Use the Application Gateway Ingress Controller on Microsoft Azure Kubernetes Service

A cluster-level ingress controller can be used to route traffic to an ArcGIS Enterprise deployment on Microsoft Azure Kubernetes Service (AKS). For more information, see Cluster-level ingress controllers.

Note:

This workflow should be performed prior to creating an ArcGIS Enterprise organization. ArcGIS Enterprise Manager can be accessed from a browser once a load balancer has been deployed and configured.

Prerequisites

Review the general prerequisites and ensure the following AKS-specific prerequisites are met:

  • You must have prepared a Kubernetes cluster in AKS.
  • The Application Gateway Ingress Controller must be deployed to your cluster. You also must have an Azure Application Gateway in place within your subscription. For additional details on how to ensure that the Application Gateway Ingress Controller is properly deployed and configured for use with an application gateway, see the Azure documentation.
  • The Azure CLI must be installed on your client machine. Ensure that you can authenticate from the CLI to the subscription in which your AKS cluster exists.
  • Kubectl must be installed on your client machine. Ensure that you can connect and issue commands to the Kubernetes API Server that is associated with the cluster you have created.
  • You must have created a TLS Secret for storing certificate information for your Ingress object. The TLS certificate stored within this secret should be valid for the fully qualified domain name that you have chosen for your ArcGIS Enterprise on Kubernetes deployment namespace.
  • You must have created a DNS record in your DNS provider of choice, which maps the front-end IP address of the Application Gateway to the fully qualified domain name that you have chosen for your ArcGIS Enterprise on Kubernetes deployment.

Implement a cluster-level ingress controller

To implement a cluster-level ingress controller to route traffic to an ArcGIS Enterprise deployment on Microsoft AKS, complete the following steps:

  1. Open the template included in the layer-7-templates folder or copy the following example to a file on your client machine:
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: arcgis-enterprise-ingress
      namespace: <deploymentNamespace>
      annotations:
        kubernetes.io/ingress.class: azure/application-gateway
        appgw.ingress.kubernetes.io/ssl-redirect: "true"
        appgw.ingress.kubernetes.io/backend-protocol: "https"
        appgw.ingress.kubernetes.io/backend-hostname: <deploymentFQDN>
        appgw.ingress.kubernetes.io/health-probe-hostname: <deploymentFQDN>
        appgw.ingress.kubernetes.io/health-probe-port: "443"
        appgw.ingress.kubernetes.io/health-probe-status-codes: "200-399"
        appgw.ingress.kubernetes.io/health-probe-path: "/<context>/admin"
        appgw.ingress.kubernetes.io/request-timeout: "600"
      labels:
        id: custom-ingress-resource
    spec:
      tls:
        - hosts:
            - <deploymentFQDN>
          secretName: <tlsSecretName>
      rules:
        - host: <deploymentFQDN>
          http:
            paths:
              - backend:
                 service:
                   name: arcgis-ingress-nginx
                   port:
                     number: 443
                path: /<context>
                pathType: Prefix
    
  2. Replace the following values:
    • deploymentFQDN—Provide the fully qualified domain name that was specified during the initial deployment.
    • tlsSecretName—Provide the name of the TLS Secret that was created within the deployment namespace.
    • namespace—Provide the namespace in which you have deployed ArcGIS Enterprise on Kubernetes.
    • context—Provide the context that was specified during deployment.
      Note:

      This value appears twice and should be replaced in both instances. Ensure that you update the value within the appgw.ingress.kubernetes.io/health-probe-path annotation.

  3. Save the file on your client machine.

    For example, ingress.yaml.

  4. Create the Ingress object by doing one of the following:
    • Apply Ingress YAML data to your cluster using the following command:
      kubectl apply -f ingress.yaml
      
    • When running the deployment script silently, set CLUSTER_INGRESS_CONTROLLER_YAML_FILENAME to the location of the Ingress YAML file.

Once you complete this workflow, the Ingress object called arcgis-enterprise-ingress is created. The Application Gateway Ingress Controller will use the information defined in this Ingress object YAML to configure the associated Application Gateway to route traffic to your ArcGIS Enterprise deployment. Once this Ingress has been successfully applied, your ArcGIS Enterprise deployment should be accessible through the Application Gateway.

Note:

The arcgis-ingress-controller deployment may need to be refreshed to make a proper connection through the newly created Ingress. If you receive an error when accessing ArcGIS Enterprise Manager after creating the ingress, try running the following:

kubectl rollout restart deployment/arcgis-ingress-controller -n <deploymentNamespace>