Application Gateway Ingress Controller

Application Gateway Ingress Controller (AGIC) is a Kubernetes application, which makes it possible for Azure Kubernetes Service (AKS) customers to leverage Azure's native Application Gateway L7 load-balancer to expose cloud software to the Internet. AGIC monitors the Kubernetes cluster it is hosted on and continuously updates an App Gateway, so that selected services are exposed to the Internet.

The Ingress Controller runs in its own pod on the customer’s AKS. AGIC monitors a subset of Kubernetes Resources for changes. The state of the AKS cluster is translated to App Gateway specific configuration and applied to the Azure Resource Manager (ARM).

AGIC is configured via the Kubernetes Ingress resource, along with Service and Deployments/Pods. It provides a number of features, leveraging Azure’s native App Gateway L7 load balancer. To name a few:

• URL routing
• Cookie-based affinity
• SSL termination
• End-to-end SSL
• Support for public, private, and hybrid web sites
• Integrated web application firewall

Changelog

• Release Notes, Fixes and Known issues

Blogs and talks

• Application Gateway Ingress Controller for Azure Kubernetes Service
• Ignite 2019 - AGIC GA announcement

Setup

• Greenfield Deployment: Instructions on installing AGIC, AKS and App Gateway onblank-slate infrastructure.

• Preview - Greenfield Deployment (Windows cluster): Instructions on installing AGIC, AKS and App Gateway onblank-slate infrastructure (running Windows Node Pool).

• Brownfield Deployment: Install AGIC on an existing AKS and Application Gateway.

Usage

Tutorials: Refer to these to understand how you can expose an AKS service over HTTP or HTTPS, to the internet, using an Azure Application Gateway.

Features: List of all available AGIC features.

Annotations: The Kubernetes Ingress specification does not allow all features of Application Gateway to be exposed through the ingress resource. Therefore we have introduced application gateway ingress controller specific annotations to expose application gateway features through an ingress resource. Please refer to these to understand the various annotations supported by the ingress controller, and the corresponding features that can be turned on in the application gateway for a given annotation.

Helm Values Configuration Options: This document lists the various configuration options available through helm.

Upgrade/Rollback AGIC using helm: This documents explains how to upgrade/rollback AGIC helm installation.

How-tos

• Setup E2E SSL
• Network connectivity when using kubenet or different virtual networks
• Automate SSL Cert issuance and rotation with Let's Encrypt
• Expose a WebSocket server
• Automate DNS updates
• Upgrade AGIC via Helm
• Scale your Applications using Application Gateway Metrics (Beta)
• Continuous Deployment with AKS and AGIC using Azure Pipelines
• Minimizing Downtime During Deployments
• Increase AGIC verbosity level

Troubleshooting

For troubleshooting, please refer to this guide.

Frequently asked questions

For FAQ, please refer to this guide.

Reporting Issues

The best way to report an issue is to create a Github Issue for the project. Please include the following information when creating the issue:

• Subscription ID for AKS cluster.
• Subscription ID for Application Gateway.
• AKS cluster name/ARM Resource ID.
• Application Gateway name/ARM Resource ID.
• Ingress resource definition that might causing the problem.
• The Helm configuration used to install the ingress controller.

Contributing

• Developer Guide
• Installing the latest nightly build

This project welcomes contributions and suggestions. Most contributions require you to agree to aContributor License Agreement (CLA) declaring that you have the right to, and actually do, grant usthe rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to providea CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructionsprovided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct.For more information see the Code of Conduct FAQ orcontact opencode@microsoft.com with any additional questions or comments.