High Availability Deployment of Nginx Gateway Fabric Replacing Retired Ingress Nginx in AKS - Part 4 - Switch Traffic from Ingress-Nginx to Nginx-Gateway

 In the part 2 and part 3 of this blog series, we have deployed nginx-gateway in AKS, with required route and policy setup to correctly route to elastic search and kibana deployed in AKS. But we are still have live traffic to elastic search and kibana via the retired ingress-nginx, after the deployment of nginx-gateway also in the same cluster. No as we planned we are going to do the release 2 to get the traffic switch from retired ingress-nginx to new nginx-gateway deployed in AKS.

The expectation is to have kibana and elastic host names to resolve to private IP of the nginx-gateway loadbalancer as shown below, and the ability to use elastic search with the url, using nginx-gateway.

You can see here in our AKS cluster we have both ingress-nginx and nginx-gateway loadbalancers setup with diffrent private IPs from the vNET subnet.

The private DNS zone is still using the private IP of ingress-nginx loadbalancer.

If we ping host names they resolve to 239 private IP as shown below.

Now we can update DNS setting in terraform to use nginx-gatewayprivate IP instead of ingress-nginx private IP.

# Private dns a record for AKS Nginx-Gateway Private IP

resource "azurerm_private_dns_a_record" "aks_nginx" {

  name                = "*.${local.aks_dns_prefix}"

  zone_name           = azurerm_private_dns_zone.aks.name

  resource_group_name = azurerm_private_dns_zone.aks.resource_group_name

  ttl                 = 3600

  records             = [var.SH_PRIVATE_IP_NGINX_GATEWAY]

}

After this change is deployed the private DNS zone now points to nginx-gateway private IP 238.

Now the routing happens via ngix-gateway.

As the next step and in the next release 3 to production, we can remove the deployment of retired ingress-nginx from the AKS, by removing code/script/Terraform facilitating that deployment.