Creating an AKS Cluster With Application Gateway (AGIC)
There are times where a simple NGINX load balancer is not enough for our needs, and that’s where an application gateway comes into play. By default AKS comes with a simple Azure Load Balancer that will have the name of “kubernetes”.
Application Gateway Ingress Controller (AGIC) is a Kubernetes application, which makes it possible for Azure Kubernetes Service (AKS) to use Application Gateway to expose applications to the Internet.
What is an Application Gateway?
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 — TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.
Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers.
Application gateway can also perform autoscaling if the traffic increases. You can set options such as minimum and maximum instances count.
What is Azure Load Balancer?
It’s the single point of contact for clients. Azure Load Balancer operates at layer 4 of the OSI model. Load balancer distributes inbound traffic that arrive at the load balancer’s front end to backend pool instances.
For AKS however, it will balance the load across all the nodes in AKS node pools, and they will re-direct the traffic to the pods. Note that you have to add them in the backend pool of the load balancer for the traffic to be able to reach them.
Which one Should I use?
It depends. Are you going to have a scalable application? Maybe you need to deal with certificates?How about having to route traffic based on the URI path? Then you should go with Application Gateway.
If you want to simply balance the load between the vms without the need of certificates, just a public or private ip address, then you should definitely go with Azure load balancer, because it’s cheaper than Application Gateway and it may fit your needs.
In the next sections, we will review how to create AKS cluster with application gateway using both Azure CLI and Terraform.
Creating the AKS With Application Gateway Ingress Controller(AGIC) using Azure CLI
Make sure you have Azure CLI installed on your machine.
Here we are going to set Application Gateway to be used as the AKS cluster ingress controller. An Ingress controller is a specialized load balancer for Kubernetes (and other containerized) environments. An Ingress controller abstracts the complexity of Kubernetes application traffic routing and provides a bridge between Kubernetes services and external ones.
Make sure you are logged in the portal using:
az loginThe code will be as follow:
Where on line 7, we will be creating a resource group, and then on line 11 we will create the AKS cluster itself. Note here how easy it is to provision it, you don’t even have to create the application gateway in a separate command, this CLI command will create the application gateway, the AKS cluster and link them together.
Creating the AKS With Application Gateway Ingress Controller(AGIC) using Terraform
The following Terraform code will be used to deploy the AKS with AGIC:
On line 36 is where you are saying that you want this AKS cluster to create an application gateway and link them together.
Go to the folder where you saved this file and run the following Terraform commands:
Terraform init #Initialize Terraform modules
Terraform validate #Validate if the file is syntactically correct
terraform plan # Plan the deployment and show what resources will be created
terraform apply #Start creating the resources
Testing the Ingress Controller
To make sure that both deployments worked, we will be using the following sample application to run in AKS and we will try to connect to it:
Go to your portal and find your cluster. Go to overview >> Connect and copy the second command, then run on a Powershell session:
Add the Azure Samples chart repository.
helm repo add azure-samples https://azure-samples.github.io/helm-charts/Install the chart.
helm install azure-samples/azure-vote --generate-name
If we go the portal again, we will see that the deployments were created:
But there’s one more step to be done before testing it. We have to create the AGIC deployment that will run in a pod as well, to make sure that we can use the application gateway to route traffic to AKS, let’s see how this can be done:
On line 02, we are specifying that we are creating an ingress in AKS;
The class of this ingress will be specified on line 06;
On line 10 we are creating a random address to point to the public IP of the application gateway ( we will see it later);
on line 17 and 18 we will specify the service name and the port that the service is running. To find the service, go to services and ingresses:
If you want to have more annotation options on this file, you can refer to this page:
But the file above is more than enough for our purpose here. After having the file, save it as a .yaml file and apply it to the cluster:
kubectl apply -f .\ingress.yaml
Now go to services and ingresses again, select ingresses tab, and you’ll be able to see the address that you have configured in the file above, as well as the app gateway’s public ip:
Copy the public ip and add it to your hosts file:
notepad C:\windows\system32\drivers\etc\hosts
Save the file and browse that address:
And that concludes our test, you have configured your application gateway ingress controller correctly!
Wrap Up
In this post you have learned how to deploy AGIC for your AKS cluster. This is especially useful when you have an environment that needs to be scalable such as a production environment. You also have seen how to deploy it through 02 different methods, either using Azure CLI or Terraform.
If you have any questions or even if you liked it, let me know in the comments.
Happy Studying!
