Hello All,
my testing has been alot with aks lately and surely i cannot run away on setting up an ingress controller for all my test application on aks , So i would like to share my journey on setting Appling gateway Ingress controller (AGIC) using aks addon via terraform.
There are two method on setting AGIC which is via aks addon or helm chart. There are pro and cons for each method but if your Application Gateway just for AKS to be use , using addon will be better.
More details on the different can be read from here - Microsoft Docs
I will be using terraform module that i created for this example .
Component Involved
1. Azure Kubernetes Service (AKS)
2. Application Gateway
3. Service Principle
4. Azure Virtual Network
you may download my module to test but we will start as below
1. Virtual Network creation
module "vnet00" {
source = "./modules/network/vnet"
vnet-name = "vNet-00-aks"
vnet-range = ["192.168.16.0/24", "172.16.0.0/22"]
subnets-name = ["subnet01", "aks-subnet", "ApplicationGatewaySubnet"]
subnets-range = ["192.168.16.0/28", "172.16.0.0/24", "192.168.16.128/26"]
}
2. SPN creation
module "aks-spn" {
source = "./modules/aad-spn"
spn-name = "AKSAGIC-SPN"
secret-name = "akstfk-spn-secret"
}
3. Application Gateway
module "appgw01" {
source = "./modules/network/appgw"
agsnetname = module.vnet00.vnet_subnets_name.2
agsnetid = module.vnet00.vnet_subnets.2
depends_on = [module.vnet00]
}
4. AKS
module "myaks" {
source = "./modules/k8s/dev-appgw"
aks-name = "aks01"
aks-dns = "aks01-dns"
aks-version = "1.23.3"
aks-subnet-id = module.vnet00.vnet_subnets.1
admin = "username"
ssh = "ssh-rsa xx"
winpass = "password"
client_id = module.aks-spn.client_id
client_sec = module.aks-spn.client_secret
aks-spn = module.aks-spn.object_id-entapp
appgwid = module.appgw01.appgwid
appgwrg = module.appgw01.appgwrg
#appgwname = module.appgw01.appgwname
#appgwnetid = module.vnet00.vnet_subnets.2
#appgwnetcidr = xxx
depends_on = [module.aks-spn,module.appgw01]
}
Notice there are some line is commented. this is because u can either use the existing Application gateway as AGIC or You let the AKS create it for you but i choose on the first one.
Reason for this structure because the same spn will be use in AKS setup and for AGIC which is the read permission on AGIC resource group and contributor to AGIC.
after all the component has been deployed, you may download the kubeconfig file and test with this command
1. kubectl apply -f https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/master/docs/examples/aspnetapp.yaml
2. Kubectl get ingress
Then the sample aspnet app details will appear as the setup was done successfully.
That all for now , im planning to cover traefik and nginx ingress deployment also in future, thanks for reading and you may leave comment for enquiry or improvement .
