Application Gateway for Containers

Application Gateway for Containers, recently made generally available by Azure, represents an evolution in application (layer 7) load balancing and dynamic traffic management for workloads running in a Kubernetes cluster. This service is the culmination of the Application Gateway and Application Gateway Ingress Controller, offering enhanced capabilities for managing web traffic to container workloads with features such as Custom Health Probes, URL Redirect, URL/Header Rewrite, Controller High Availability, Gateway API v1, Additional Region Availability, and an SLA for Production Workloads.

How Application Gateway for Containers Works

Application Gateway for Containers operates through a combination of components including the Application Gateway itself, frontends, and associations, along with dependencies such as a private IP address, subnet delegation, and user-assigned managed identity. It provides a resilient and scalable ingress solution for AKS clusters, supporting automatic retries, autoscaling, availability zone resiliency, various health probes, header rewrite, HTTPS traffic management, and much more. Traffic management is facilitated through layer 7 HTTP/HTTPS request forwarding based on hostname, path, header, query string, methods, and ports. The deployment offers two strategies: Bring Your Own (BYO) deployment and management by ALB Controller​​.

Benefits and Features

The gateway enhances performance by offering near real-time updates for adding or moving pods, routes, and probes. It also supports traffic splitting, mutual authentication to the backend, Kubernetes Ingress and Gateway API, and flexible deployment strategies. The control and data plane architecture of the Application Gateway for Containers is designed for high availability and security, ensuring that your applications remain accessible and secure​​.

Deployment Strategies


There are two primary deployment strategies for Application Gateway for Containers:

Bring Your Own (BYO) Deployment: This strategy involves deploying and managing the Application Gateway for Containers resource, Association, and Frontend resource via the Azure portal, CLI, PowerShell, Terraform, etc., and referencing these in Kubernetes configuration.


Managed by ALB Controller: In this strategy, the ALB Controller deployed in Kubernetes manages the lifecycle of the Application Gateway for Containers resource and its sub-resources. This option simplifies management and ensures that Application Gateway configurations are automatically updated based on changes within the Kubernetes cluster.

My advice is to use a BYO via native language deployment through Bicep.

Deployment through Bicep

Creating a deployment for Azure Application Gateway for Containers using Bicep involves defining resources like the Application Gateway, a virtual network with appropriate subnets, and possibly integrating with Azure Kubernetes Service (AKS). A full Bicep template is too detailed and specific, so my deployment example is just the basic without pipeline;

Define a Virtual Network and Subnets: Start by defining a virtual network (VNet) with subnets for the Application Gateway and AKS cluster. Application Gateway requires a dedicated subnet.

resource vnet 'Microsoft.Network/virtualNetworks@2020-11-01' = {
  name: 'vnetName'
  location: 'location'
  properties: {
    addressSpace: {
      addressPrefixes: [
        '10.0.0.0/16'
      ]
    }
    subnets: [
      {
        name: 'AppGatewaySubnet'
        properties: {
          addressPrefix: '10.0.0.0/24'
        }
      }
      {
        name: 'AksSubnet'
        properties: {
          addressPrefix: '10.0.1.0/24'
        }
      }
    ]
  }
}

Deploy Application Gateway for Containers: Define the Application Gateway resource with a reference to the subnet created in the previous step. You’ll also need to specify other parameters like SKU, tier, and any configurations specific to your use case, such as HTTP settings, backend pools, listeners, and rules.

resource applicationGateway 'Microsoft.Network/applicationGateways@2020-11-01' = {
  name: 'appGatewayName'
  location: 'location'
  properties: {
    sku: {
      name: 'Standard_v2'
      tier: 'Standard_v2'
    }
    gatewayIPConfigurations: [
      {
        name: 'appGatewayIpConfig'
        properties: {
          subnet: {
            id: vnet::subnets::AppGatewaySubnet.id
          }
        }
      }
    ]
    // Define other configurations like HTTP settings, backend pools, listeners, and rules here
  }
}

Integrate with Azure Kubernetes Service (AKS): If deploying an AKS cluster as part of your architecture, define the AKS resource and ensure it’s configured to use the subnet created for it. You may also need to configure networking settings for integration with the Application Gateway.

resource aks 'Microsoft.ContainerService/managedClusters@2021-03-01' = {
  name: 'aksClusterName'
  location: 'location'
  properties: {
    dnsPrefix: 'aksClusterDnsPrefix'
    agentPoolProfiles: [
      {
        name: 'agentPool'
        // Reference to the subnet for AKS
        vnetSubnetID: vnet::subnets::AksSubnet.id
        count: 3
        vmSize: 'Standard_DS2_v2'
        osType: 'Linux'
      }
    ]
    // Include additional AKS configurations as needed
  }
}

Configure Application Gateway Ingress Controller (AGIC): If using AGIC with your Application Gateway, ensure to configure AGIC settings within your AKS deployment to enable the integration. This typically involves deploying a Helm chart within AKS that configures AGIC to use your Application Gateway.

For comprehensive guides and the latest features available for Application Gateway and AKS integration, visiting the official Microsoft documentation:

Supported Regions and Availability

Application Gateway for Containers is now available in multiple Azure regions worldwide, enabling deployment in a region closest to your users to minimize latency and improve performance

Conclusion

Azure’s Application Gateway for Containers provides a robust, scalable solution for managing web traffic to containerized applications. With its comprehensive feature set, including load balancing, SSL termination, and support for Kubernetes Ingress and Gateway APIs, it offers a flexible and powerful option for deploying and managing containerized applications on Azure. Whether you’re migrating existing applications to containers or building new microservices architectures, Application Gateway for Containers provides the tools you need to ensure high availability, performance, and security.

For more detailed information on how to deploy and manage Application Gateway for Containers, check the official Azure documentation​.

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *