Unable to reach services via Azure Traffic Manager and Nginx Ingress on AKS

Question

I have two AKS clusters as primary and secondary in two different regions. I want to use Azure traffic manager for the the Priority based endpoint monitoring and fail-over mechanism on the primary and secondary clusters. I got two services: A and B that routes at the relative path /service-a and /service-b respectively. I have nginx ingress controller on each cluster with PIP mapped to the custom host aks-primary.xyz.com and aks-secondary.xyz.com respectively.

The services are reachable on the below paths:

On Primary Custer:

https://aks-primary.xyz.com/service-a

https://aks-primary.xyz.com/service-b

On secondary cluster:

https://aks-secondary.xyz.com/service-a

https://aks-secondary.xyz.com/service-b

I added the primary and secondary host aks-primary.xyz.com and aks-secondary.xyz.com as the endpoint in the Azure Traffic Manager for priority based routing. I added the probe path /healthz and port 443. My endpoints are online.

I added the custom domain for the ATM FQDN my-atm.trafficmanager.net to aks.xyz.com I am unable to reach to my services on below paths

https://aks.xyz.com/service-a

https://aks.xyz.com/service-b

Please suggest.

score 4 · Answer 1 · edited May 31 '20 at 11:39

I got this resolved.

I added the ingress with two hosts on each cluster.

hosts: aks-primary.xyz.com and aks.xyz.com on cluster aks primary.

hosts: aks-secondary.xyz.com and aks.xyz.com on cluster aks secondary.

A sample ingress on cluster aks primary:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-atm
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: aks-primary.xyz.com
    http:
      paths:
      - backend:
          serviceName: service-a
          servicePort: 80
        path: /service-a
      - backend:
          serviceName: service-b
          servicePort: 80
        path: /service-b
  - host: aks.xyz.com
    http:
      paths:
      - backend:
          serviceName: service-a
          servicePort: 80
        path: /service-a
      - backend:
          serviceName: service-b
          servicePort: 80
        path: /service-b
  tls:
  - hosts:
    - aks-primary.xyz.com
    secretName: tls-secret-wildcard-for-xyz-com
  - hosts:
    - aks.xyz.com
    secretName: tls-secret-wildcard-for-xyz-com`

Cheers!

Did you add the NGINX Ingress Controllers Public IP of each cluster as the endpoints in Azure TM or else the FQDN? — Container-Man, Jul 15 '23 at 07:37

Unable to reach services via Azure Traffic Manager and Nginx Ingress on AKS

1 Answers1

Linked