Re: Azure Application gateway connect to apigee

Abhi_azure_ai · 08-03-2022 11:55 PM

I am using Azure application Gateway to route traffic to api proxy deployed under apigee. I am facing errors while connecting azure application gateway backend pool to apigee. Can anyone help me with pointers to resolve the connectivity issue so that health probe in azure application gateway can connect to the apigee api proxy successfully ?

dchiesa1

Hi
I understand you have an Azure Application Gateway connecting to an Apigee-managed endpoint. And that the health probe in Azure is not working.

I don't have any experience with Azure gateways or the health probes they use. I suggest that you first start with ... can you access the Apigee-managed endpoint from a public network? If you can, then... the next step is to find out if Azure Gateway can connect out to a public endpoint. Probably if you are "facing errors", One of those two things is not happening. Or both.

If both of those things are correct, then you need to ensure that the health probe that Azure sends out is correctly handled by the specific Apigee proxy that handles the request. I don't know what those health probes look like. But check that the API proxy accepts the inbound verb/path pair and responds with something the health probe is happy with.

Good luck!

amanpurwar

The same issue i am also facing as backend health of Application gateway is unhealthy getting status of 502.

ganadurai

I assume you have Apigee Hybrid deployed in Azure (AKS) and you have completed deployment of Ingressgateway Service as described on this docs page.

Do have Ingress defined with annotations pointing to the health check attributes as explained here.

Thanks

DineshMannam

Hi Anadurai,

Thanks, for the above response, I'm on the same boat, I'm yet to apply GW annotations on my ingress service, qq, the kind in the yaml we use to expose the apigee is service and the kind in the GW documentation is ingress, but the same annotations applies? or do we need to create a seperate ingress kind yaml file and apply to the cluster?

DineshMannam

Hello, any response on this, please?

I really appreciate any help you can provide.

ganadurai

The Ingress object enables you to have single loadbalancer to support multiple FQDNs to target your multiple backend services. If your are using k8s service of type loadbalancer, in the situation of multiple hostnames you will end up with multiple services and hence multiple loadbalancer.

You will be having the annotations on the Ingress yaml defn for the health checks.

Thanks.

DineshMannam

so, we are using multi-ingress configuration for different envgroups in the same cluster and we have multiple service files which means every envgroup has its own LB, with the above suggestion:
1. we can put all of them into one Ingress Object file and use the annotations which you pointed out OR
2. we can change the existing individual k8s service files from service kind to Ingress kind and add the annotations as usual
I'm leaning more towards option 2. thoughts?

appreciate your help,
Dinesh Mannam

ganadurai

Option two will get you unique Azure load balancers, which is costly, as you add more hostnames.
Option one will collect all hostnames supported in a single Azure loadbalancer. Check out these docs:

https://learn.microsoft.com/en-us/azure/application-gateway/multiple-site-overview
https://kubernetes.io/docs/concepts/services-networking/ingress/#hostname-wildcards

Thanks.