AGIC does not create dedicated pool & target for shared App Gateway

[kirillzekn]

Describe the bug

• AGIC brownfield deployment via HELM,
• 2 AKS clusters (Production and Non-production)
• common (shared=true) App Gateway
• AzureIngressProhibitedTarget deployed (on prod AKS cluster indicated DNS name for non-prod and vise versa)

Both clusters having the same Ingress and Service definitions. This resulted in a single backend pool and backend target in the app gw, while there should've been obviously two backend targets and two backend pools (one of each for each of the two clusters).

Ingress Prod:

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: services-recruitment-api
  namespace: services-recruitment
  annotations:
    appgw.ingress.kubernetes.io/ssl-redirect: "false"
    appgw.ingress.kubernetes.io/health-probe-path: "/api/Recruitment/swagger/"
spec:
  ingressClassName: azure-application-gateway
  rules:
  - host: prod-XX.XX.XX
    http:
      paths:
      - path: /Recruitment/swagger/
        pathType: Prefix
        backend:
          service:
            name: recruitment-api-s
            port:
              number: 80
      - path: /api/Recruitment/
        pathType: Prefix
        backend:
          service:
            name: recruitment-api-s
            port:
              number: 80

Ingress Non-prod:

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: services-recruitment-api
  namespace: services-recruitment
  annotations:
    appgw.ingress.kubernetes.io/ssl-redirect: "false"
    appgw.ingress.kubernetes.io/health-probe-path: "/api/Recruitment/swagger/"
spec:
  ingressClassName: azure-application-gateway
  rules:
  - host: dev-XX.XX.XX
    http:
      paths:
      - path: /Recruitment/swagger/
        pathType: Prefix
        backend:
          service:
            name: recruitment-api-s
            port:
              number: 80
      - path: /api/Recruitment/
        pathType: Prefix
        backend:
          service:
            name: recruitment-api-s
            port:
              number: 80

App geteway has one backend pool, with two rules , but with one backend target (IP belongs to the ingress of the second AKS)

To Reproduce

1. Configure shared App Gateway via HELM
2. Deploy on each cluster pod, service with the same name and namespace.
3. Deploy Ingress on each cluster.
4. Go to App Gateway UI and check backend pools
5. Instead of two backend pools will be created only one with two rules and one target (looks like due to identical pod\service\namespace names on each AKS )

Ingress Controller details

AKS Non-prod

Name:             ingress-azure-1697694519-65f7f48648-zg8gh
Namespace:        default
Priority:         0
Service Account:  ingress-azure-1697694519
Node:             aks-systempool-21237270-vmss000003/10.224.0.149
Start Time:       Tue, 12 Dec 2023 08:44:11 +0000
Labels:           app=ingress-azure
                  pod-template-hash=65f7f48648
                  release=ingress-azure-1697694519
Annotations:      checksum/config: 81f36515a8192d252e9b3f0b06a35ddabaf21c19c525e14e955bc3df95b353a2
                  prometheus.io/port: 8123
                  prometheus.io/scrape: true
Status:           Running
IP:               10.224.0.154
IPs:
  IP:           10.224.0.154
Controlled By:  ReplicaSet/ingress-azure-1697694519-65f7f48648
Containers:
  ingress-azure:
    Container ID:   containerd://83c573fa3c9e3bfbd9b0afff81923b077d5210b291063be7318ab4907219c340
    Image:          mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.7.2
    Image ID:       mcr.microsoft.com/azure-application-gateway/kubernetes-ingress@sha256:eeb1d42ebfb872478d9b0b16f6936ea938d6e5eed4a59cde332b8757556a5e1f
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Tue, 12 Dec 2023 08:44:16 +0000
    Ready:          True
    Restart Count:  0
    Liveness:       http-get http://:8123/health/alive delay=15s timeout=1s period=20s #success=1 #failure=3
    Readiness:      http-get http://:8123/health/ready delay=5s timeout=1s period=10s #success=1 #failure=3
    Environment Variables from:
      ingress-azure-1697694519  ConfigMap  Optional: false
    Environment:
      AZURE_CLOUD_PROVIDER_LOCATION:  /etc/appgw/azure.json
      AGIC_POD_NAME:                  ingress-azure-1697694519-65f7f48648-zg8gh (v1:metadata.name)
      AGIC_POD_NAMESPACE:             default (v1:metadata.namespace)
      AZURE_AUTH_LOCATION:            /etc/Azure/Networking-AppGW/auth/armAuth.json
    Mounts:
      /etc/Azure/Networking-AppGW/auth from networking-appgw-k8s-azure-service-principal-mount (ro)
      /etc/appgw/ from azure (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-btztx (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  azure:
    Type:          HostPath (bare host directory volume)
    Path:          /etc/kubernetes/
    HostPathType:  Directory
  networking-appgw-k8s-azure-service-principal-mount:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  networking-appgw-k8s-azure-service-principal
    Optional:    false
  kube-api-access-btztx:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:                      <none>

AKS Prod

Name:         ingress-azure-1701161408-845bb4cd54-cnt9k
Namespace:    default
Priority:     0
Node:         aks-agentpool-35050804-vmss00000b/10.2.0.222
Start Time:   Tue, 12 Dec 2023 08:45:09 +0000
Labels:       app=ingress-azure
              pod-template-hash=845bb4cd54
              release=ingress-azure-1701161408
Annotations:  checksum/config: 3c81d2ca8eef725a817449d23a39fdaf3f394bbd6ad7ae7fddc754b5b1cfadfc
              prometheus.io/port: 8123
              prometheus.io/scrape: true
Status:       Running
IP:           10.2.0.235
IPs:
  IP:           10.2.0.235
Controlled By:  ReplicaSet/ingress-azure-1701161408-845bb4cd54
Containers:
  ingress-azure:
    Container ID:   containerd://eb11659503b262c0a4e2daa7a3af61a507bc93a36faf26d5f2776af70ad617ee
    Image:          mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.7.2
    Image ID:       mcr.microsoft.com/azure-application-gateway/kubernetes-ingress@sha256:eeb1d42ebfb872478d9b0b16f6936ea938d6e5eed4a59cde332b8757556a5e1f
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Tue, 12 Dec 2023 08:45:10 +0000
    Ready:          True
    Restart Count:  0
    Liveness:       http-get http://:8123/health/alive delay=15s timeout=1s period=20s #success=1 #failure=3
    Readiness:      http-get http://:8123/health/ready delay=5s timeout=1s period=10s #success=1 #failure=3
    Environment Variables from:
      ingress-azure-1701161408  ConfigMap  Optional: false
    Environment:
      AZURE_CLOUD_PROVIDER_LOCATION:  /etc/appgw/azure.json
      AGIC_POD_NAME:                  ingress-azure-1701161408-845bb4cd54-cnt9k (v1:metadata.name)
      AGIC_POD_NAMESPACE:             default (v1:metadata.namespace)
      AZURE_AUTH_LOCATION:            /etc/Azure/Networking-AppGW/auth/armAuth.json
    Mounts:
      /etc/Azure/Networking-AppGW/auth from networking-appgw-k8s-azure-service-principal-mount (ro)
      /etc/appgw/ from azure (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-ffmwv (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  azure:
    Type:          HostPath (bare host directory volume)
    Path:          /etc/kubernetes/
    HostPathType:  Directory
  networking-appgw-k8s-azure-service-principal-mount:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  networking-appgw-k8s-azure-service-principal
    Optional:    false
  kube-api-access-ffmwv:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:                      <none>

• Output of `kubectl logs . AKS NON-prod

  I1219 10:40:32.829296       1 mutate_app_gateway.go:174] Applied generated Application Gateway configuration
  I1219 10:40:32.829324       1 mutate_app_gateway.go:189] cache: Updated with latest applied config.
  I1219 10:40:32.831061       1 mutate_app_gateway.go:193] END AppGateway deployment
  I1219 10:40:32.831083       1 controller.go:152] Completed last event loop run in: 1m18.118418903s
  I1219 10:40:33.955766       1 context.go:748] IP 1XX.XXX.XXX.XX3 already set on Ingress frontend/portal-frontend-service
  I1219 10:40:33.959494       1 context.go:748] IP 1XX.XXX.XXX.XX3 already set on Ingress services-persona/services-persona
  I1219 10:40:33.971082       1 context.go:748] IP 1XX.XXX.XXX.XX3 already set on Ingress services-timesheet/services-timesheet-api
  I1219 10:40:33.972803       1 mutate_app_gateway.go:83] [brownfield] Prohibited targets:  {"Hostname":"prod-XX.XX.XX"}
  I1219 10:40:33.973613       1 health_probes.go:67] [brownfield] Probes AGIC created: defaultprobe-Http, defaultprobe-Https, pb-frontend-portal-frontend-service-80-portal-frontend-service, pb-services-persona-services-persona-s-80-services-persona, pb-services-recruitment-recruitment-api-s-80-services-recruitment-api, pb-services-timesheet-services-timesheet-api-s-80-services-timesheet-api
  I1219 10:40:33.973625       1 health_probes.go:68] [brownfield] Existing Blacklisted Probes AGIC will retain: 
  I1219 10:40:33.973631       1 health_probes.go:69] [brownfield] Existing Probes AGIC will remove: 
  I1219 10:40:33.973659       1 backendhttpsettings.go:89] Created backend http settings bp-services-persona-services-persona-s-80-80-services-persona for ingress services-persona/services-persona and service services-persona/services-persona-s
  I1219 10:40:33.973678       1 backendhttpsettings.go:89] Created backend http settings bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api for ingress services-recruitment/services-recruitment-api and service services-recruitment/recruitment-api-s
  I1219 10:40:33.973690       1 backendhttpsettings.go:89] Created backend http settings bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api for ingress services-recruitment/services-recruitment-api and service services-recruitment/recruitment-api-s
  I1219 10:40:33.973704       1 backendhttpsettings.go:89] Created backend http settings bp-services-timesheet-services-timesheet-api-s-80-80-services-timesheet-api for ingress services-timesheet/services-timesheet-api and service services-timesheet/services-timesheet-api-s
  I1219 10:40:33.973717       1 backendhttpsettings.go:89] Created backend http settings bp-frontend-portal-frontend-service-80-80-portal-frontend-service for ingress frontend/portal-frontend-service and service frontend/portal-frontend-service
  I1219 10:40:33.973740       1 http_settings.go:68] [brownfield] HTTP Settings AGIC created: defaulthttpsetting, bp-services-persona-services-persona-s-80-80-services-persona, bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api, bp-services-timesheet-services-timesheet-api-s-80-80-services-timesheet-api, bp-frontend-portal-frontend-service-80-80-portal-frontend-service
  I1219 10:40:33.973780       1 http_settings.go:69] [brownfield] Existing Blacklisted HTTP Settings AGIC will retain: 
  I1219 10:40:33.973804       1 http_settings.go:70] [brownfield] Existing HTTP Settings AGIC will remove: 
  I1219 10:40:33.973884       1 pools.go:67] [brownfield] Pools AGIC created: defaultaddresspool, pool-services-timesheet-services-timesheet-api-s-80-bp-80, pool-frontend-portal-frontend-service-80-bp-80, pool-services-persona-services-persona-s-80-bp-80, pool-services-recruitment-recruitment-api-s-80-bp-80
  I1219 10:40:33.973914       1 pools.go:68] [brownfield] Existing Blacklisted Pools AGIC will retain: n/a
  I1219 10:40:33.973930       1 pools.go:69] [brownfield] Existing Pools AGIC will remove: n/a
  I1219 10:40:33.974000       1 listeners.go:103] [brownfield] Listeners AGIC created: fl-a19f1a3a837ba64a902a44e5b19337c5
  I1219 10:40:33.974027       1 listeners.go:104] [brownfield] Existing Blacklisted Listeners AGIC will retain: n/a
  I1219 10:40:33.974041       1 listeners.go:105] [brownfield] Existing Listeners AGIC will remove: n/a
  I1219 10:40:33.974076       1 redirects.go:52] [brownfield] Redirects AGIC created: n/a
  I1219 10:40:33.974097       1 redirects.go:53] [brownfield] Existing Blacklisted Redirects AGIC will retain: n/a
  I1219 10:40:33.974115       1 redirects.go:54] [brownfield] Existing Redirects AGIC will remove: n/a
  I1219 10:40:33.974397       1 pathmaps.go:93] [brownfield] PathMaps AGIC created: url-a19f1a3a837ba64a902a44e5b19337c5
  I1219 10:40:33.974406       1 pathmaps.go:94] [brownfield] Existing Blacklisted PathMaps AGIC will retain: n/a
  I1219 10:40:33.974410       1 pathmaps.go:95] [brownfield] Existing PathMaps AGIC will remove: n/a
  I1219 10:40:33.974423       1 routing_rules.go:95] [brownfield] Rules AGIC created: rr-a19f1a3a837ba64a902a44e5b19337c5
  I1219 10:40:33.974428       1 routing_rules.go:96] [brownfield] Existing Blacklisted Rules AGIC will retain: n/a
  I1219 10:40:33.974432       1 routing_rules.go:97] [brownfield] Existing Rules AGIC will remove: n/a
  I1219 10:40:33.986863       1 mutate_app_gateway.go:166] BEGIN AppGateway deployment
  I1219 10:40:34.476648       1 client.go:220] OperationID='ae083a67-4c6d-4305-9624-dc70e87c5c82'
  I1219 10:40:42.669810       1 mutate_app_gateway.go:174] Applied generated Application Gateway configuration
  I1219 10:40:42.669834       1 mutate_app_gateway.go:189] cache: Updated with latest applied config.
  I1219 10:40:42.672509       1 mutate_app_gateway.go:193] END AppGateway deployment
  I1219 10:40:42.672721       1 controller.go:152] Completed last event loop run in: 8.841514744s
  I1219 10:40:43.726609       1 context.go:748] IP 1XX.XXX.XXX.XX3 already set on Ingress frontend/portal-frontend-service
  I1219 10:40:43.732058       1 context.go:748] IP 1XX.XXX.XXX.XX3 already set on Ingress services-persona/services-persona
  I1219 10:40:43.735512       1 context.go:748] IP 1XX.XXX.XXX.XX3 already set on Ingress services-recruitment/services-recruitment-api
  I1219 10:40:43.738990       1 context.go:748] IP 1XX.XXX.XXX.XX3 already set on Ingress services-timesheet/services-timesheet-api
  I1219 10:40:43.742338       1 mutate_app_gateway.go:83] [brownfield] Prohibited targets: {"Hostname":"prod-XX.XX.XX"}
  I1219 10:40:43.744610       1 health_probes.go:67] [brownfield] Probes AGIC created: defaultprobe-Http, defaultprobe-Https, pb-services-recruitment-recruitment-api-s-80-services-recruitment-api, pb-services-timesheet-services-timesheet-api-s-80-services-timesheet-api, pb-frontend-portal-frontend-service-80-portal-frontend-service, pb-services-persona-services-persona-s-80-services-persona
  I1219 10:40:43.744713       1 health_probes.go:68] [brownfield] Existing Blacklisted Probes AGIC will retain: 
  I1219 10:40:43.744776       1 health_probes.go:69] [brownfield] Existing Probes AGIC will remove: 
  I1219 10:40:43.744852       1 backendhttpsettings.go:89] Created backend http settings bp-services-timesheet-services-timesheet-api-s-80-80-services-timesheet-api for ingress services-timesheet/services-timesheet-api and service services-timesheet/services-timesheet-api-s
  I1219 10:40:43.744941       1 backendhttpsettings.go:89] Created backend http settings bp-frontend-portal-frontend-service-80-80-portal-frontend-service for ingress frontend/portal-frontend-service and service frontend/portal-frontend-service
  I1219 10:40:43.745006       1 backendhttpsettings.go:89] Created backend http settings bp-services-persona-services-persona-s-80-80-services-persona for ingress services-persona/services-persona and service services-persona/services-persona-s
  I1219 10:40:43.745195       1 backendhttpsettings.go:89] Created backend http settings bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api for ingress services-recruitment/services-recruitment-api and service services-recruitment/recruitment-api-s
  I1219 10:40:43.745402       1 backendhttpsettings.go:89] Created backend http settings bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api for ingress services-recruitment/services-recruitment-api and service services-recruitment/recruitment-api-s
  I1219 10:40:43.745576       1 http_settings.go:68] [brownfield] HTTP Settings AGIC created: bp-services-timesheet-services-timesheet-api-s-80-80-services-timesheet-api, bp-frontend-portal-frontend-service-80-80-portal-frontend-service, bp-services-persona-services-persona-s-80-80-services-persona, bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api, defaulthttpsetting
  I1219 10:40:43.746075       1 http_settings.go:69] [brownfield] Existing Blacklisted HTTP Settings AGIC will retain: 
  I1219 10:40:43.746317       1 http_settings.go:70] [brownfield] Existing HTTP Settings AGIC will remove: 
  I1219 10:40:43.746522       1 pools.go:67] [brownfield] Pools AGIC created: pool-services-recruitment-recruitment-api-s-80-bp-80, pool-services-timesheet-services-timesheet-api-s-80-bp-80, pool-frontend-portal-frontend-service-80-bp-80, defaultaddresspool, pool-services-persona-services-persona-s-80-bp-80
  I1219 10:40:43.746681       1 pools.go:68] [brownfield] Existing Blacklisted Pools AGIC will retain: n/a
  I1219 10:40:43.746816       1 pools.go:69] [brownfield] Existing Pools AGIC will remove: n/a
  I1219 10:40:43.747027       1 listeners.go:103] [brownfield] Listeners AGIC created: fl-a19f1a3a837ba64a902a44e5b19337c5
  I1219 10:40:43.747174       1 listeners.go:104] [brownfield] Existing Blacklisted Listeners AGIC will retain: n/a
  I1219 10:40:43.747327       1 listeners.go:105] [brownfield] Existing Listeners AGIC will remove: n/a
  I1219 10:40:43.747498       1 redirects.go:52] [brownfield] Redirects AGIC created: n/a
  I1219 10:40:43.747641       1 redirects.go:53] [brownfield] Existing Blacklisted Redirects AGIC will retain: n/a
  I1219 10:40:43.747770       1 redirects.go:54] [brownfield] Existing Redirects AGIC will remove: n/a
  I1219 10:40:43.748213       1 pathmaps.go:93] [brownfield] PathMaps AGIC created: url-a19f1a3a837ba64a902a44e5b19337c5
  I1219 10:40:43.748380       1 pathmaps.go:94] [brownfield] Existing Blacklisted PathMaps AGIC will retain: n/a
  I1219 10:40:43.748526       1 pathmaps.go:95] [brownfield] Existing PathMaps AGIC will remove: n/a
  I1219 10:40:43.748679       1 routing_rules.go:95] [brownfield] Rules AGIC created: rr-a19f1a3a837ba64a902a44e5b19337c5
  I1219 10:40:43.748821       1 routing_rules.go:96] [brownfield] Existing Blacklisted Rules AGIC will retain: n/a
  I1219 10:40:43.748950       1 routing_rules.go:97] [brownfield] Existing Rules AGIC will remove: n/a
  I1219 10:40:43.759273       1 mutate_app_gateway.go:153] cache: Config has NOT changed! No need to connect to ARM.
  I1219 10:40:43.759295       1 controller.go:152] Completed last event loop run in: 86.361563ms

AKS PROD

I1219 10:45:36.647729       1 mutate_app_gateway.go:83] [brownfield] Prohibited targets: {"Hostname":"dev-XX.XX.XX"}
I1219 10:45:36.648502       1 health_probes.go:67] [brownfield] Probes AGIC created: defaultprobe-Http, defaultprobe-Https, pb-services-recruitment-recruitment-api-s-80-services-recruitment-api-prod
I1219 10:45:36.648595       1 health_probes.go:68] [brownfield] Existing Blacklisted Probes AGIC will retain: pb-frontend-portal-frontend-service-80-portal-frontend-service, pb-services-persona-services-persona-s-80-services-persona, pb-services-recruitment-recruitment-api-s-80-services-recruitment-api, pb-services-timesheet-services-timesheet-api-s-80-services-timesheet-api
I1219 10:45:36.648661       1 health_probes.go:69] [brownfield] Existing Probes AGIC will remove: 
I1219 10:45:36.648749       1 backendhttpsettings.go:89] Created backend http settings bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api-prod for ingress services-recruitment/services-recruitment-api-prod and service services-recruitment/recruitment-api-s
I1219 10:45:36.648821       1 backendhttpsettings.go:89] Created backend http settings bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api-prod for ingress services-recruitment/services-recruitment-api-prod and service services-recruitment/recruitment-api-s
I1219 10:45:36.648904       1 http_settings.go:68] [brownfield] HTTP Settings AGIC created: defaulthttpsetting, bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api-prod
I1219 10:45:36.648957       1 http_settings.go:69] [brownfield] Existing Blacklisted HTTP Settings AGIC will retain: bp-frontend-portal-frontend-service-80-80-portal-frontend-service, bp-services-persona-services-persona-s-80-80-services-persona, bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api, bp-services-timesheet-services-timesheet-api-s-80-80-services-timesheet-api
I1219 10:45:36.648988       1 http_settings.go:70] [brownfield] Existing HTTP Settings AGIC will remove: 
I1219 10:45:36.649080       1 pools.go:67] [brownfield] Pools AGIC created: defaultaddresspool, pool-services-recruitment-recruitment-api-s-80-bp-80
I1219 10:45:36.649133       1 pools.go:68] [brownfield] Existing Blacklisted Pools AGIC will retain: pool-frontend-portal-frontend-service-80-bp-80, pool-services-persona-services-persona-s-80-bp-80, pool-services-recruitment-recruitment-api-s-80-bp-80, pool-services-timesheet-services-timesheet-api-s-80-bp-80
I1219 10:45:36.649196       1 pools.go:69] [brownfield] Existing Pools AGIC will remove: n/a
I1219 10:45:36.649294       1 listeners.go:103] [brownfield] Listeners AGIC created: fl-71a05b4f57f7e43361601e4564fd6952
I1219 10:45:36.649330       1 listeners.go:104] [brownfield] Existing Blacklisted Listeners AGIC will retain: fl-a19f1a3a837ba64a902a44e5b19337c5
I1219 10:45:36.649376       1 listeners.go:105] [brownfield] Existing Listeners AGIC will remove: n/a
I1219 10:45:36.649449       1 redirects.go:52] [brownfield] Redirects AGIC created: n/a
I1219 10:45:36.649492       1 redirects.go:53] [brownfield] Existing Blacklisted Redirects AGIC will retain: n/a
I1219 10:45:36.649523       1 redirects.go:54] [brownfield] Existing Redirects AGIC will remove: n/a
I1219 10:45:36.649674       1 pathmaps.go:93] [brownfield] PathMaps AGIC created: url-71a05b4f57f7e43361601e4564fd6952
I1219 10:45:36.649756       1 pathmaps.go:94] [brownfield] Existing Blacklisted PathMaps AGIC will retain: url-a19f1a3a837ba64a902a44e5b19337c5
I1219 10:45:36.649846       1 pathmaps.go:95] [brownfield] Existing PathMaps AGIC will remove: n/a
I1219 10:45:36.649931       1 routing_rules.go:95] [brownfield] Rules AGIC created: rr-71a05b4f57f7e43361601e4564fd6952
I1219 10:45:36.650019       1 routing_rules.go:96] [brownfield] Existing Blacklisted Rules AGIC will retain: rr-a19f1a3a837ba64a902a44e5b19337c5
I1219 10:45:36.650090       1 routing_rules.go:97] [brownfield] Existing Rules AGIC will remove: n/a
I1219 10:45:36.670940       1 mutate_app_gateway.go:166] BEGIN AppGateway deployment
I1219 10:45:37.533716       1 client.go:220] OperationID='eb19282b-561d-485c-bd7c-f05e59c109ae'
I1219 10:46:44.020214       1 mutate_app_gateway.go:174] Applied generated Application Gateway configuration
I1219 10:46:44.020247       1 mutate_app_gateway.go:189] cache: Updated with latest applied config.
I1219 10:46:44.022389       1 mutate_app_gateway.go:193] END AppGateway deployment
I1219 10:46:44.022411       1 controller.go:152] Completed last event loop run in: 1m7.688558019s
I1219 10:46:45.084596       1 context.go:748] IP 1XX.XXX.XXX.XX3 already set on Ingress services-recruitment/services-recruitment-api-prod
I1219 10:46:45.087937       1 mutate_app_gateway.go:83] [brownfield] Prohibited targets: {"Hostname":"dev-XX.XX.XX"}
I1219 10:46:45.088740       1 health_probes.go:67] [brownfield] Probes AGIC created: defaultprobe-Http, defaultprobe-Https, pb-services-recruitment-recruitment-api-s-80-services-recruitment-api-prod
I1219 10:46:45.088959       1 health_probes.go:68] [brownfield] Existing Blacklisted Probes AGIC will retain: pb-frontend-portal-frontend-service-80-portal-frontend-service, pb-services-persona-services-persona-s-80-services-persona, pb-services-recruitment-recruitment-api-s-80-services-recruitment-api, pb-services-timesheet-services-timesheet-api-s-80-services-timesheet-api
I1219 10:46:45.089133       1 health_probes.go:69] [brownfield] Existing Probes AGIC will remove: 
I1219 10:46:45.089336       1 backendhttpsettings.go:89] Created backend http settings bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api-prod for ingress services-recruitment/services-recruitment-api-prod and service services-recruitment/recruitment-api-s
I1219 10:46:45.089510       1 backendhttpsettings.go:89] Created backend http settings bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api-prod for ingress services-recruitment/services-recruitment-api-prod and service services-recruitment/recruitment-api-s
I1219 10:46:45.089714       1 http_settings.go:68] [brownfield] HTTP Settings AGIC created: defaulthttpsetting, bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api-prod
I1219 10:46:45.089863       1 http_settings.go:69] [brownfield] Existing Blacklisted HTTP Settings AGIC will retain: bp-frontend-portal-frontend-service-80-80-portal-frontend-service, bp-services-persona-services-persona-s-80-80-services-persona, bp-services-recruitment-recruitment-api-s-80-80-services-recruitment-api, bp-services-timesheet-services-timesheet-api-s-80-80-services-timesheet-api
I1219 10:46:45.090011       1 http_settings.go:70] [brownfield] Existing HTTP Settings AGIC will remove: 
I1219 10:46:45.090216       1 pools.go:67] [brownfield] Pools AGIC created: defaultaddresspool, pool-services-recruitment-recruitment-api-s-80-bp-80
I1219 10:46:45.090369       1 pools.go:68] [brownfield] Existing Blacklisted Pools AGIC will retain: pool-frontend-portal-frontend-service-80-bp-80, pool-services-persona-services-persona-s-80-bp-80, pool-services-recruitment-recruitment-api-s-80-bp-80, pool-services-timesheet-services-timesheet-api-s-80-bp-80
I1219 10:46:45.090493       1 pools.go:69] [brownfield] Existing Pools AGIC will remove: n/a
I1219 10:46:45.090727       1 listeners.go:103] [brownfield] Listeners AGIC created: fl-71a05b4f57f7e43361601e4564fd6952
I1219 10:46:45.090752       1 listeners.go:104] [brownfield] Existing Blacklisted Listeners AGIC will retain: fl-a19f1a3a837ba64a902a44e5b19337c5
I1219 10:46:45.090757       1 listeners.go:105] [brownfield] Existing Listeners AGIC will remove: n/a
I1219 10:46:45.090822       1 redirects.go:52] [brownfield] Redirects AGIC created: n/a
I1219 10:46:45.090833       1 redirects.go:53] [brownfield] Existing Blacklisted Redirects AGIC will retain: n/a
I1219 10:46:45.090837       1 redirects.go:54] [brownfield] Existing Redirects AGIC will remove: n/a
I1219 10:46:45.091002       1 pathmaps.go:93] [brownfield] PathMaps AGIC created: url-71a05b4f57f7e43361601e4564fd6952
I1219 10:46:45.091013       1 pathmaps.go:94] [brownfield] Existing Blacklisted PathMaps AGIC will retain: url-a19f1a3a837ba64a902a44e5b19337c5
I1219 10:46:45.091020       1 pathmaps.go:95] [brownfield] Existing PathMaps AGIC will remove: n/a
I1219 10:46:45.091056       1 routing_rules.go:95] [brownfield] Rules AGIC created: rr-71a05b4f57f7e43361601e4564fd6952
I1219 10:46:45.091065       1 routing_rules.go:96] [brownfield] Existing Blacklisted Rules AGIC will retain: rr-a19f1a3a837ba64a902a44e5b19337c5
I1219 10:46:45.091069       1 routing_rules.go:97] [brownfield] Existing Rules AGIC will remove: n/a
I1219 10:46:45.105252       1 mutate_app_gateway.go:153] cache: Config has NOT changed! No need to connect to ARM.
I1219 10:46:45.105274       1 controller.go:152] Completed last event loop run in: 82.662973ms

• Any Azure support tickets associated with this issue.

[ritwik-singh]

Hello sir, did you find any solution to this?

[kirillzekn]

unfortunately no, we decided to not use AGIC anymore due to unpredictable future.