use application gateway to expose aks service over http/https
其实就是把application gateway 当一个ingress用,
1. 基本用法
怎么用法,很简单,指定ingress.class 就 可以
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: guestbook
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- http:
paths:
- backend:
serviceName: frontend
servicePort: 80
https的话也是先需要建一个secret, 类型要注意一下,是
kubernetes.io/tls
不然后的话mcr.microsoft.com/azure-application-gateway/kubernetes-ingress 这个image的pod会报错。
2. 指定健康检查信息
理论上来说,他是会自动获取pod 里面的container 的健康检查信息,但是实测下来,在我们多containers环境下,他识别的还是有点问题的,后面通过github https://github.com/Azure/application-gateway-kubernetes-ingress ,发现最新版本1.4.0 里面是支持指定健康检查信息的,https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/annotations.md
Annotation Key Value Type Default Value Allowed Values Supported since
appgw.ingress.kubernetes.io/backend-path-prefix string nil 1.3.0
appgw.ingress.kubernetes.io/backend-hostname string nil 1.2.0
appgw.ingress.kubernetes.io/backend-protocol string http http, https 1.0.0
appgw.ingress.kubernetes.io/ssl-redirect bool false 1.0.0
appgw.ingress.kubernetes.io/appgw-ssl-certificate string nil 1.2.0
appgw.ingress.kubernetes.io/appgw-trusted-root-certificate string nil 1.2.0
appgw.ingress.kubernetes.io/connection-draining bool false 1.0.0
appgw.ingress.kubernetes.io/connection-draining-timeout int32 (seconds) 30 1.0.0
appgw.ingress.kubernetes.io/cookie-based-affinity bool false 1.0.0
appgw.ingress.kubernetes.io/request-timeout int32 (seconds) 30 1.0.0
appgw.ingress.kubernetes.io/override-frontend-port string 1.3.0
appgw.ingress.kubernetes.io/use-private-ip bool false 1.0.0
appgw.ingress.kubernetes.io/waf-policy-for-path string 1.3.0
appgw.ingress.kubernetes.io/health-probe-hostname string nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-port int32 nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-path string nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-status-codes []string nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-interval int32 nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-timeout int32 nil 1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold int32 nil 1.4.0-rc1
一共支持这么多种annotation ,也够用了。健康检查失败的话,后面步骤都没法进行下去,还不能在portal 上面改,pod会强刷掉。
看上去waf是appliction gateway的一个亮点,但是还没怎么使用不好多说。
3. 排错
再附送一个debug手段
kubectl describe ingress xxx
Name:
Namespace: default
Address: 40.xx.
Default backend: default-http-backend:80 (<none>)
TLS:
secret-eastmoney terminates
Rules:
Host Path Backends
---- ---- --------
*
/ xxx:2860 (10.x.x.x:2860,10.xx.xx.xxx:2860)
Annotations:
appgw.ingress.kubernetes.io/health-probe-timeout: 5
kubernetes.io/ingress.class: azure/application-gateway
Events: <none>
主要看events,如果有错误信息会在上面显示。