Describe the bug
Application Gateway for Containers falls back to its default health probe (/) instead of using the backend pod readinessProbe.
To Reproduce
Steps to reproduce the behavior:
Create AGC BYO deployment
Install ALB via addon
Create the following resources:
apiVersion: v1
kind: Namespace
metadata:
name: agc-readiness-repro
---
apiVersion: v1
kind: ConfigMap
metadata:
name: app-nginx
namespace: agc-readiness-repro
data:
default.conf: |
server {
listen 8080;
server_name _;
access_log /dev/stdout;
error_log /dev/stderr notice;
location = /healthz {
return 200 'ok';
add_header Content-Type text/plain;
}
location / {
return 401;
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
namespace: agc-readiness-repro
spec:
replicas: 1
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
containers:
- name: nginx
image: nginx:1.27-alpine
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
volumes:
- name: nginx-config
configMap:
name: app-nginx
---
apiVersion: v1
kind: Service
metadata:
name: app
namespace: agc-readiness-repro
spec:
selector:
app: app
ports:
- port: 80
targetPort: 8080
protocol: TCP
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app
namespace: agc-readiness-repro
annotations:
alb.networking.azure.io/alb-frontend: agw-staging-alb-frontend
alb.networking.azure.io/alb-id: /subscriptions/0.0.0.0.0.0.0.0/resourceGroups/rg-staging/providers/Microsoft.ServiceNetworking/trafficControllers/agw-staging-aks
spec:
ingressClassName: azure-alb-external
rules:
- host: agc-readiness-repro.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app
port:
number: 80
Behavior
GET /healthz returns 200GET / returns 401readinessProbe is HTTP GET /healthz on port 8080- the Service forwards port
80 to target port 8080
- the Ingress routes
/ through azure-alb-external
nginx logs:
10.1.0.4 - - [08/Mar/2026:23:11:41 +0000] "GET /healthz HTTP/1.1" 200 2 "-" "kube-probe/1.33"
10.1.0.4 - - [08/Mar/2026:23:11:42 +0000] "GET /healthz HTTP/1.1" 200 2 "-" "kube-probe/1.33"
10.1.1.6 - - [08/Mar/2026:23:11:42 +0000] "GET / HTTP/1.1" 401 179 "-" "Microsoft-Azure-Application-LB/AGC"
10.1.1.7 - - [08/Mar/2026:23:11:43 +0000] "GET / HTTP/1.1" 401 179 "-" "Microsoft-Azure-Application-LB/AGC"
Expected behavior
The LB/AGC probe should target the same endpoint as the readinessProbe.
Environment (please complete the following information):
- ALB: 1.9.7
- Kubernetes version: 1.33.6
Describe the bug
Application Gateway for Containers falls back to its default health probe (
/) instead of using the backend podreadinessProbe.To Reproduce
Steps to reproduce the behavior:
Create AGC BYO deployment
Install ALB via addon
Create the following resources:
Behavior
GET /healthzreturns200GET /returns401readinessProbeis HTTPGET /healthzon port808080to target port8080/throughazure-alb-externalnginx logs:
Expected behavior
The LB/AGC probe should target the same endpoint as the readinessProbe.
Environment (please complete the following information):