My configuration keeps failing. we are deploying a custom appfoundry integration to a BYOC edge cluster in us-west-2. the api gateway returns a 502 bad gateway when calling the internal health check endpoint. the k8s pods are running, and the oauth tokens look valid. using genesys cloud sdk v2.1.0. has anyone seen this specific timeout issue with the edge load balancer recently?
This looks like a mismatch between the health check path and the actual application root. The edge proxy expects the status endpoint to be exposed at the root level, not nested under /api.
{
"error": "upstream connect error or disconnect/reset before headers. reset reason: connection failure",
"source": "istio-proxy"
}
Check that the AppFoundry container exposes /health on port 8080 and that the Ingress resource maps / directly to it.
How I usually solve this is by verifying the ingress controller routing rules in the Kubernetes manifest. The suggestion above is correct about the path mismatch, but the 502 often persists because the Envoy sidecar cannot resolve the internal service DNS before the health check timeout expires. Add a startup probe with a longer initial delay to allow the sidecar to initialize properly.
startupProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 15
periodSeconds: 5
failureThreshold: 10
Also check the istio-proxy logs for connection refused errors. If the app binds to 127.0.0.1 instead of 0.0.0.0, the sidecar cannot reach the backend. Ensure the container listens on all interfaces. This configuration worked for our recent AppFoundry deployment in us-west-2 using the GC CLI for infrastructure promotion.