AKS Shared Application Gateway

Application Routing with Shared Application Gateway (AKS)

Azure's Shared Application Gateway provides a secure and scalable way to expose Kubernetes services to the internet or internal networks. DuploCloud integrates directly with the Azure Shared Application Gateway, allowing you to manage routing, SSL certificates, and health checks through the DuploCloud Portal.

This integration abstracts the complexity of Kubernetes-native Ingress resources while providing similar capabilities. You can also configure access to container and pod shells via the DuploCloud Portal for both Docker-based and Kubernetes-based deployments.

Note: To add an SSL certificate when exposing a service through the Shared Application Gateway, see the . documentation.

Prerequisites

Create Services: To configure the Shared Application Gateway, you must first create one or more Kubernetes Services. See the documentation for steps.

Enable the Ingress controller: To enable Shared Application Gateway support:

In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select the Infrastructure from the NAME column.
Select the Settings tab, and click Add. The Infra-Set Custom Data pane displays.
In the Setting Name list box, select Enable App Gateway Ingress Controller.
Enable the setting and click Set. The value should be true. This enables the AKS Ingress controller to integrate with Azure’s Shared Application Gateway.

Adding a Load Balancer Listener (K8S NodePort)

To expose a service via NodePort using the Application Gateway:

In the DuploCloud Portal, navigate to Kubernetes -> Services.
Select your Service from the NAME column.
Select the Load Balancers tab.
Click Configure Load Balancer. The Add Load Balancer Listener pane appears.
In the Select Type field, select K8S Node Port.
In the Health Check field, add the Kubernetes Health Check URL for the container (used for availability checks). Using a Kubernetes Health Check allows the Shared Application Gateway to monitor service health and route traffic accordingly.
Fill in the remaining fields as appropriate.
Click Add to create the Load Balancer listener.

Creating a Shared Application Gateway Ingress

To configure Ingress through the Azure Shared Application Gateway:

In the DuploCloud Portal, navigate to Kubernetes -> Ingress.
Click Add. The Add Kubernetes Ingress page displays.
In the Ingress Name field, enter a name for the Ingress.
In the Ingress Controller field, select the controller (Shared Application Gateway)
Set Visibility to Public or Internal Only.
Optionally, configure the following fields:
- DNS Prefix: Provide the DNS prefix to expose services.
- Certificate Name: Select or enter the name of the TLS/SSL certificate to secure the Ingress traffic.
- Port Override: Specify a custom port (e.g., 8080). If used, add a matching Security Group Rule
- HTTP to HTTPS Redirect: Enable to automatically redirect all HTTP traffic to HTTPS.
Follow the steps below to configure Ingress rules.
Click Add to create the Ingress resource.

Configuring Ingress Rules

To define routing rules for your Ingress:

On the Add Kubernetes Ingress page, click Add Rule. The Add Ingress Rule pane displays.
Enter a Path.
In the Path Type list box, select Exact, Prefix, or Implementation Specific.
In the Service Name field, select the Service (s1-alb:80 in this example).
Click Add Rule.
Repeat to define multiple routing rules or paths

The DuploCloud Platform supports defining multiple rules/paths in Ingress.

Adding a Security Group Rule (Custom Ports)

Port 80 is allowed by default. If using a custom port, add a security rule:

In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select your Infrastructure from the NAME column.
Select the Security Group Rules tab.
Click Add. The Add Infrastructure Security pane displays.
Define your rule (e.g., port 8080) and click Add. The rule is added to the Security Group Rules list.

Viewing Ingress

Viewing Ingress details in the DuploCloud Portal

To view details of your configured Ingress in the DuploCloud Portal:

Navigate to Kubernetes -> Ingress, and select your Ingress from the NAME column.

Viewing Ingress details using curl Commands

To confirm that traffic is being routed according to your Ingress rules, you can use curl commands:

Use the following format for the curl command: curl http://<dns-name>/<path>
Replace <dns-name> with the DNS name defined in your Ingress, and <path> with the path configured in the Ingress rules.

For example:

Command: curl http://ig-nev-ingress-ing-t2-1.duplopoc.net/path1/
Response: this is IG-NEV

Command: curl http://ing-doc-ingress-ing-t2-1.duplopoc.net/path2/
Response: this is ING-DOC

Command: curl http://ing-public-ingress-ing-t2.1.duplopoc.net/path3/
Response: this is ING2-PUBLIC

PreviousGKE Ingress NextUsing an Azure Application Gateway SSL policy with Ingress

Last updated 1 month ago

Was this helpful?