2

This Azure setup uses Application Gateway with AKS and Istio acting as ingress controller. There is also a Hub and Spoke where the Application Gateway is in one of the Spokes.

The request enters via the Application Gateway, reaches the AKS but then does not return to the Application Gateway.

If I add an UDR (user defined route) to 0.0.0.0/0 with "Internet" as the Next Hop then I get a response (I can access the applications on the AKS).

This happens when the Vnet is peered with the hub. If we break the peering there are no issues.

Is this an Egress issue where Istio sends the traffic back directly to the initial source IP and not to the Application Gateway IP? And should I set an Egress Gateway to send the request back to the Application Gateway?

Morariu
  • 334
  • 2
  • 18
  • Can you provice any manifest files? It's near to impossible to troubleshoot your issue without [Minimal, Reproducible Example](//minimal-reproducible-example). –  Oct 20 '21 at 09:52
  • @p10l thanks. I was looking for a view into how this is done at a high level. As I don't have an Egress Gateway. – Morariu Oct 22 '21 at 13:03

0 Answers0