- Prerequisites
- Deploy
guestbook
application - Expose services over HTTP
- Expose services over HTTPS
- Inegrate with other services
These tutorials help illustrate the usage of Kubernetes Ingress Resources to expose an example Kubernetes service through the Azure Application Gateway over HTTP or HTTPS.
- Installed
ingress-azure
helm chart. Please refer to the installation instructions to install the Azure Application Gateway Ingress controller on your AKS cluster.f - If you want to use HTTPS on this application, you will need a x509 certificate and its private key.
The guestbook application is a cannoical Kubernetes application that composes of a Web UI frontend, a backend and a Redis database. By default, guestbook
exposes its application through a service with name frontend
on port 80
. Without a Kubernetes Ingress Resource the service is not accessible from outside the AKS cluster. We will use the application and setup Ingress Resources to access the application through HTTP and HTTPS.
Follow the instructions below to deploy the guestbook application.
-
Download
guestbook-all-in-one.yaml
from here -
Deploy
guestbook-all-in-one.yaml
into your AKS cluster by runningkubectl apply -f guestbook-all-in-one.yaml
Now, the guestbook
application has been deployed.
In order to expose the guestbook application we will using the following ingress resource:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: guestbook
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- http:
paths:
- backend:
serviceName: frontend
servicePort: 80
This ingress will expose the frontend
service of the guestbook-all-in-one
deployment
as a default backend of the Application Gateway.
Save the above ingress resource as ing-guestbook.yaml
.
-
Deploy
ing-guestbook.yaml
by runningkubectl apply -f ing-guestbook.yaml
-
Check the log of the ingress controller for deployment status.
Now the guestbook
application should be available. You can check this by visiting the
public address of the Application Gateway.
Without specifying hostname, the guestbook service will be availble on all the hostnames pointing to the application gateway.
-
Before deploying ingress, you need to create a kubernetes secret to host the certificate and private key. You can create a kubernetes secret by running
kubectl create secret tls <guestbook-secret-name> --key <path-to-key> --cert <path-to-cert>
-
Define the following ingress. In the ingress, specify the name of the secret in the
secretName
section.apiVersion: extensions/v1beta1 kind: Ingress metadata: name: guestbook annotations: kubernetes.io/ingress.class: azure/application-gateway spec: tls: - secretName: <guestbook-secret-name> rules: - http: paths: - backend: serviceName: frontend servicePort: 80
NOTE: Replace
<guestbook-secret-name>
in the above Ingress Resource with the name of your secret.Store the above Ingress Resource in a file name
ing-guestbook-tls.yaml
. -
Deploy ing-guestbook-tls.yaml by running
kubectl apply -f ing-guestbook-tls.yaml
-
Check the log of the ingress controller for deployment status.
Now the guestbook
application will be availble on both HTTP and HTTPS.
You can also sepcify the hostname on the ingress in order to multiplex TLS configurations and services. By specifying hostname, the guestbook service will only be availble on the specified host.
-
Define the following ingress. In the ingress, specify the name of the secret in the
secretName
section and replace the hostname in thehosts
section accordingly.
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: guestbook annotations: kubernetes.io/ingress.class: azure/application-gateway spec: tls: - hosts: - <guestbook.contoso.com> secretName: rules: - host: <guestbook.contoso.com> http: paths: - backend: serviceName: frontend servicePort: 80 ```
-
Deploy
ing-guestbook-tls-sni.yaml
by runningkubectl apply -f ing-guestbook-tls-sni.yaml
-
Check the log of the ingress controller for deployment status.
Now the guestbook
application will be availble on both HTTP and HTTPS only on the specified host (<guestbook.contoso.com>
in this example).
The following ingress will allow you to add additional paths into this ingress and redirect those paths to other services:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: guestbook
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- http:
paths:
- path: </other/*>
backend:
serviceName: <other-service>
servicePort: 80
- backend:
serviceName: frontend
servicePort: 80