Exercise Overview: External Application Gateway Ingress Controller Setup. This exercise guides participants through the process of setting up an Azure Kubernetes Service (AKS) cluster with an Application Gateway Ingress Controller, facilitating external access to applications.
- Azure Kubernetes Service (AKS) Cluster (Perform steps 1 to 4 if not already running)
- Application Gateway V2 + Public IP
Solution
Creates an Azure Resource Group for organizing and managing resources.
az group create --location westeurope --resource-group demo-weu-rgGenerates SSH RSA keys for secure communication.
ssh-keygen -t rsaDeploys an AKS cluster with specified configurations.
az aks create \
--location westeurope \
--subscription <Your-Subscription-ID> \
--resource-group demo-weu-rg \
--name <Your-AKS-Cluster-Name> \
--ssh-key-value $HOME/.ssh/id_rsa.pub \
--network-plugin kubenet \
--load-balancer-sku standard \
--outbound-type loadBalancer \
--node-vm-size Standard_B2s \
--node-count 1 \
--tags 'ENV=Demo' 'OWNER=Corporation Inc.'Retrieves and merges the AKS cluster's kubeconfig into the local environment.
az aks get-credentials \
--resource-group demo-weu-rg \
--name <Your-AKS-Cluster-Name> \
--adminCreates an Application Gateway with a dedicated VNET, subnet, and public IP address.
az network vnet create \
--name myVNet \
--resource-group demo-weu-rg \
--location westeurope \
--address-prefix 10.21.0.0/16 \
--subnet-name myAGSubnet \
--subnet-prefix 10.21.0.0/24
az network vnet subnet create \
--name myBackendSubnet \
--resource-group demo-weu-rg \
--vnet-name myVNet \
--address-prefix 10.21.1.0/24
az network public-ip create \
--resource-group demo-weu-rg \
--name myAGPublicIPAddress \
--allocation-method Static \
--sku Standard
az network application-gateway create --resource-group demo-weu-rg --name AGW1 --vnet-name MyVNet --subnet myAGSubnet --public-ip-address myAGPublicIPAddress --sku Standard_v2 --capacity 1 --frontend-port 80 --http-settings-port 80 --priority 1000 Enables the Ingress Application Gateway add-on for AKS and associates it with the created Application Gateway.
az aks enable-addons -n <Your-AKS-Cluster-Name> -g demo-weu-rg -a ingress-appgw --appgw-id "/subscriptions/<Your-Subscription-ID>/resourceGroups/demo-weu-rg/providers/Microsoft.Network/applicationGateways/AGW1"Establishes VNet peering between the Application Gateway VNet and the AKS-managed VNet, allowing traffic flow.
First, get the AKS VNet ID:
AKS_VNET_ID=$(az network vnet list --query "[?contains(name, 'aks-vnet') && contains(resourceGroup, 'MC_demo-weu-rg')].[id]" -o tsv)Then, get your App Gateway VNet name:
APPGW_VNET_ID=$(az network vnet show -n myVNet -g demo-weu-rg --query id -o tsv)Now create peering from AppGW to AKS:
az network vnet peering create \
--name AppGWToAKS \
--resource-group demo-weu-rg \
--vnet-name myVNet \
--remote-vnet "$AKS_VNET_ID" \
--allow-vnet-accessAnd peering from AKS to AppGW (use the autogenerated resource group):
AKS_RG=$(az aks show -g demo-weu-rg -n <Your-AKS-Cluster-Name> --query nodeResourceGroup -o tsv)
az network vnet peering create \
--name AKSToAppGW \
--resource-group "$AKS_RG" \
--vnet-name $(basename "$AKS_VNET_ID") \
--remote-vnet "$APPGW_VNET_ID" \
--allow-vnet-accessDeploys a sample application on the AKS cluster.
kubectl apply -f https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/master/docs/examples/aspnetapp.yaml- Log in to the Azure portal, go to Application Gateway, and check resources after deploying the application.
Deletes the resource group and associated resources.
az group delete -n demo-weu-rg --yes --no-wait