Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
I have consul on kubernetes as AKS (azure kubernetes service). In addition, I use Azure AGIC (Application Gateway Ingress Controller) I have implemented service mesh. I also use cosnul api gateway. Traffic pattern:
Public -> AAGW (Azure Aplication Gateway) -> MyIngress -> Cosnsul API Gateway -> HTTPRoute ->(Intention)-> myservice app
Almost everything is ok, however, one error occurs:
Consul api gateway I implement with CRD, kind: Gateway, gatewayClass: consul, listens on port 443 and terminates SSL.
Because of this, I have the following annotations in Ingress:
For Azure AGIC (Application Gateway Ingress Controller), it sends a regular health check to the Api consul gateway (which is in the service mesh). Unfortunately, the consul API gateway itself listens on https, and his pod endpoind for rediness probe listens on HTTP.
I can't change in ingress: appgw.ingress.kubernetes.io/backend-protocol: https
to http because consul api gateway itself terminates ssl so it has to listen on 443.
Where to point out port and path -> for consul api gatewey are:
/ready and port 21000
Unfortunately, despite their setting, it is not for ingress to set up a separate backend-protocol just for the health check probe.
Another problem is that the svc that is created automatically by the consul for api gateway only exposes port 443, and does not expose the port from the health check probe given in api gateway pod.
The question is:
How to configure cosnsul api gateway and AGIC correctly?
I mean how enable traffic for AGIC healt check queries to healt check /ready endpoint on port 21000 (cosnul api gateway pod)?
Reproduction Steps
Steps to reproduce this issue, eg:
Deploy consul on k8s (AKS)
Add CR with kind: Gateway with listener on 443 on / (PrefixPath), with myhost
Deploy AGIC on k8s (AKS)
Add ingress for myhost on 443 with myhost on / (PrefixPath) and appgw.ingress.kubernetes.io/backend-protocol: https
Check on Azure Portal that ingress -> will be unhealthy due to inability to send healt check to pod consul api gateway
Overview of the Issue
I have consul on kubernetes as AKS (azure kubernetes service). In addition, I use Azure AGIC (Application Gateway Ingress Controller) I have implemented service mesh. I also use cosnul api gateway. Traffic pattern:
Public -> AAGW (Azure Aplication Gateway) -> MyIngress -> Cosnsul API Gateway -> HTTPRoute ->(Intention)-> myservice app
Almost everything is ok, however, one error occurs:
Consul api gateway I implement with CRD, kind: Gateway, gatewayClass: consul, listens on port 443 and terminates SSL. Because of this, I have the following annotations in Ingress:
For Azure AGIC (Application Gateway Ingress Controller), it sends a regular health check to the Api consul gateway (which is in the service mesh). Unfortunately, the consul API gateway itself listens on https, and his pod endpoind for rediness probe listens on HTTP.
I can't change in ingress:
appgw.ingress.kubernetes.io/backend-protocol: httpsto http because consul api gateway itself terminates ssl so it has to listen on 443.Annotations available in AGIC:
Where to point out port and path -> for consul api gatewey are: /ready and port 21000
Unfortunately, despite their setting, it is not for ingress to set up a separate backend-protocol just for the health check probe.
Another problem is that the svc that is created automatically by the consul for api gateway only exposes port 443, and does not expose the port from the health check probe given in api gateway pod.
The question is:
How to configure cosnsul api gateway and AGIC correctly? I mean how enable traffic for AGIC healt check queries to healt check /ready endpoint on port 21000 (cosnul api gateway pod)?
Reproduction Steps
Steps to reproduce this issue, eg:
Consul info for both Client and Server
consul 1.19.2 consul-k8s 1.5.3
Operating system and Environment details
k8s - Azure Kubernetes Service v1.29.2