Image: https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-overview
Some explanation from Azure:
The Application Gateway Ingress Controller (AGIC) is a Kubernetes application, which makes it possible for Azure Kubernetes Service (AKS) customers to leverage Azure’s native Application Gateway L7 load-balancer to expose cloud software to the Internet.
AGIC helps eliminate the need to have another load balancer/public IP in front of the AKS cluster and avoids multiple hops in your datapath before requests reach the AKS cluster. Application Gateway talks to pods using their private IP directly and does not require NodePort or KubeProxy services. This also brings better performance to your deployments.
Ok, let’s start the lab now.
Due to the reason that AGIC is still in preview, so we need to do some configuration first. Start with registering the preview add-on, then refresh the registration of Microsoft.ContainerService resource.
az feature register --name AKS-IngressApplicationGatewayAddon --namespace microsoft.containerservice
az feature list -o table | grep ApplicationGatewayAddon
az provider register --namespace Microsoft.ContainerService
Now, since I already have an AKS cluster, I have to create AGIC and Application Gateway and integrate them with AKS next. First by creating an IP address, follow by creating a dedicated subnet for A.G, lasting creating A.G.
Pay attention that AGIC only supports v2 SKUs.
az network public-ip create -n ystaksagicip -g ystakslab --allocation-method Static --sku Standard
az network vnet subnet create -n agic --vnet-name ystakslab-vnet -g ystakslab --address-prefixes 10.242.0.0/16
az network application-gateway create -n ystaksagicip -l japaneast -g ystakslab--sku Standard_v2 --public-ip-address ystaksagicip --vnet-name ystakslab-vnet --subnet agic
It takes about five minutes to provision A.G.
Next we need to enable AGIC add-on in our AKS with the A.G just created.
appgwId=$(az network application-gateway show -n ystaksagicip -g ystakslab -o tsv --query “id”)
az aks enable-addons -n ystakslab -g ystakslab -a ingress-appgw --appgw-id $appgwId
Configure a DNS record for A.G IP. I have a domain hosted in Azure DNS so I setup as below
Finally, everything is setup and we can create resources to verify if everything is setup correctly by using yaml file below.
Please remember to change your FQDN at line 47.
kubectl apply -f nginx-ingress.yaml
Resources have been created successfully.
We can also check that if an ingress resource has been provisioned.
Finally, let’s open browser to verify if the FQDN works.
Lastly, clean up all provisioned resource.
And that’s it!
