Apisix OpenShift Deployment Note (HTTPS Not Reachable)

Issue: Apisix OpenShift Deployment Note (HTTPS Not Reachable)

If you are deploying APISIX on OpenShift and encounter issues with it not being reachable over HTTPS, ensure that the NetworkPolicy allows traffic to port 9443.

Verification

To verify the current NetworkPolicy configuration, run the following command, replacing $NAMESPACE with your OpenShift project's namespace:

kubectl -n $NAMESPACE get networkpolicy apisix-control-plane -o yaml

You should expect to see an output similar to this, with port 9443 included in the ingress rules:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: apisix-control-plane
  # ... (other metadata)
spec:
  ingress:
    - ports:
        - port: 9180
          protocol: TCP
        - port: 9280
          protocol: TCP
        - port: 9090
          protocol: TCP
        - port: 9099
          protocol: TCP
        # ✅ Ensure this is also included:
        - port: 9443
          protocol: TCP
  # ... (other spec details)
  policyTypes:
    - Ingress
    - Egress

Resolution

If port 9443 is missing from the ingress section of the apisix-control-plane NetworkPolicy, you must edit the policy to include it. Without this port open, APISIX will not be reachable over HTTPS.
Use a Custom HTTPS Port
If you prefer to expose APISIX on a different HTTPS port (other than 9443 or 443), you must make this change in two places:
1. In the APISIX Helm chart’s values.yaml, set the desired port under the HTTPS gateway configuration.
2. In the Agentic AI Builder's Helm values.yaml, set the same port under:
```
yamlCopyEdit
```
```
uno:
  agenticAIBuilder:
    common:
      apisix:
        httpsGatewayPort: <your-custom-port>
```
  Ensure both values match to allow successful connectivity.