Layer7 API Management

  • Private Community
 View Only

 Questions regarding container gateway on (azure) kubernetes with ingress

Johan Velde's profile image
Johan Velde posted Jan 11, 2021 02:52 AM
Hello,

I am trying to install an api container gateway on azure kubernetes service. The container image installs fine, and without an ingress controller I can reach the gateway with the policy manager from my desktop. When I add an ingress controller, I can't reach the gateway anymore. The relevant parts from the yaml file for helm installation are (I removed the url and IP address parameters):

  ports:
    - name: https
      internal: 8443
      external: 8443
    - name: management
      internal: 9443
      external: 9443
  annotations: {}​


And:

ingress:
  enabled: true
  class: nginx
  annotations:
  hostname: url.region.cloudapp.azure.com
  port: 8443
  additionalHostnamesAndPorts:
  tls: false
  secretName:


Kubectl get ingress shows the following:

my-ssg-gateway   <none>   url.region.cloudapp.azure.com   ip address   80      2d20h


Kubectl describe ingress shows the following:

Name:             my-ssg-gateway
Namespace:        default
Address:          ip address
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                                    Path  Backends
  ----                                    ----  --------
  url.region.cloudapp.azure.com
                                             my-ssg-gateway:8443 (ip address:8443)
Annotations:                              kubernetes.io/ingress.class: nginx
                                          meta.helm.sh/release-name: my-ssg
                                          meta.helm.sh/release-namespace: default
Events:                                   <none>


I have two questions regarding this:

1: I can't reach the api container gateway with the policy manager from my desktop. According to the reference architecture, connecting to the container gateway through the ingress should be the way to go (https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/congw-10-0/learning-center/about-the-layer7-api-gateway/Production-Network-Architecture.html#concept.dita_45cc8e99-b6ac-4391-a5d9-d3916e26e29c). However, the ingress controller can only expose port 80 and 443. It routes to a port on a container based on the url. The policy manager connects to port 8443. I think this won't work, as port 8443 isn't available on the ingress controller.

2: My assumption is that the helm install will install the appropriate ingress rules on my kubernetes cluster. All I have to do is install an ingress controller. Something doesn't seem to work though. If I enter the url in a browser, I get a 404 not found back from my nginx ingress controller. I had expected some sort of error from the api container gateway. My guess is that the ingress controller doesn't forward traffic to the api container gateway. Should I configure something different in my yaml file? Or is there some more configuration to do on my kubernetes cluster?

Thanks in advance.