldrine Einsteen 1 Reputation point
    2022-02-17T11:40:16.297+00:00

    Please find my configuration below: 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hello-world-ingress
  namespace: dev-api
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    deployment.time: ${CI_PIPELINE_CREATED_AT}
spec:
  rules:
    - http:
        paths:
          - path: /hello
            pathType: Exact
            backend:
              service:
                name: aks-helloworld-one
                port:
                  number: 80

    Additionally, the ing is listed down as

    hello-world-ingress <none> * <Public IP of APP Gateway> 80 5m11s

    0 comments
  3. shiva patpi 13,366 Reputation points Microsoft Employee Moderator
    2022-02-17T23:12:19.677+00:00

    Hello @Aldrine Einsteen ,
    There can be many reasons for AppGW 502 errors , mainly if the backend health shows as 'unhealthy' in appgw:

    • Can you check if readiness probe or liveness probe was defined in your application ?
    • If they are defined just make sure the path of those probes is correct.

    From the document: https://azure.github.io/application-gateway-kubernetes-ingress/features/probes/

    • readinessProbe and livenessProbe are supported when configured with httpGet.
    • Probing on a port other than the one exposed on the pod is currently not supported.
    • HttpHeaders, InitialDelaySeconds, SuccessThreshold are not supported.

    Have a look at : https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-troubleshooting-502

    Can you try out the below mentioned sample YAML files :
    https://learn.microsoft.com/en-us/azure/aks/ingress-tls?tabs=azure-cli

    If you are still facing the issue, please post below files:

    • POD YAML
    • Service YAML
  4. Aldrine Einsteen 1 Reputation point
    2022-02-21T10:01:33.51+00:00

    Finally got the solution to work. Below are my consolidated changes.

    Ingress Annotations:

    1. kubernetes.io/ingress.class: azure/application-gateway
    2. appgw.ingress.kubernetes.io/health-probe-path: "/actuator/health"

    Deployment:

    1. livenessProbe
    2. readinessProbe

    Then the access is available.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.