Publish Your AKS Services with Azure Private Link and Front Door
Вставка
- Опубліковано 4 жов 2024
- New functionality in the Azure Cloud Provider for Kubernetes allows you to create an Azure Private Link Service directly from a service manifest. Annotations in the manifest control the name of the service, number of NAT IP addresses and more. In this video, we will use the private link service to publish the Kubernetes service with Azure Front Door Premium.
You made this look so simple!! greatly appreciate it!! Thank you
Awesome demo, thank you!
Thank you! Much appreciated!
Works perfectly! Thank you!
Huge time saver, thank you!
Great video!. Thank you!
Nice Demo.. Thank you👍
Great Tutorial. when trying this is SSL Cert on the server side ( and of course the right configuration as you shown on the last part of the video , aiming for Https forward route , and even disabling health checks) , it seems the the command is returning [even though its there] . would be interesting to see how this is configured with HTTPS and SSL certificates
Thank you for the demo! Really appreciate it.
Do you know if there's a way to integrate an APIM with this kind of setup? Would the APIM go in between the load balancer and the cluster, or in front of the load balancer?
You can put APIM in front of the load balancer but APIM does not support private link to connect to backends. You can deploy premium or the new standard v2 which allows connection to internal backends.
Hi Geert, first wanna say thanks for your great videos. Kindly suggest jenkins pipeline with rbac AKS in a way that developer and tester teams can build their own build and devops finally can only deploy production. Just describe useful instructions. Thanks in advance 😊😊😊
Sadly, I don’t use Jenkins. Same for almost all the customers I visit…
Hi can you show how we add two domains to the same origin group and two different routes
This is great
Hi Geert! Awesome video, quick question, is it possible to have the Origin (the AKS) in https? Been strugling with one that uses https, and seems to not like it that much.
Yes… but you need to configure a non self signed cert at the Ingress level. Use a cert issued by a trusted CA: ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT
Its not working actually, followed steps same as you getting error when accessing fd fqdn
" 404 page not found"
It can go wrong on many, many levels so I suggest to start from the beginning: does the pod return a result, does the service return a result (use port forwarding), do you get a result connecting to the frontend IP of the load balancer, etc... etc... Are you using super-api or some other app?
Hi Geert, Thanks for this demo. Can we have Application gateway (Not AGIC) instead of Azure Front Door?
Any demo will be highly appreciable.
You can have it, but i had tons of issues implementing it in a hub n spoke model. Front door is good if you have client residing in diff regions accessing your application. Otherwise go for appGateway
Great video @geert. Can we integrate Azure API Management instead of Front Door? How to register more than one service hosted over AKS? any tutorial/video link appreciated.
More than one service is handled by an ingress controller that uses the ILB that's configured with private link.
Azure API Management is a different story. You can connect from FD to APIM using a private endpoint on APIMs gateway. But APIM connects to the actual APIs on Kubernetes either via the internal network (premium tier; $$$; does not need/use private endpoints) or via a public endpoint (e.g. public ingress controller on K8S that exposes APIs via public IP).