use application gateway to expose aks service over http/https

其实就是把application gateway 当一个ingress用，

https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-expose-service-over-http-https

https://raw.githubusercontent.com/kubernetes/examples/master/guestbook/all-in-one/guestbook-all-in-one.yaml

1. 基本用法

怎么用法，很简单，指定ingress.class 就 可以

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: guestbook
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: frontend
          servicePort: 80

https的话也是先需要建一个secret, 类型要注意一下，是

kubernetes.io/tls

不然后的话mcr.microsoft.com/azure-application-gateway/kubernetes-ingress 这个image的pod会报错。

2. 指定健康检查信息

理论上来说，他是会自动获取pod 里面的container 的健康检查信息，但是实测下来，在我们多containers环境下，他识别的还是有点问题的，后面通过github https://github.com/Azure/application-gateway-kubernetes-ingress ，发现最新版本1.4.0 里面是支持指定健康检查信息的，https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/annotations.md

Annotation Key	Value Type	Default Value	Allowed Values	Supported since
appgw.ingress.kubernetes.io/backend-path-prefix	string	nil		1.3.0
appgw.ingress.kubernetes.io/backend-hostname	string	nil		1.2.0
appgw.ingress.kubernetes.io/backend-protocol	string	http	http, https	1.0.0
appgw.ingress.kubernetes.io/ssl-redirect	bool	false		1.0.0
appgw.ingress.kubernetes.io/appgw-ssl-certificate	string	nil		1.2.0
appgw.ingress.kubernetes.io/appgw-trusted-root-certificate	string	nil		1.2.0
appgw.ingress.kubernetes.io/connection-draining	bool	false		1.0.0
appgw.ingress.kubernetes.io/connection-draining-timeout	int32 (seconds)	30		1.0.0
appgw.ingress.kubernetes.io/cookie-based-affinity	bool	false		1.0.0
appgw.ingress.kubernetes.io/request-timeout	int32 (seconds)	30		1.0.0
appgw.ingress.kubernetes.io/override-frontend-port	string			1.3.0
appgw.ingress.kubernetes.io/use-private-ip	bool	false		1.0.0
appgw.ingress.kubernetes.io/waf-policy-for-path	string			1.3.0
appgw.ingress.kubernetes.io/health-probe-hostname	string	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-port	int32	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-path	string	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-status-codes	[]string	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-interval	int32	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-timeout	int32	nil		1.4.0-rc1
appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold	int32	nil		1.4.0-rc1

一共支持这么多种annotation ,也够用了。健康检查失败的话，后面步骤都没法进行下去，还不能在portal 上面改，pod会强刷掉。

看上去waf是appliction gateway的一个亮点，但是还没怎么使用不好多说。

3. 排错

再附送一个debug手段

kubectl describe  ingress xxx
Name:              
Namespace:        default
Address:          40.xx.
Default backend:  default-http-backend:80 ()
TLS:
  secret-eastmoney terminates 
Rules:
  Host  Path  Backends
  ----  ----  --------
  *     
        /   xxx:2860 (10.x.x.x:2860,10.xx.xx.xxx:2860)
Annotations:
  appgw.ingress.kubernetes.io/health-probe-timeout:  5
  kubernetes.io/ingress.class:                       azure/application-gateway
  
Events:                                              

主要看events，如果有错误信息会在上面显示。