Kubernetes - Azure Application Gateway Ingress Controller vs Ambassador

Question

I have a Kubernetes cluster (on-premise) with Ambassador. But now I am planning to move to Azure Kubernetes Service with Azure application gateway ingress controller.

With the Ambassador I can do the following things currently;

• Ingress routing to microservices

• Defines routes in config

• Routes api calls from one namespace to another via k8s service in api target namespace

• Checks authentication on all non public routes

• Make request to auth pod (which requests keycloak), to validate token in header (or url param for document urls)

I was going through the Azure Application Gateway Ingress Controller documentation, but I am having a hard time understanding what services (or annotations) should I use in the Azure app gateway ingress controller so I can achieve the same (more or less) things I achieve currently with Ambassador

For a start, I saw one annotation where you can set private IP's for internal services. Like wise, can someone please help me match the resembling Azure App Gateway Ingres controller functionality to the Ambassador's? Is the annotation along enough necessary? Should I use any other tools/addons with AKS to achieve the same functionality?

Answer 1

these are all of the annotations supported by agic: https://azure.github.io/application-gateway-kubernetes-ingress/annotations/

I'm pretty sure you cant check for auth, but you can redirect to keyclock which would handle auth.

everything else you require is done via ingress resource and doesnt need annotations (at least as far as I can tell).