We have various Asp.net core containers with REST APIs hosted in Azure Kubernetes Service. Each REST API service implements many HTTP methods with different routes but has common base route (based on controller name).
Requirements is to route the request to different service based starting route value, e.g. All requests starting with “/user” route user service or products APIs requests to product service.
We have added path as "/user/* ", "/product/* " in the path section of the kubernetes ingress.
Asterisk (*) is not working
According to this you need to use regex.
path: /foo/.*
Related
Is it possible to include a separate Azure App Service as part of another App Service?
For example lets say that I have a website called www.mycompany.com hosted in its own Azure App Service. I have another Azure App Service that I want to make it accessible by going to a specific URL in the first App Service.
So in other words when a request comes to www.mycompany.com/eu/ I want the content of this endpoint (/eu) to be served from the other app service. Would a load balancer work? The reason I want to do this is because the /eu endpoint has grown too big and I would like to separate that from the main site and host it on a separate app service. I hope my question is clear.
Thanks in advance.
For this purpose you could use Application Gateway.
In a certain sense it resembles a load balancer (it is a L7 LB indeed) as you indicated, but the product provides many additional features.
The following image, extracted from the product documentation, explains how it works:
Basically, as outlined in the aforementioned docs, when describing how an Application Gateway accepts a request (note they mention WAF in the explanation, an optional security threat prevention system):
Before a client sends a request to an application gateway, it
resolves the domain name of the application gateway by using a Domain
Name System (DNS) server. Azure controls the DNS entry because all
application gateways are in the azure.com domain.
The Azure DNS returns the IP address to the client, which is the
frontend IP address of the application gateway.
The application gateway accepts incoming traffic on one or more
listeners. A listener is a logical entity that checks for
connection requests. It's configured with a frontend IP address,
protocol, and port number for connections from clients to the
application gateway.
If a web application firewall (WAF) is in use, the application
gateway checks the request headers and the body, if present,
against WAF rules. This action determines if the request is valid
request or a security threat. If the request is valid, it's routed
to the backend. If the request isn't valid and WAF is in Prevention
mode, it's blocked as a security threat. If it's in Detection mode,
the request is evaluated and logged, but still forwarded to the
backend server.
The routing to one backend or another can be based on URL Paths:
You can find an example of this configuration in this related Microsoft article.
In your use case, you will need to define two backends, one for every App Service, and define routing rules as appropriate.
As indicated before, your DNS should point to the Application Gateway: it will handle the routing to one or other App Service based on the route, /eu/* or /*, provided by the client.
The order of the routes is important: once a rule is matched, it will be the one processed.
Application Gateway is a regional service: Azure Front Door leverages a similar functionality (and much more) globally.
Please, consider review the associated costs of these services.
I am answering my own question to hopefully help others in the same situation. This was simply done using a reverse proxy. This article explains everything you need to set it up - https://ruslany.net/2014/05/using-azure-web-site-as-a-reverse-proxy/
We are trying to build a cloud service on Azure. We have 3 webrole instances running. What are the possible ways to proxy the requests that we get on a webrole to some other webrole.
For Example,
I have the following 2 web roles running: webrole0, webrole1.
I get a request on webrole0. Based on some parameters either webrole0 can serve the request or the request needs to be proxied to webrole1. How do I make this proxying of the request possible?
If you are looking for the path based routing you can go with Azure Application Gateway. If you want to route traffic to web roles based on the request parameters, you need to go with third party NVAs like F5 to check if that satisfies your routing needs.
I have got a Azure AKS cluster running on Azure cloud. It is accessed by frontend and mobile via Azure API Management. My Front end app is outside of the AKS.
Is it possible to use Azure Dev Spaces in this setup to test my changes in the isolated environment?
I've created a new namespace in the AKS and created a separate deployment slot for testing environment on the forntend app, but I can't figure out how to create an isolated routing on Azure API management.
As a result I'd like to have an isolated environment which shares most of the containers on AKS, but uses my local machine to host one service which is under testing at the moment.
I assume you intend to use Dev Spaces routing through a space.s. prefix on your domain name. For this to work, you ultimately need a Host header that includes such a prefix as part of the request to the Dev Spaces ingress controller running in your AKS cluster.
It sounds like in your case, you are running your frontend as an Azure Web App and backend services in AKS. Therefore your frontend would need to include the necessary logic to do one of two things:
Allow the slot instance to customize the space name to use (e.g. it might call the AKS backend services using something like testing.s.default.myservice.azds.io)
Read the Host header from the frontend request and propagate it to the backend request.
In either case, you will probably need to configure Azure API Management to correctly propagate appropriate requests to the testing slot you have created. I don't know enough about how API Management configures routing rules to help on this part, but hopefully I've been able to shed some light on the Dev Spaces part.
I have several app services that I want to use application gateway to sit in front of and route traffic to using URL Routing. For example:
api1-app-service
api2-app-service
website1-app-service
I would like to use the Application Gateway with a custom domain in front of it, and route the traffic like this:
test.app.com/api/something -> api1-app-service
test.app.com/api/different -> api2-app-service
test.app.com/ -> website1-app-service
I setup 3 different backend pools and a url routing rule that looks like this:
rule1 | /api/something* | backendPool1
rule2 | /api/different* | backendPool2
default rule | backendPool3
The problem I am having is that the direction here (https://blogs.msdn.microsoft.com/waws/2017/11/21/setting-up-application-gateway-with-an-app-service-that-uses-azure-active-directory-authentication/) says that the app service has to be setup with the custom domain that you are pointing to the application gateway (test.app.com in my example), but I can't configure test.app.com to go to multiple app services. I get an error that the hostname is already mapped to another app service (which is true, when trying to map to api2-app-service test.app.com is configured to api1-app-service). Is is possible to setup an application gateway in front of multiple app services?
It's possible to setup an application gateway in front of multiple app services.
If you want custom domains with your web app service, you could configure different custom domains in different App services. Probably, if you'd like to use the same custom domain, you could deploy multiple Applications in the same web app service with different virtual paths.
If you do not want custom domains in multiple App Services, you could use the default hostname *.azurewebsites.net. If so, the Application Gateway frontend will direct the client request to different backend pools based on the different routing rules. You could configure for the backend HTTP setting using -PickHostNameFromBackendAddress.
Ref: Hosting multiple sites in one Azure WebApp and create an application gateway with path-based routing rules.
After researching all day, I am fairly sure this isn't possible using just an Application Gateway and app services. I am going to containerize my app and then use the application gateway and see if that does what I want it to.
we have a scenario where we have multiple azure app services where we have our Web APIs deployed . however we need all the app services to use the same domain name (not sub domains) e.g
http://example.com/api1 on one app service and http://example.com/api2 on other app service.
we have looked at using application gateway but it seems that URL rewriting is not supported yet. is there a anyway to achieve this without using third party components?
Thanks
Do you mean URL routing or rewriting (rewriting as in mod_rewrite)?
URL-based routing is fully supported in Azure Application Gateway.