Application Gateway for Containers (AGFC) is a newer and improved version of the earlier Application Gateway Ingress Controller (AGIC), which you might be familiar with if you’ve used Azure Kubernetes Service (AKS). This iteration advances Azure’s Application Load Balancing capabilities and adds a fresh offering to the Application Gateway product lineup.
As I mentioned new and improved – it comes with some new features from its release including:
- Traffic splitting and weighted round-robin
- Mutual authentication with backend targets
- Enhanced performance, enabling near real-time updates for adding or moving pods, routes, and probes
In this blog post, we will look at creating an Application Gateway for Containers (AGFC) using Terraform.
Terraform time
Before deploying the Application Gateway for Containers (AGFC), we need to create the following resources:
- Resource Group: Create a resource group named
tamops-rg-example. - Virtual Network: Set up a virtual network called
tamops-vnet. - Subnet: Create a subnet within this virtual network where the AGFC will be deployed. Ensure this subnet has the necessary service delegation for AGFC.
- Network Security Group (NSG): Assign an NSG to the subnet, configured with default security rules.
Terraform below, will create the above 4 resources:
# create resource group
resource "azurerm_resource_group" "rg" {
name = "tamops-rg-example"
location = "uksouth"
}
# create vnet
resource "azurerm_virtual_network" "virtual_network" {
name = "tamops-vnet"
location = "uksouth"
resource_group_name = azurerm_resource_group.rg.name
address_space = ["192.168.0.0/16"]
}
# create subnet for Application Gateway for Containers
resource "azurerm_subnet" "appgw_subnet" {
name = "agfcsubnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.virtual_network.name
address_prefixes = ["192.168.0.0/24"]
delegation {
name = "delegation"
service_delegation {
name = "Microsoft.ServiceNetworking/trafficControllers"
}
}
}
# create network security group & associate with subnet
resource "azurerm_network_security_group" "nsg" {
name = "tamops-nsg"
location = "uksouth"
resource_group_name = azurerm_resource_group.rg.name
}
resource "azurerm_subnet_network_security_group_association" "app_gwsubnet" {
subnet_id = azurerm_subnet.appgw_subnet.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
Application Gateway for Containers Terraform
Lets now create AGFC using Terraform:
- Create AGFC:
- Associate it to the subnet created above
- Create a frontend for AGFC
# Azure Application Gateway for Containers
resource "azurerm_application_load_balancer" "alb" {
name = "tamops-alb"
location = "uksouth"
resource_group_name = azurerm_resource_group.rg.name
}
resource "azurerm_application_load_balancer_subnet_association" "alb" {
name = "alb-subnet-association"
application_load_balancer_id = azurerm_application_load_balancer.alb.id
subnet_id = azurerm_subnet.appgw_subnet.id
}
resource "azurerm_application_load_balancer_frontend" "alb" {
name = "alb-frontend"
application_load_balancer_id = azurerm_application_load_balancer.alb.id
}
Awesome, by following these steps, you successfully deploy an Application Gateway for Containers (AGFC) with a frontend using Terraform.
This was all I wanted to cover in this blog post, if you do want to configure further with an application – here is some examples from learn.microsoft.com