AKS Ingress Controller not accessible from external network despite correct configuration

Question

I'm encountering an issue with my Azure Kubernetes Service (AKS) cluster where I can't access my application through the Ingress Controller from the external network, despite seemingly correct configuration. Here are the details:

Environment:

AKS cluster in Azure (Italy North region)
Using Azure CNI for networking
Nginx Ingress Controller(and the default load balancer)
Application: Mealie (a recipe management app)
Domain: my custom domain

Configuration:

Ingress Controller is deployed in the ingress-basic namespace
Mealie application is deployed in the mealie namespace
DNS A record for my domain points to 172.213.193.163 (load balancer's external IP)

What's Working:

DNS resolution is correct (nslookup my domain returns 172.213.193.163)
Internal cluster communication works (can access the service from within the cluster)
Ingress Controller pod is running
Mealie service and pods are running

What's Not Working:

Unable to access the application from external network (browser or curl)
Curl from Azure Cloud Shell also fails to connect

Troubleshooting Steps Taken:

Verified Ingress resource configuration:


   apiVersion: networking.k8s.io/v1

   kind: Ingress

   metadata:

     annotations:

       kubernetes.io/ingress.class: nginx

     name: mealie-ingress

     namespace: mealie

   spec:

     rules:

     - host: my domain name

       http:

         paths:

         - backend:

             service:

               name: mealie-svc

               port:

                 number: 80

           path: /

           pathType: Prefix

Checked Ingress Controller logs - no apparent errors
Verified Network Security Group (NSG) rules:
- Allow inbound traffic from Internet to 172.213.193.163 on ports 80 and 443
- Default rules for VNet communication are in place

Confirmed Mealie service configuration:


   Name:              mealie-svc

   Namespace:         mealie

   Type:              ClusterIP

   IP:                10.0.183.178

   Port:                80/TCP

   TargetPort:        9000/TCP

   Endpoints:         10.244.0.231:9000

Tested internal cluster access - successful
Checked AKS cluster status - shows as "Succeeded"
Verified Azure Load Balancer configuration
Examined kube-proxy and CoreDNS - appear to be functioning normally

I've gone through multiple rounds of troubleshooting, including all the standard checks for AKS and Ingress issues. The peculiar thing is that everything seems to be configured correctly, yet external access fails.

Error:

When trying to access my domain, the connection times out. Curl from Azure Cloud Shell shows:


* Trying 172.213.193.163:80...

and it times out eventually.

Any insights or suggestions would be greatly appreciated. I'm at a loss as to what could be preventing external access when all configurations appear to be correct.

Answer

Hi @Kevin Wang,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

It might be the issue if you don't specify the health probe request path when your app doesn't respond to the root path ("/"). This can happen with some .NET applications where the default routing is set to "/api." In such cases, using a path like "/healthz" for health checks can be useful.

I'd suggest you get a known good app working and then figure out the delta between that app and yours. If both don't work, then you likely have an infrastructure issue and not a cluster one (eg. an NSG blocking all incoming traffic).

Install nginx again on the cluster with default config a different ingressClassName and see how you fare.

Probably it might need a support request to troubleshoot further from networking point of view to validate if any of the NSGs are blocking the access.

If you have any further queries, do let us know.

Share via