Advice on using the gitlab helm chart on AKS with application gateway please

I’m trying to set up gitlab CE on Azure Kubernetes Service (AKS) using the helm charts. our company requires that any web service sits behind an Azure Application Gateway running Web Application Firewall. i’m setting this up as a pod follwong the instructions here: GitHub - Azure/application-gateway-kubernetes-ingress: This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
i’m struggling to get gitlab to accept requests through the WAF - if i point the WAF at the nginx ingress controller or directly at the gitlab webservices instance i get a 502 bad gateway error…

i’ve tried running the helm chart without the ingress controller as well, following the instructions here:

how can i get the gitlab chart to work with an external application gateway on aks?

right - i’ve got gitlab serving the login page via an azure application gateway ingress controller. the answer was to create a ingress config in kubectl and point it at gitlab-webservice-default on port 8080. now however, i am faced with another problem; any attempt to log in, on any browser, from any machine, gets a 422 " The change you requested was rejected" response. i have not yet set up SSL, so it is http throughout, and i disabled certs with these settings in the helm install command:
1. Remove ingress controller
–set nginx-ingress.enabled=false
2. Disable tls
–set certmanager.install=false
–set global.ingress.configureCertmanager=false

any ideas?

still seeing this. any ideas?

There are several specific items one must perform in order to accomplish this. I am very close to having this same type of arrangement deployed to an azure application gateway as well. I have successfully deployed this to a class of azure\application-gateway but am finding a few small problems myself. Could you provide your YAML that you used to deploy it to the application gateway? How did you create your trusted root cert? Are you using end to end TLS and uploading the trusted root cert and SSL cert to the application gateway? I have followed the page you reference as well, but I found this example to be a little easier to follow: Tutorial: Setting up E2E SSL - Application Gateway Ingress Controller

One of the main obstacles I had to overcome was a mic-exception that was leading to my ingress not receiving the external IP address associated to the application gateway. I found the following resource: Not able to install aad-pod-identity using helm · Issue #720 · Azure/aad-pod-identity · GitHub which led me to run: "kubectl apply -f
" then delete the 2 mic pods and redeploy gitlab. Things started to fall into place a bit more after this. Hope this helps!