Today I would like to share with you a brand new architecture for your AKS deployments! 💡
Azure Application Gateway for Containers is a new application (layer 7) load balancing and dynamic traffic management product designed for workloads running in a Kubernetes cluster. It extends Azure’s Application Load Balancing portfolio and is a new offering under the Application Gateway product family. (AG4C in short)
The porpouse of this topic is to show you how it can be integrated with Istio to serve as an Ingress Controller for your microservices Service Mesh.
In the below screen, the productpage is a Kubernetes Service with Istio sidecar and it is reached by the Application Gateway for Containers (shown as the unknown endpoint on the left)
The main benefit of this architecture is to use a managed, container-native load balancing solution for the ingress controller (using AG4C) while preserving network governance within the cluster itself (using Istio) 🎉
As you can see from the picture below, the traffic enters from the AG4C frontend and is redirected to the AKS service trough the reverse proxies deployed using the Ingress resource. The service finally routes the request to the pods where Istio sidecar is listening for incoming traffic, before forwarding it to the application container
How to do it
- Create an AKS cluster with Azure CNI or Overlay -> https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni?tabs=configure-networking-portal
- Install Istio add-on -> Deploy Istio-based service mesh add-on for Azure Kubernetes Service (preview) — Azure Kubernetes Service | Microsoft Learn but be sure to skip the Istio Ingress part, because we will use AG4C as the Ingress Controller
- Configure AG4C -> Quickstart: Deploy Application Gateway for Containers ALB Controller (preview) | Microsoft Learn
Please note that services used in this solution are in preview