Share the love

Azure Application Gateway Ingress Controller (AGIC) is a Kubernetes ingress controller that allows you to route external traffic to Kubernetes services using an Azure Application Gateway. This guide will walk you through the steps needed to set up AGIC and troubleshoot any issues that may arise.

Prerequisites:

  • A Kubernetes cluster running on Azure
  • An Azure Application Gateway
  • Azure CLI and kubectl installed on your local machine

Step 1: Install AGIC

To install AGIC, you will first need to create an Azure AD service principal and assign the necessary roles to it. Run the following command to create the service principal:

az ad sp create-for-rbac --name myAGICServicePrincipal --skip-assignment

Next, assign the Network Contributor role to the service principal on the resource group containing your Application Gateway:

az role assignment create --role "Network Contributor" --assignee <appId> --resource-group myResourceGroup

Then, you can deploy it using a helm chart. Run the following command to install it in the ingress-basic namespace:

helm install ingress-basic stable/azure-application-gateway-ingress-controller -n ingress-basic --set appgw.name=myAppGateway --set appgw.resourceGroup=myResourceGroup --set appgw.subscriptionId=mySubscriptionId --set appgw.shared=false --set appgw.subnetName=mySubnet --set servicePrincipal.clientId=<appId> --set servicePrincipal.clientSecret=<password>

Step 2: Create a Kubernetes service

Create a Kubernetes service that will be used as the backend for your ingress. The service should have the appgw-backend-pool annotation set to the name of the backend pool in your Application Gateway.

Step 3: Create an ingress resource

Create an ingress resource that routes external traffic to the backend service created in step 2. The ingress should have the appgw-ingress annotation set to the name of the Application Gateway.

Step 4: Verify AGIC is working

To verify AGIC is working properly, you can check the status of the its pod in the Kubernetes cluster. You can use the following command to check the status of the AGIC pod:

kubectl get pods -n ingress-basic

You should see the AGIC pod in the running state.

Another way to verify it is working properly is to check the backend pool of the application gateway. You can use the Azure Portal or Azure CLI to check the backend pool. In the Azure Portal, navigate to the application gateway, select the backend pool, and then check the number of active instances. The number of active instances should match the number of pods in the Kubernetes cluster.

In addition to checking the status of the AGIC pod and the backend pool, you can also check the access logs of the application gateway. The access logs will show the requests coming from the ingress controller and the responses from the backend service. You can use the Azure Portal or Azure CLI to check the access logs.

Dos

  • Make sure to have a valid SSL certificate for your domain
  • Use the latest version of AGIC
  • Verify AGIC is working properly by checking the status of the AGIC pod, backend pool and access logs

Don’ts

  • Don’t use a self-signed SSL certificate
  • Don’t use an old version , as it may have known issues
  • Don’t ignore checking the status of the AGIC pod, backend pool and access logs, as it may lead to potential issues with your ingress controller.

If you’re facing issues with AGIC, check out AGIC Not Working: Common Things to Check.

In conclusion, Azure Application Gateway Ingress Controller is a powerful tool for managing ingress traffic in a Kubernetes cluster on Azure. By following the steps outlined in this guide and adhering to the Dos and Don’ts, you can set up and troubleshoot AGIC with ease. It provides a lot of features for managing ingress traffic such as SSL offloading, Web Application Firewall, and URL-based routing. It allows you to easily scale your Kubernetes cluster and manage ingress traffic in a more efficient way.