use application gateway to expose aks service over http/https
其實就是把application gateway 當一個ingress用,
1. 基本用法
怎麼用法,很簡單,指定ingress.class 就 可以
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: guestbook
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- http:
paths:
- backend:
serviceName: frontend
servicePort: 80
https的話也是先需要建一個secret, 類型要注意一下,是
kubernetes.io/tls
不然後的話mcr.microsoft.com/azure-application-gateway/kubernetes-ingress 這個image的pod會報錯。
2. 指定健康檢查信息
理論上來說,他是會自動獲取pod 裏面的container 的健康檢查信息,但是實測下來,在我們多containers環境下,他識別的還是有點問題的,後面通過github https://github.com/Azure/application-gateway-kubernetes-ingress ,發現最新版本1.4.0 裏面是支持指定健康檢查信息的,https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/annotations.md
Annotation Key Value Type Default Value Allowed Values Supported since
appgw.ingress.kubernetes.io/backend-path-prefix string nil 1.3.0
appgw.ingress.kubernetes.io/backend-hostname string nil 1.2.0
appgw.ingress.kubernetes.io/backend-protocol string http http, https 1.0.0
appgw.ingress.kubernetes.io/ssl-redirect bool false 1.0.0
appgw.ingress.kubernetes.io/appgw-ssl-certificate string nil 1.2.0
appgw.ingress.kubernetes.io/appgw-trusted-root-certificate string nil 1.2.0
appgw.ingress.kubernetes.io/connection-draining bool false 1.0.0
appgw.ingress.kubernetes.io/connection-draining-timeout int32 (seconds) 30 1.0.0
appgw.ingress.kubernetes.io/cookie-based-affinity bool false 1.0.0
appgw.ingress.kubernetes.io/request-timeout int32 (seconds) 30 1.0.0
appgw.ingress.kubernetes.io/override-frontend-port string 1.3.0
appgw.ingress.kubernetes.io/use-private-ip bool false 1.0.0
appgw.ingress.kubernetes.io/waf-policy-for-path string 1.3.0
appgw.ingress.kubernetes.io/health-probe-hostname string nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-port int32 nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-path string nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-status-codes []string nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-interval int32 nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-timeout int32 nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold int32 nil 1.4.0-rc1
一共支持這麼多種annotation ,也夠用了。健康檢查失敗的話,後面步驟都沒法進行下去,還不能在portal 上面改,pod會強刷掉。
看上去waf是appliction gateway的一個亮點,但是還沒怎麼使用不好多說。