Microsoft recently announced the preview of Azure Application Gateway for Containers - a new application (layer 7) load balancing and dynamic traffic management product for workloads running in a Kubernetes cluster. It extends Azure's Application Load Balancing portfolio and is a new offering under the Application Gateway product family.
The company claims the Application Gateway for Containers is the next evolution of Application Gateway and Application Gateway Ingress Controller (AGIC). It introduces the following improvements over AGIC:
- Achieving nearly real-time convergence times for reflecting changes in Kubernetes YAML configuration, including adding or removing pods, routes, probes, and load balancing configurations.
- Exceed current AGIC limits by supporting more than 1400 backend pods and 100 listeners with Application Gateway for Containers.
- Provides a familiar deployment experience using ARM, PowerShell, CLI, Bicep, and Terraform or enables configuration within Kubernetes with Application Gateway for Containers managing the rest in Azure.
- Supports the next evolution in Kubernetes service networking through expressive, extensible, and role-oriented interfaces.
- Enables blue-green deployment strategies and active/active or active/passive routing.
Hari Subramaniam, a cloud solution architect, tweeted:
Absolutely AGIC won’t be missed. I hope the glaring shortcomings with AGIC is addressed in this, and by the looks of it seems a lot of it will be addressed.
The Application Gateway for Containers consists of various components Application Gateway for Containers core, Frontends, Associations, and Azure Load Balancer Controller. In addition, deploying the gateway requires a private IP address, subnet delegation, and user-assigned managed identity.
Diagram of the architecture of Application Gateway for Containers (Source: Microsoft Learn Documentation)
Camilo Terevinto, an Azure solutions architect expert, tweeted in response to the preview announcement of Application Gateway for Containers:
This should be called "Azure Application Gateway for Kubernetes Service," considering it doesn't support Azure Container Instance (ACI) nor Azure Container Apps (ACA) - or is that planned for later?
With Azure Networking responding in a tweet:
Application Gateway for Containers is for Kubernetes workloads today, but we may consider extending the service to other container solutions in the future as well.
In addition, Dennis Zielke, a global blackbelt for cloud-native applications at Microsoft, outlined in a medium blog post a few design limitations:
Overall, the new service has very promising capabilities; however, there are a couple of design limitations today (which are being worked on):
- Limitation of exactly 1 ALB per cluster, 5 frontend per ALB
- Only supporting Azure CNI in the backend cluster
- No multi-region or multi-cluster support
Lastly, the Application Gateway for Containers is available in several Azure Regions globally, and no pricing details are available before the general availability according to the pricing page. In addition, more details and guidance is available on the documentation landing page.