use application gateway to expose aks service over http/https

use application gateway to expose aks service over http/https

其實就是把application gateway 當一個ingress用，

https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-expose-service-over-http-https

https://raw.githubusercontent.com/kubernetes/examples/master/guestbook/all-in-one/guestbook-all-in-one.yaml

1. 基本用法

怎麼用法，很簡單，指定ingress.class 就 可以

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: guestbook
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: frontend
          servicePort: 80

https的話也是先需要建一個secret, 類型要注意一下，是

kubernetes.io/tls

不然後的話mcr.microsoft.com/azure-application-gateway/kubernetes-ingress 這個image的pod會報錯。

2. 指定健康檢查信息

理論上來說，他是會自動獲取pod 裏面的container 的健康檢查信息，但是實測下來，在我們多containers環境下，他識別的還是有點問題的，後面通過github https://github.com/Azure/application-gateway-kubernetes-ingress ，發現最新版本1.4.0 裏面是支持指定健康檢查信息的，https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/annotations.md

Annotation Key	Value Type	Default Value	Allowed Values	Supported since
appgw.ingress.kubernetes.io/backend-path-prefix	string	nil		1.3.0
appgw.ingress.kubernetes.io/backend-hostname	string	nil		1.2.0
appgw.ingress.kubernetes.io/backend-protocol	string	http	http, https	1.0.0
appgw.ingress.kubernetes.io/ssl-redirect	bool	false		1.0.0
appgw.ingress.kubernetes.io/appgw-ssl-certificate	string	nil		1.2.0
appgw.ingress.kubernetes.io/appgw-trusted-root-certificate	string	nil		1.2.0
appgw.ingress.kubernetes.io/connection-draining	bool	false		1.0.0
appgw.ingress.kubernetes.io/connection-draining-timeout	int32 (seconds)	30		1.0.0
appgw.ingress.kubernetes.io/cookie-based-affinity	bool	false		1.0.0
appgw.ingress.kubernetes.io/request-timeout	int32 (seconds)	30		1.0.0
appgw.ingress.kubernetes.io/override-frontend-port	string			1.3.0
appgw.ingress.kubernetes.io/use-private-ip	bool	false		1.0.0
appgw.ingress.kubernetes.io/waf-policy-for-path	string			1.3.0
appgw.ingress.kubernetes.io/health-probe-hostname	string	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-port	int32	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-path	string	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-status-codes	[]string	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-interval	int32	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-timeout	int32	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold	int32	nil		1.4.0-rc1

一共支持這麼多種annotation ,也夠用了。健康檢查失敗的話，後面步驟都沒法進行下去，還不能在portal 上面改，pod會強刷掉。

看上去waf是appliction gateway的一個亮點，但是還沒怎麼使用不好多說。