Below are the steps to configure an Azure Application Gateway to replace a Spring Boot API Gateway in AKS (Azure Kubernetes Service)
1. Create an Azure Application Gateway:
- In the Azure portal, navigate to the desired resource group and click on "Add".
- Search for "Application Gateway" and select the appropriate option.
- Configure the required settings such as name, region, and SKU (size and capacity).
- Set up the networking settings, including the virtual network and subnet.
- Define the frontend IP configuration and ports to listen on.
2. Configure AKS Ingress Controller:
- Install and configure an Ingress Controller for AKS. Commonly used options include Nginx Ingress Controller or Azure Application Gateway Ingress Controller (AGIC).
- AGIC can be deployed as a Helm chart or using the Azure portal.
- Follow the official documentation to configure AGIC with the necessary RBAC permissions.
3. Define Ingress Resource:
- Create an Ingress resource in AKS to define the routing rules for your API gateway.
- Specify the rules for routing traffic to your Spring Boot services.
- Set annotations to indicate that the Ingress should use the Azure Application Gateway as the ingress controller.
- Configure backend services and paths to map to your Spring Boot services.
4. SSL/TLS Termination (Optional):
- If you want to terminate SSL/TLS at the Application Gateway, configure the SSL certificate.
- Upload or reference the SSL certificate to secure the communication between clients and the gateway.
5. Configure DNS (Optional):
- Update your DNS settings to point the desired domain or subdomain to the Application Gateway's public IP address.
6. Test and Validate:
- Test the configuration by sending requests to the configured endpoints and validating the responses.
- Monitor the Application Gateway's metrics and logs to ensure proper functioning and performance.
By following these steps, you can configure an Azure Application Gateway to replace a Spring Boot API Gateway in AKS. The Application Gateway will act as the ingress controller, handling the routing of traffic to your Spring Boot services deployed in AKS.
Create Azure AGW, install AGIC and install WAF on AGW in Azure use below code,
## Step 1
#Setup APGW
az network public-ip create -n myPublicIp -g myResourceGroup --allocation-method Static --sku Standard
az network vnet create -n myVnet -g myResourceGroup --address-prefix 10.0.0.0/16 --subnet-name mySubnet --subnet-prefix 10.0.0.0/24
az network application-gateway create -n myApplicationGateway -l eastus -g myResourceGroup --sku Standard_v2 --public-ip-address myPublicIp --vnet-name myVnet --subnet mySubnet --priority 100
#Enable AGIC Addon in existing AKS
appgwId=$(az network application-gateway show -n myApplicationGateway -g myResourceGroup -o tsv --query "id")
az aks enable-addons -n myCluster -g myResourceGroup -a ingress-appgw --appgw-id $appgwId
======================================================================================
## Step 2
# Create certificate secrete in AKS
---
Kubectl create secret tls test-aks-certificate-01 \
--namespace testnanespace \
--key server.key \
--cert server.crt
====================================================================================
## Step 3
#Setup Azure application gateway as ingress controller for AKS
# this ingress will AKS connect to AGW
Example Yaml for configure ingress and use it:
service1, service2 and service3 is the name of AKS backend services which are being taken care by ingress and /service1 /service2 /service3 is the value in url path.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: test-aks-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
#appgw.ingress.kubernetes.io/backend-protocol: https
appgw.ingress.kubernetes.io/backend-protocol: http
nginx.ingress.kubernetes.io/ssl-redirect: "false"
#appgw.ingress.kubernetes.io/ssl-redirect: "true"
#appgw.ingress.kubernetes.io/ssl-cert: "test-aks-certificate-01"
#appgw.ingress.kubernetes.io/waf-policy-id: "test-waf-policy-01"
spec:
rules:
- host: example.com #Replace dns of host url
http:
paths:
- path: /service1
backend:
serviceName: service1
servicePort: 8080
- path: /service2
backend:
serviceName: service2
servicePort: 8081
- path: /config
backend:
serviceName: config
servicePort: 8082
- path: /service3
backend:
serviceName: service3
servicePort: 8088