当前位置: 首页 > 软件库 > 云计算 > 云原生 >

application-gateway-kubernetes-ingress

授权协议 MIT License
开发语言 Google Go
所属分类 云计算、 云原生
软件类型 开源软件
地区 不详
投 递 者 暴招
操作系统 跨平台
开源组织
适用人群 未知
 软件概览

Application Gateway Ingress Controller

Application Gateway Ingress Controller (AGIC) is a Kubernetes application, which makes it possible for Azure Kubernetes Service (AKS) customers to leverage Azure's native Application Gateway L7 load-balancer to expose cloud software to the Internet. AGIC monitors the Kubernetes cluster it is hosted on and continuously updates an App Gateway, so that selected services are exposed to the Internet.

The Ingress Controller runs in its own pod on the customer’s AKS. AGIC monitors a subset of Kubernetes Resources for changes. The state of the AKS cluster is translated to App Gateway specific configuration and applied to the Azure Resource Manager (ARM).

AGIC is configured via the Kubernetes Ingress resource, along with Service and Deployments/Pods. It provides a number of features, leveraging Azure’s native App Gateway L7 load balancer. To name a few:

  • URL routing
  • Cookie-based affinity
  • SSL termination
  • End-to-end SSL
  • Support for public, private, and hybrid web sites
  • Integrated web application firewall

Changelog

Blogs and talks

Setup

Usage

Tutorials: Refer to these to understand how you can expose an AKS service over HTTP or HTTPS, to the internet, using an Azure Application Gateway.

Features: List of all available AGIC features.

Annotations: The Kubernetes Ingress specification does not allow all features of Application Gateway to be exposed through the ingress resource. Therefore we have introduced application gateway ingress controller specific annotations to expose application gateway features through an ingress resource. Please refer to these to understand the various annotations supported by the ingress controller, and the corresponding features that can be turned on in the application gateway for a given annotation.

Helm Values Configuration Options: This document lists the various configuration options available through helm.

Upgrade/Rollback AGIC using helm: This documents explains how to upgrade/rollback AGIC helm installation.

How-tos

Troubleshooting

For troubleshooting, please refer to this guide.

Frequently asked questions

For FAQ, please refer to this guide.

Reporting Issues

The best way to report an issue is to create a Github Issue for the project. Please include the following information when creating the issue:

  • Subscription ID for AKS cluster.
  • Subscription ID for Application Gateway.
  • AKS cluster name/ARM Resource ID.
  • Application Gateway name/ARM Resource ID.
  • Ingress resource definition that might causing the problem.
  • The Helm configuration used to install the ingress controller.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to aContributor License Agreement (CLA) declaring that you have the right to, and actually do, grant usthe rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to providea CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructionsprovided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct.For more information see the Code of Conduct FAQ orcontact opencode@microsoft.com with any additional questions or comments.

  • 1. 准备 1.1 链路介绍 7 层转发链路: Client --> Nginx --> K8s Nginx Ingress 4 层转发链路: Client --> 公有云 SLB(或 F5、LVS、Haproxy 等)--> K8s Nginx Ingress 实际业务可能会串联更多层级的转发。例如 WAF、CDN、API Gateway 一般都是 7 层转发,LB、LVS 一般是 4 层 TC

  • 本文作者:ServiceMesher 社区成员沈旭光 本文重点为分析Istio Gateway以及VirtualService定义如何生成Istio Ingress Gateway的Envoy相关配置。 gateway定义用于配置在mesh边缘,到mesh的tcp和http的负载均衡。 非TLS单主机环境 相关拓扑 使用azure aks环境。 ingress gateway的service类型为

 相关资料
  • Janusec应用网关(Janusec Application Gateway)一款基于Golang打造的应用安全网关,具备WAF(Web应用防火墙)功能及组合策略配置,天然支持HTTPS(符合PCI-DSS认证要求),无需Agent,私钥加密存储在数据库,提供负载均衡和统一的Web化管理入口。 Web应用防火墙让防御更简单 Janusec应用网关中的WAF模块,拦截SQL注入, 跨站(XSS),

  • 我在azure中有下一个设置: 一个应用程序网关均衡器 网关后端池中的两个虚拟机。 在vms上部署了一个signalr应用程序。 问题: 当客户端(浏览器)将调用signalr hub服务器上的方法并且消息大小等于或grater时,我将收到70kb(在signalr客户端启用日志记录): 信号员:与websocket的不干净断开:[未给出原因]。信号员:关闭Websocket。 SignalR:清

  • 我正在开发一个微服务架构的项目。我有Spring cloud gateway,eureka service discovery和book microservice。当我在本地运行这些应用程序时,一切都正常。当我用docker compose运行这些程序时,仍然没有问题。但是当我将这些部署到kubernetes时,我在api网关上得到错误。当我向api网关上的/book发送get请求时,我得到了这个

  • 如果您没有遇到机房分区问题,请直接忽略此组件。 如果您已经遇到机房分区问题、并急需解决机房分区时监控数据回传的问题,请使用该组件。更多的资料在这里。

  • Gateway 为 rpcx services 提供了 http 网关服务. 你可以使用你熟悉的编程语言, 比如Java、Python、C#、Node.js、Php、C\C++、Rust等等来调用 rpcx 服务。查看一些编程语言实现的例子 。 这意味着,你可以不用实现 rpcx的协议,而是使用熟悉的 http 访问方式调用 rpcx 服务, 设置用curl、wget等命令行工具。 部署模型 使用

  • 如果您没有遇到机房分区问题,请直接忽略此组件。 如果您已经遇到机房分区问题、并急需解决机房分区时监控数据回传的问题,请使用该组件。更多的资料在这里。