Application Gateway Ingress Controller
Application Gateway Ingress Controller (AGIC) is a Kubernetes application, which makes it possible for Azure Kubernetes Service (AKS) customers to leverage Azure's native Application Gateway L7 load-balancer to expose cloud software to the Internet. AGIC monitors the Kubernetes cluster it is hosted on and continuously updates an App Gateway, so that selected services are exposed to the Internet.
The Ingress Controller runs in its own pod on the customer’s AKS. AGIC monitors a subset of Kubernetes Resources for changes. The state of the AKS cluster is translated to App Gateway specific configuration and applied to the Azure Resource Manager (ARM).
AGIC is configured via the Kubernetes Ingress resource, along with Service and Deployments/Pods. It provides a number of features, leveraging Azure’s native App Gateway L7 load balancer. To name a few:
- URL routing
- Cookie-based affinity
- SSL termination
- End-to-end SSL
- Support for public, private, and hybrid web sites
- Integrated web application firewall
Changelog
Blogs and talks
- Application Gateway Ingress Controller for Azure Kubernetes Service
- Ignite 2019 - AGIC GA announcement
Setup
-
Greenfield Deployment: Instructions on installing AGIC, AKS and App Gateway on blank-slate infrastructure.
-
Preview - Greenfield Deployment (Windows cluster): Instructions on installing AGIC, AKS and App Gateway on blank-slate infrastructure (running Windows Node Pool).
-
Brownfield Deployment: Install AGIC on an existing AKS and Application Gateway.
Usage
Tutorials: Refer to these to understand how you can expose an AKS service over HTTP or HTTPS, to the internet, using an Azure Application Gateway.
Features: List of all available AGIC features.
Annotations: The Kubernetes Ingress specification does not allow all features of Application Gateway to be exposed through the ingress resource. Therefore we have introduced application gateway ingress controller specific annotations to expose application gateway features through an ingress resource. Please refer to these to understand the various annotations supported by the ingress controller, and the corresponding features that can be turned on in the application gateway for a given annotation.
Helm Values Configuration Options: This document lists the various configuration options available through helm.
Upgrade/Rollback AGIC using helm: This documents explains how to upgrade/rollback AGIC helm installation.
How-tos
- Setup E2E SSL
- Network connectivity when using kubenet or different virtual networks
- Automate SSL Cert issuance and rotation with Let's Encrypt
- Expose a WebSocket server
- Automate DNS updates
- Upgrade AGIC via Helm
- Scale your Applications using Application Gateway Metrics (Beta)
- Continuous Deployment with AKS and AGIC using Azure Pipelines
- Minimizing Downtime During Deployments
- Increase AGIC verbosity level
Troubleshooting
For troubleshooting, please refer to this guide.
Frequently asked questions
For FAQ, please refer to this guide.
Reporting Issues
The best way to report an issue is to create a Github Issue for the project. Please include the following information when creating the issue:
- Subscription ID for AKS cluster.
- Subscription ID for Application Gateway.
- AKS cluster name/ARM Resource ID.
- Application Gateway name/ARM Resource ID.
- Ingress resource definition that might causing the problem.
- The Helm configuration used to install the ingress controller.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.