AKS with Application Gateway Ingress Controller

Exto comes with NGNIX Ingress controller. If you need to use application gateway integration controller instead of NGINX follow this guide

There are 2 ways in which you can proceed with application gateway(in short app gateway / appgw).

Create AKS cluster with application gateway ingress controller
Add application gateway ingress controller

Lets see about setting up new cluster with app gateway. It is recommended and best practice to create separate vnet and subnet for application gateway. Below script will create new AKS cluster with new appgw attached to existing vnet of its own.

APP_GW_SUBNET_ID=$(az network vnet subnet show --resource-group ex-tst --vnet-name ex-test-ag-vnet --name=ex-test1-ag-subnet -o tsv --query "id")

AKS_SUBNET_ID=$(az network vnet subnet show --resource-group ex-tst --vnet-name ex-test-aks-vnet --name=ex-test1-aks-subnet -o tsv --query "id")

az aks create --name ex-pri-stg `
              --resource-group ex-tst `
              --load-balancer-sku standard `
              --node-count 1 `
              --vnet-subnet-id $AKS_SUBNET_ID `
              --docker-bridge-address 172.17.0.1/16 `
              --dns-service-ip 10.2.0.10 `
              --service-cidr 10.2.0.0/24 `
              --network-plugin kubenet `
              --enable-managed-identity `
              --assign-identity "/subscriptions/<subscription id>/resourceGroups/ex-tst/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aks-mi" `
              -a ingress-appgw `
              --appgw-name ex-pri-ag-test-1 `
              --appgw-subnet-id $APP_GW_SUBNET_ID
              --node-vm-size Standard_D2s3 `
              --generate-ssh-keys `
              --enable-private-cluster

In order to add existing application gateway to existing AKS cluster follow the below steps

appgwId=$(az network application-gateway show -n ex-test-ag1 -g ex-tst -o tsv --query "id")

az aks enable-addons -n ex-tst-stg -g ex-tst -a ingress-appgw --appgw-id $appgwId

Here is the ingress controller yaml definition for application gateway in K8s v1.19.x and app gateway v1.4.0

appgw-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/backend-path-prefix: "/"
  name: ex-tst-staging-appgw-ingress
  namespace: tst-staging
spec:
  rules:
    - http:
        paths:
          - path: /api/*
            pathType: Prefix
            backend:
              service:
                name: ex-tst-staging-api-svc
                port:
                  number: 80
          - path: /dashboard/*
            pathType: Prefix
            backend:
              service:
                name: ex-tst-staging-dashboard-ui-svc
                port:
                  number: 80
          - path: /node/*
            pathType: Prefix
            backend:
              service:
                name: ex-tst-staging-nodejs-svc
                port:
                  number: 80
          - path: /
            pathType: Prefix
            backend:
              service:
                name: ex-tst-staging-web-svc
                port:
                  number: 80

Note:

ex-tst is helm chart release name. So, replace it as per the helm chart release name you specified in this step.
Disable ingress controller in exto helm chart installation

URLs ends with /* except the web svc is important. Ref: https://github.com/Azure/application-gateway-kubernetes-ingress/pull/1252/commits/cc2352bdeaef92a3a62d0d2ab55cc33b8dc0006f

Finally apply the ingress in AKS

kubectl apply -f appgw-ingress.yaml

This completes the guide. Now app gateway should be serving the exto traffic

PreviousAKS to use existing storage account NextAKS Private Cluster

Last updated 4 years ago