After the first article on how to deploy AKS we will check how to use an Application Gateway as an Ingress controller and a WAF. Why? To protect your websites 😊

To start, be sure to deploy your AKS cluster.

Now, you can deploy your Application Gateway, in Azure, with WAFv2 SKU:

Deploy your Application Gateway

Create a public IP for this WAF:

Create a public IP for this WAF

Create an empty backend pool (it will not be used, because of the integration as Ingress):

Create an empty backend pool

Create a routing rule1, with HTTP protocol (it will not be used, because of the integration as Ingress):

Create a routing rule1, with HTTP protocol

And the backend target (it will not be used, because of the integration as Ingress):

And the backend target

You will have this:

Configuration

When the App Gateway has been deployed, go to your Azure AD, and get the name of your Service Principal:

Name of your Service Principal

Get the application ID, and create a new secret:

Get the application ID

Give to this Azure AD Service Principal, the Contributor right on the AKS Resource Group:

AKS Resource Group

Now, connect to your AKS Cluster:

Execute the following command, to apply the deployment template rbac:

Convert your Azure AD Service principal secret to base 64:

Now, create 2 files, with the following content:

01-aadpodidentity-sp.yaml

02-aadpodidentitybinding.yaml

And apply them:

script

Pods are now running:

Pods are now running

Pods are now running

Now, we will convert the following connection string, to base64:

Copy this code with your values and go to https://www.base64encode.org/. Paste it and click to Encode. And get the result:

Encode

Create a new file, 04-helm-config.yaml, and paste the code, by replacing values, with your own:

It’s time to apply this configuration, with helm:

 

VSAN from StarWind eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows VSAN from StarWind to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.
Find out more about ➡ VSAN from StarWind

Script

The ingress pod has been deployed:

The ingress pod has been deployed

We will deploy a test application:

I created a DNS entry, starwind, that points to the public IP of my Application gateway. After few seconds, the deployment is finished on the Application Gateway:

I created a DNS entry

DNS entry - StarWind

Listeners

Rules

Health probes

If you try to access your website, you should be able to see it:

Welcome to nginx

In the next article, we will protect this website, with a Let’s Encrypt certificate, directly generated by AKS.

Views All Time
5
Views Today
28
Appreciate how useful this article was to you?
No Ratings Yet
Loading...
Back to blog
The following two tabs change content below.
Florent Appointaire
Florent Appointaire is Microsoft Engineer with 5 years of experience, specialized in Cloud Technologies (Public/Hybrid/Private). He is a freelance consultant in Belgium from the beginning of 2017. He is MVP Cloud and Datacentre Management. He is MCSE Private Cloud and Hyper-V certified. His favorite products are SCVMM, SCOM, Windows Azure pack/Azure Stack and Microsoft Azure.