Sometimes, a basic NGINX load balancer might not meet your specific requirements, which is where an application gateway becomes valuable.
By default, Azure Kubernetes Service (AKS) includes a simple Azure Load Balancer named “AGIC.”
The Application Gateway Ingress Controller (AGIC) is a Kubernetes application that allows AKS to utilize an Application Gateway for exposing applications to the internet.
What is an Application Gateway?
Azure Application Gateway functions as a web traffic load balancer, offering precise traffic management for web applications. In contrast to traditional load balancers, which operate at the transport layer (OSI layer 4) and route traffic based on source IP addresses and ports, Application Gateway can make routing decisions based on additional attributes of an HTTP request, such as the URI path or host headers. Additionally, Application Gateway supports autoscaling, allowing you to set options like minimum and maximum instances counts.
What is Azure Load Balancer?
Azure Load Balancer acts as the single entry point for clients, operating at OSI layer 4. It distributes incoming traffic arriving at the load balancer’s front end to backend pool instances. For AKS, it balances the load across all nodes in AKS node pools, redirecting traffic to the pods. To enable traffic to reach the pods, they need to be added to the load balancer’s backend pool.
Application Gateway : Which One to Choose?
The choice between Application Gateway and Azure Load Balancer depends on various factors. If you need scalability, require certificate management, or need to route traffic based on URI paths, Application Gateway is a suitable choice. However, if you simply need load balancing without certificates and rely on public or private IP addresses, Azure Load Balancer is a cost-effective option that might align with your requirements.
In the upcoming sections, we’ll explore how to create an AKS cluster with an Application Gateway using both Azure CLI and Terraform.
Creating the AKS With Application Gateway Ingress Controller (AGIC) using Azure CLI
Ensure you have Azure CLI installed on your system. You can log in to the Azure portal with the command az login. The code for creating the AKS cluster with an Application Gateway looks like this:
# Create a resource group
az group create --name myResourceGroup --location eastus
# Create the AKS cluster with an Application Gateway
az aks create --resource-group myResourceGroup --name myAKSCluster --enable-addons ingress-appgw --appgw-subnet-cidr 10.0.0.0/25
This command creates both the Application Gateway and the AKS cluster, linking them together.
Creating the AKS With Application Gateway Ingress Controller (AGIC) using Terraform
The following Terraform code is used to deploy an AKS cluster with AGIC:
# Configure the Microsoft Azure Provider
provider "azurerm" {
features {}
}
#Variables that will be used more than once
locals {
location = "eastus"
prefix = "appgwTest"
}
resource "azurerm_resource_group" "main" {
name = "${local.prefix}-rg"
location = local.location
}
resource "azurerm_kubernetes_cluster" "example" {
name = "${local.prefix}-aks"
location = "eastus"
resource_group_name = azurerm_resource_group.main.name
dns_prefix = "${local.prefix}-dns"
node_resource_group = "${local.prefix}-AKS-BackEnd"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
addon_profile {
ingress_application_gateway {
enabled = true
gateway_name = "${local.prefix}-appgw"
subnet_cidr = "10.2.0.0/16"
}
http_application_routing {
enabled = "false"
}
}
}
Navigate to the directory where you saved the Terraform configuration file and execute the following Terraform commands:
In this Terraform code, you specify that you want the AKS cluster to create an Application Gateway and link them together.
Terraform init #Initialize Terraform modules
Terraform validate #Validate if the file is syntactically correct
terraform plan # Plan the deployment and show what resources will be created
terraform apply #Start creating the resources
These steps ensure that both Azure CLI and Terraform can be used to create an AKS cluster with AGIC and the necessary infrastructure components.
Testing the Ingress Controller
To verify that the deployments worked, you can use a sample application here ( I deployed Grafana application ).
To deploy the sample application , follow the below steps :
1-Add the Azure Samples chart repository.helm repo add azure-samples https://azure-samples.github.io/helm-charts/
2-Install the chart.helm install azure-samples/azure-vote –generate-name
After deploying the application, you can test it by accessing the public IP address provided by the Application Gateway.
These steps conclude the successful configuration of your Application Gateway Ingress Controller.
However, before testing this setup, one additional step is required. We need to create the AGIC (Application Gateway Ingress Controller) deployment, which will run within a pod. This step ensures that we can effectively utilize the application gateway to route traffic to our AKS cluster. Let’s explore how to accomplish this:
- We specified that we are creating an ingress within the AKS cluster.
- The class of this ingress is defined on line 06, specifying which controller to use.
- We created a random address that will point to the public IP of the Application Gateway (we will configure this address later).
- We specified the service name and the port on which the service is running. To find the relevant service, you can navigate to the “Services and Ingresses” section in your Kubernetes cluster’s management interface.
These steps ensure that the AGIC deployment is correctly configured and ready to route traffic through the Application Gateway to your AKS cluster.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: appgw
annotations:
kubernetes.io/ingress.class: azure/application-gateway
nginx.ingress.kubernetes.io/proxy-buffer-size: "32k"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: grafana.devopstreet.com
http:
paths:
- path: /
backend:
serviceName: azure-vote-front
servicePort: 80
After you apply this ingress manifest with this command kubectl apply -f .\ingress.yaml , you can visit you azure portal and pick the Public IP ( sorry I had to hide it ).
Copy the public ip and add it to your hosts file
C:\windows\system32\drivers\etc\hosts
Save the file and browse that address
With these steps completed, your AGIC (Application Gateway Ingress Controller) is now correctly configured, and your test has concluded successfully!
In Conclusion:
In this post, you have gained insights into deploying AGIC for your AKS cluster, a valuable setup, particularly in scalable environments like production. You have also learned how to deploy it using two different methods: through Azure CLI or Terraform.
If you have any questions or found this information helpful, please feel free to share your thoughts in the comments. Your feedback is highly appreciated.