Expose the admin server
You now have public access again through the Application Gateway to the spring petclinic application. Let’s create an additional rule in the Application Gateway to also expose the admin server.
Step by step guidance
-
As a first step you will need to add an additional backend address pool pointing to the private IP address of the admin server.
az network application-gateway address-pool create \ --gateway-name $APPGW_NAME \ --name adminbackend \ --resource-group $RESOURCE_GROUP \ --servers $AKS_MC_LB_INTERNAL_FE_IP2
-
For distinguishing the traffic going to the main application and the traffic going to the admin server, you will make use of a different frontend port.
az network application-gateway frontend-port create \ --gateway-name $APPGW_NAME \ --name port4433 \ --port 4433 \ --resource-group $RESOURCE_GROUP
-
When you list your frontend ports you will see this new port.
az network application-gateway frontend-port list \ --gateway-name $APPGW_NAME \ --resource-group $RESOURCE_GROUP
-
Next create a listener for the admin server, which will use the new frontend port.
az network application-gateway http-listener create \ --frontend-port port4433 \ --gateway-name $APPGW_NAME \ --name adminlistener \ --resource-group $RESOURCE_GROUP \ --ssl-cert ${APPGW_NAME}SslCert
-
As a last step you need to create a rule that forwards the trafic from the listener you just created to the backend pool.
az network application-gateway rule create \ --gateway-name $APPGW_NAME \ --name adminroutingrule \ --resource-group $RESOURCE_GROUP \ --address-pool adminbackend \ --http-listener adminlistener \ --http-settings appGatewayBackendHttpSettings \ --priority "2"
-
When querying the backend health, this should again show you a
Healthy
state, but now for 2 backend instances.az network application-gateway show-backend-health \ --name $APPGW_NAME \ --resource-group $RESOURCE_GROUP