search

Azure / application-gateway-kubernetes-ingress

This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
https://azure.github.io/application-gateway-kubernetes-ingress
MIT License
678 stars 424 forks source link

Not able to use TCP/TLS proxy #1628

Open ptrautberg opened 4 months ago

ptrautberg commented 4 months ago

Describe the bug Application Gateway is now offering TCP/TLS proxy, eg. for connecting to DB instances (link). Similar, this functionality can be used to access cluster-hosted dbs (statefulsets) using APP GW's private FE, but AGIC annotations do not include that.

image [source]

Also, the same is missing for health-checks. There is no such annotation like appgw.ingress.kubernetes.io/health-probe-protocol, which would allow to set custom health probe protocol. This is a must-have when using APP GW with TCP PROXY.

To Reproduce Configure ingress using TCP/TLS protocol, instead of HTTP(S).

Ingress Controller details Image: mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.7.4

MichaelChristopherson commented 3 days ago

This feature would be extremely helpful for using CAC (Common Access Card) authentication through an App GW into an Azure K8S cluster and be able to leverage application-gateway-kubernetes-ingress.

Azure documentation article as of 9/06/2024 does state this is currently unsupported Application Gateway TCP/TLS proxy overview.