Application Gateway Ingress Controller (Agic) Made Easy

A Comprehensive and Practical Course: Containers, K8s, Web Applications, Routing, Security, Monitoring, HA and others

What you'll learn

Containerization, Kubernetes, AKS, Application Gateway basics

What Application Gateway Ingress Controller (AGIC) is, networking considerations, deployment methods

How to expose applications via custom domain name

AGIC routing and other AGIC-related annotations

How to create multiple types of TLS/SSL certificates and expose applications via HTTPS, using TLS/SSL termination or End-to-End TLS/SSL

AGIC-related security, including Web Application Firewall (WAF)

Other AGIC-related configurations like restricting it to specific namespaces or sharing the Application Gateway with other Azure services

How to monitor and troubleshoot the Application Gateway and its traffic

How to achieve reliability and high availability

Requirements

It is good to have basic knowledge of Containerization, Linux, Networking, Kubernetes, Azure, Application Gateway, and Azure Kubernetes Service (AKS) but I am explaining most of the concepts at specific points in the course

Description

This comprehensive course on Application Gateway Ingress Controller (AGIC) provides in-depth knowledge and hands-on experience to effectively deploy and manage web applications in Azure. You will learn the fundamentals of containers, Kubernetes, Azure Kubernetes Service (AKS), and the Azure Application Gateway, and then dive into the intricacies of AGIC setup, configuration, and advanced usage scenarios.Starting with an introduction to containers and microservices architecture, you will explore Docker, Docker Hub, and container app deployment. You will gain understanding of the Azure Application Gateway and Azure Kubernetes Service (AKS), including basic Kubernetes objects and ingress controllers.The course covers various installation methods for AGIC, networking considerations, and the deployment process using both the Greenfield and Brownfield methods, as well as the installation via AKS managed add-on or via Helm. You will learn how to configure AGIC for both public and private IPs, utilize VNET peering, scale application gateways, and manage annotations.With a focus on routing and configuration, you will discover how to implement URL/path-based routing, host multiple sites and subdomains, customize health probes, utilize cookie-based affinity and more. The course also covers SSL certificate creation or importation, security considerations, and implementing Web Application Firewall (WAF) for enhanced application protection.You will explore additional AGIC configurations and considerations, such as namespace restrictions, sharing AGIC-managed gateways with other Azure resources, and integrating multiple ingress controllers in the same AKS cluster. Monitoring and troubleshooting AGIC/Application Gateway, high availability, and using Azure Front Door for traffic routing are also covered in detail.By the end of this course, you will have the knowledge and skills to confidently deploy and manage application gateways using AGIC, leverage advanced configuration options, ensure reliability and high availability, and effectively monitor and troubleshoot your deployments.Join this course and unlock the power of Azure Application Gateway Ingress Controller (AGIC) to streamline your web application delivery!

Overview

Section 1: Course introduction

Lecture 1 Introduction about instructor and course

Lecture 2 Good to know / Recommended background

Lecture 3 Connect with me

Section 2: Understanding containers

Lecture 4 What is a container and how is it different from a VM?

Lecture 5 Microservices architecture

Lecture 6 Install Docker and Azure CLI on an Ubuntu VM and other considerations

Lecture 7 What are Docker, Dockerfile and Docker Hub?

Lecture 8 Create a container app (web app), pushing it to Docker Hub and running it

Section 3: Starting with Application Gateway Ingress Controller (AGIC)

Lecture 9 What is the Azure Application Gateway?

Lecture 10 What is Azure Kubernetes Service (AKS)?

Lecture 11 Understand basic Kubernetes objects and what an ingress controller is

Lecture 12 Configure Application Gateway and AKS (without AGIC) to understand the downside

Lecture 13 Kubectl and Visual Studio Code tips and tricks

Lecture 14 What is the Application Gateway Ingress Controller (AGIC)?

Lecture 15 Azure free account and AGIC pricing (Application Gateway and AKS pricings)

Lecture 16 AGIC installation methods (Greenfield / Brownfield and Add-on / Helm)

Lecture 17 Networking considerations, network plugins in AKS and their relevance in AGIC

Lecture 18 Create AGIC with the Greenfield method and add-on (using Azure CNI)

Lecture 19 Create AGIC with the Brownfield method and add-on (using kubenet)

Lecture 20 Create AGIC with the Greenfield/Brownfield method and Helm (Workload Identity)

Lecture 21 How and why to Stop/Start the AKS cluster and the Application Gateway

Lecture 22 Deploy an application in AKS and see it exposed via the Application Gateway

Lecture 23 Basic components-IP, backend pool, backend setting, listener, rule, health probe

Lecture 24 Understand Application Gateway Backend Health

Lecture 25 Create AGIC with both public and private IP

Lecture 26 Create AGIC with private IP only

Lecture 27 Understand and use VNET peering

Lecture 28 Understand Application Gateway scaling

Lecture 29 Understand annotations in AGIC

Section 4: AGIC routing and usage of other configuration annotations

Lecture 30 Configure a custom domain with the help of an Azure Public DNS zone and use it

Lecture 31 Host Multiple Sites

Lecture 32 Host Multiple Subdomains

Lecture 33 URL / Path Based Routing

Lecture 34 Avoid this confusion when using URL / Path Based Routing

Lecture 35 Expose using a different path than the one at app level (Backend Path Prefix)

Lecture 36 Implement Rule Priority

Lecture 37 Append additional hostnames (Hostname Extension)

Lecture 38 Specify the hostname used while talking to the pods (Backend Hostname)

Lecture 39 Override Frontend Port

Lecture 40 Use a Rewrite Rule Set

Lecture 41 Customize the Health Probe

Lecture 42 Cookie Based Affinity

Lecture 43 Connection Draining

Lecture 44 Specify a Request Timeout after which the request will fail if not received

Section 5: Certificates, Security and Web Application Firewall (WAF) in AGIC

Lecture 45 Create a self-signed certificate

Lecture 46 Setup a bought/paid trusted SSL certificate

Lecture 47 Create a Let's encrypt SSL certificate (manually)

Lecture 48 Understand SSL Termination and End-to-End (E2E) SSL

Lecture 49 Expose via HTTPS with a certificate in a Kubernetes TLS secret

Lecture 50 Configure SSL redirection

Lecture 51 Expose via HTTPS with a certificate uploaded in the Application Gateway

Lecture 52 Expose via HTTPS with Cert-Manager and Let's Encrypt certificate (autogenerated)

Lecture 53 Setup End-to-End (E2E) SSL

Lecture 54 Use a Network Security Group (NSG) to restrict traffic

Lecture 55 Understand Web Application Firewall (WAF)

Lecture 56 Deploy and test WAF

Lecture 57 Create and use a WAF policy

Section 6: Other AGIC-related configurations and considerations

Lecture 58 Restrict AGIC access to specific namespaces

Lecture 59 Share an AGIC-managed Application Gateway with other Azure resources

Lecture 60 Use AGIC and other ingress controller (like nginx) in the same AKS cluster

Lecture 61 Disable the managed add-on and considerations

Section 7: Monitor and troubleshoot AGIC/Application Gateway

Lecture 62 AGIC logging levels

Lecture 63 Activity logs in Application Gateway

Lecture 64 Metrics Explorer and Insights in Application Gateway

Lecture 65 Enable Diagnostic Settings and explore logs

Lecture 66 Understand Alerts in Azure

Lecture 67 Create a metrics-based alert

Lecture 68 Create a log-based alert

Section 8: Reliability and high availability (HA)

Lecture 69 Understand AGIC-related reliability, including Availability Zones

Lecture 70 How to specify Availability Zones during AKS and Application Gateway creation

Lecture 71 Use Azure Front Door to route traffic between multiple AGICs

Lecture 72 Use a custom domain and Azure Front Door certificate to expose apps in AGIC

Section 9: Continue Your Learning Journey: Special Offer Inside

Lecture 73 Continue Your Learning Journey: Special Offer Inside

Anyone that would like to expose containerized web application running in Azure,Developers and architects interested in learning how to deploy and manage applications using AGIC,AKS/Kubernetes administrators or operators who want to understand how to integrate AGIC into their AKS/Kubernetes clusters for advanced ingress capabilities,DevOps engineers responsible for managing and optimizing application delivery in Azure Kubernetes Service (AKS) using AGIC,IT professionals interested in leveraging the benefits of Web Application Firewall (WAF) and other security features provided by AGIC in Azure,Administrators that looking to achieve high availability for their web applications,Anyone who is looking to learn a new skill