[WIP] New Lab - Application Gateway for Containers #87
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds a new comprehensive lab documentation for Application Gateway for Containers (AGC) with Azure Kubernetes Service (AKS). The lab guides users through deploying and configuring AGC to expose applications over HTTP/HTTPS with advanced features like Web Application Firewall policies and traffic splitting for canary deployments.
- Complete step-by-step guide for setting up Application Gateway for Containers with AKS
- Integration with cert-manager for HTTPS certificate management using Let's Encrypt
- Advanced features including WAF policy application and canary deployment implementation
| spec: | ||
| acme: | ||
| server: https://acme-v02.api.letsencrypt.org/directory # production endpoint | ||
| email: [email protected] |
There was a problem hiding this comment.
The email address should be updated to use a placeholder format that clearly indicates users need to replace it with their actual email, such as '[email protected]' or '[email protected]'.
| email: [email protected] | |
| email: <[email protected]> |
| While the current permissions are sufficient for creating the WAF Policy, the ALB controller is unable to join the policy to the HTTP route. Add a Network Contributor role with a scope matching the WAF Policy you just created: | ||
|
|
||
| ```bash | ||
| az role assignment create --assignee-object-id $PRINCIPAL_ID --assignee-principal-type ServicePrincipal --scope $WAF_POLICY_ID --role "4d97b98b-1d4f-4787-a291-c67834d212e7" # Network Contributor |
There was a problem hiding this comment.
The WAF_POLICY_ID variable will contain quotes from the previous command (line 598), which will cause this role assignment to fail. This is another consequence of the missing '-o tsv' parameter in the previous command.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
…github.com/mestredelpino/aks-labs into new-lab/application-gateway-for-containers
pauldotyu
left a comment
pauldotyu
left a comment
There was a problem hiding this comment.
Have not had a chance to complete this end-to-end yet but can you review my suggestions for setup as well as some of the Copilot suggestions?
docs/networking/agc-lab.md
Outdated
| CONTROLLER_NAMESPACE='azure-alb-system' | ||
| az aks get-credentials --resource-group $RG_NAME --name $AKS_NAME | ||
| CLIENT_ID=$(az identity show -g $RG_NAME -n $IDENTITY_RESOURCE_NAME --query clientId -o tsv) | ||
| helm install alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller --namespace $HELM_NAMESPACE --version 1.7.9 --set albController.namespace=$CONTROLLER_NAMESPACE --set albController.podIdentity.clientID=$CLIENT_ID --create-namespace |
There was a problem hiding this comment.
There seems to be an issue with installing this version.
There was a problem hiding this comment.
I replaced for latest version in the docs (1.8.12). Link to docs: https://learn.microsoft.com/en-us/azure/application-gateway/for-containers/quickstart-deploy-application-gateway-for-containers-alb-controller?tabs=install-helm-windows
Can you please check again with the new version?
Co-authored-by: Paul Yu <[email protected]>
Co-authored-by: Paul Yu <[email protected]>
Co-authored-by: Paul Yu <[email protected]>
2 participants
Purpose
Adding a new lab - Application Gateway for Containers
Does this introduce a breaking change?
Pull Request Type
What kind of change does this Pull Request introduce?
How to Test
What to Check
Verify that the following are valid:
View lab under Networking > Application Gateway for Containers
Run through lab
Other Information