In AKS, when we create a LoadBalancer-type Service, an underlying Azure load balancer resource is also created. This load balancer is configured by Azure with a frontend IP, and also backend pools, where the LB will send the traffic to.
Along with configuring the frontend IP for the LB, Azure also configures health-probe/s for the LB. This health-probe pings the services in the backend to make sure that they are healthy and can receive traffic from the LB. If the health-probe returns any response code, other than 200, the entire ingress controller will be down. With the ingress-controller marked as down, the frontend IP be unresponsive too.
This is what happens with the default Uffizzi installation, that is, Azure creates a LB and Azure also configures health-probes for this load balancer. However, without the following 2 annotations for the ingress-nginx chart, the health-probe for the ingress (the LB) is misconfigured. Those 2 annotations are:
Note: In place of /healthz, we need to use livez since /healthz is not deprecated.
Without these 2 annotations needed by the ingress-nginx chart, the health-probe for the ingress doesn't return 200 and therefore the entire ingress controller is down. When the cert-manager sends a request to the ingress IP (configured at controller.example_domain.com), the request fails.
These 2 annotations are therefore needed by the ingress-nginx chart so it can receive requests.
In AKS, when we create a LoadBalancer-type Service, an underlying Azure load balancer resource is also created. This load balancer is configured by Azure with a frontend IP, and also backend pools, where the LB will send the traffic to.
Along with configuring the frontend IP for the LB, Azure also configures health-probe/s for the LB. This health-probe pings the services in the backend to make sure that they are healthy and can receive traffic from the LB. If the health-probe returns any response code, other than 200, the entire ingress controller will be down. With the ingress-controller marked as down, the frontend IP be unresponsive too.
This is what happens with the default Uffizzi installation, that is, Azure creates a LB and Azure also configures health-probes for this load balancer. However, without the following 2 annotations for the ingress-nginx chart, the health-probe for the ingress (the LB) is misconfigured. Those 2 annotations are:
Note: In place of
/healthz, we need to uselivezsince/healthzis not deprecated.Without these 2 annotations needed by the ingress-nginx chart, the health-probe for the ingress doesn't return 200 and therefore the entire ingress controller is down. When the cert-manager sends a request to the ingress IP (configured at
controller.example_domain.com), the request fails.These 2 annotations are therefore needed by the ingress-nginx chart so it can receive requests.
Refer: Ingress controller on AKS Ingress not working on AKS