Fix Azure AKS Ingress App Gw Errors
When working with Azure AKS, you may encounter a configuration error that prevents your deployment from working. This guide explains the most common mistake with ingress app gw and shows the exact fix.
A Common Mistake
Using a basic LoadBalancer Service instead of Application Gateway Ingress Controller (AGIC) for web applications on AKS.
The incorrect command:
kubectl expose deployment my-app --port=80 --type=LoadBalancer
Error output:
Service exposed on Azure Load Balancer.
Each service gets its own public IP:
EXTERNAL-IP: 20.x.x.x (one per app)
Features missing: SSL termination, URL routing, WAF, cookie affinity, multiple apps on same IP.
Cost: one LB per app (~$20/month each).
The Correct Approach
The right way to configure ingress app gw in Azure AKS:
az aks enable-addons --addons ingress-appgw --name my-aks --resource-group my-rg --appgw-name my-appgw --appgw-subnet-cidr 10.100.2.0/24
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app
port:
number: 80
EOF
Successful result:
AGIC deployed.
Single Application Gateway IP (20.x.x.x) with:
- SSL termination
- URL-based routing to multiple services
- WAF protection
- Cookie-based affinity
- Autoscaling
How to Prevent This
Use AGIC for production ingress on AKS. Features: SSL termination, URL routing, WAF, autoscaling. AGIC runs as a pod in the cluster. Two deployment modes: addon (managed) or Helm (customizable). AGIC is free (pay for Application Gateway only).
FAQ
Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro. Secure your cloud with DodaTech.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro