added exposing service over http/https under tutorials

Author: mscatyao

articles/application-gateway/application-gateway-ingress-controller-expose-service-over-http-https.md

@@ -0,0 +1,189 @@
+---
+title: Exposing an AKS service over HTTP or HTTPS using Application Gateway
+description: This article provides information on how to expose an AKS service over HTTP or HTTPS using Application Gateway. 
+services: application-gateway
+author: caya
+ms.service: application-gateway
+ms.topic: article
+ms.date: 10/22/2019
+ms.author: caya
+---
+
+# Tutorials
+
+These tutorials help illustrate the usage of [Kubernetes Ingress Resources](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose an example Kubernetes service through the [Azure Application Gateway](https://azure.microsoft.com/services/application-gateway/) over HTTP or HTTPS.
+
+## Table of Contents
+
+- [Prerequisites](#prerequisites)
+- [Deploy `guestbook` application](#deploy-guestbook-application)
+- [Expose services over HTTP](#expose-services-over-http)
+- [Expose services over HTTPS](#expose-services-over-https)
+  - [Without specified hostname](#without-specified-hostname)
+  - [With specified hostname](#with-specified-hostname)
+- [Integrate with other services](#integrate-with-other-services)
+
+## Prerequisites
+
+- Installed `ingress-azure` helm chart.
+  - [**Greenfield Deployment**](application-gateway-ingress-controller-install-new.md): If you are starting from scratch, refer to these installation instructions which outlines steps to deploy an AKS cluster with Application Gateway and install application gateway ingress controller on the AKS cluster.
+  - [**Brownfield Deployment**](application-gateway-ingress-controller-install-existing.md): If you have an existing AKS cluster and Application Gateway, refer to these instructions to install application gateway ingress controller on the AKS cluster.
+- If you want to use HTTPS on this application, you will need a x509 certificate and its private key.
+
+## Deploy `guestbook` application
+
+The guestbook application is a canonical Kubernetes application that composes of a Web UI frontend, a backend and a Redis database. By default, `guestbook` exposes its application through a service with name `frontend` on port `80`. Without a Kubernetes Ingress Resource the service is not accessible from outside the AKS cluster. We will use the application and setup Ingress Resources to access the application through HTTP and HTTPS.
+
+Follow the instructions below to deploy the guestbook application.
+
+1. Download `guestbook-all-in-one.yaml` from [here](https://raw.githubusercontent.com/kubernetes/examples/master/guestbook/all-in-one/guestbook-all-in-one.yaml)
+1. Deploy `guestbook-all-in-one.yaml` into your AKS cluster by running
+
+  ```bash
+  kubectl apply -f guestbook-all-in-one.yaml
+  ```
+
+Now, the `guestbook` application has been deployed.
+
+## Expose services over HTTP
+
+In order to expose the guestbook application we will using the following ingress resource:
+
+```yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: guestbook
+  annotations:
+    kubernetes.io/ingress.class: azure/application-gateway
+spec:
+  rules:
+  - http:
+      paths:
+      - backend:
+          serviceName: frontend
+          servicePort: 80
+```
+
+This ingress will expose the `frontend` service of the `guestbook-all-in-one` deployment
+as a default backend of the Application Gateway.
+
+Save the above ingress resource as `ing-guestbook.yaml`.
+
+1. Deploy `ing-guestbook.yaml` by running:
+
+    ```bash
+    kubectl apply -f ing-guestbook.yaml
+    ```
+
+1. Check the log of the ingress controller for deployment status.
+
+Now the `guestbook` application should be available. You can check this by visiting the
+public address of the Application Gateway.
+
+## Expose services over HTTPS
+
+### Without specified hostname
+
+Without specifying hostname, the guestbook service will be available on all the host-names pointing to the application gateway.
+
+1. Before deploying ingress, you need to create a kubernetes secret to host the certificate and private key. You can create a kubernetes secret by running
+
+    ```bash
+    kubectl create secret tls <guestbook-secret-name> --key <path-to-key> --cert <path-to-cert>
+    ```
+
+1. Define the following ingress. In the ingress, specify the name of the secret in the `secretName` section.
+
+    ```yaml
+    apiVersion: extensions/v1beta1
+    kind: Ingress
+    metadata:
+      name: guestbook
+      annotations:
+        kubernetes.io/ingress.class: azure/application-gateway
+    spec:
+      tls:
+        - secretName: <guestbook-secret-name>
+      rules:
+      - http:
+          paths:
+          - backend:
+              serviceName: frontend
+              servicePort: 80
+    ```
+
+    *NOTE:* Replace `<guestbook-secret-name>` in the above Ingress Resource with the name of your secret. Store the above Ingress Resource in a file name `ing-guestbook-tls.yaml`.
+
+1. Deploy ing-guestbook-tls.yaml by running
+
+    ```bash
+    kubectl apply -f ing-guestbook-tls.yaml
+    ```
+
+1. Check the log of the ingress controller for deployment status.
+
+Now the `guestbook` application will be available on both HTTP and HTTPS.
+
+### With specified hostname
+
+You can also specify the hostname on the ingress in order to multiplex TLS configurations and services.
+By specifying hostname, the guestbook service will only be available on the specified host.
+
+1. Define the following ingress.
+    In the ingress, specify the name of the secret in the `secretName` section and replace the hostname in the `hosts` section accordingly.
+
+    ```yaml
+    apiVersion: extensions/v1beta1
+    kind: Ingress
+    metadata:
+      name: guestbook
+      annotations:
+        kubernetes.io/ingress.class: azure/application-gateway
+    spec:
+      tls:
+        - hosts:
+          - <guestbook.contoso.com>
+          secretName: <guestbook-secret-name>
+      rules:
+      - host: <guestbook.contoso.com>
+        http:
+          paths:
+          - backend:
+              serviceName: frontend
+              servicePort: 80
+    ```
+
+1. Deploy `ing-guestbook-tls-sni.yaml` by running
+
+    ```bash
+    kubectl apply -f ing-guestbook-tls-sni.yaml
+    ```
+
+1. Check the log of the ingress controller for deployment status.
+
+Now the `guestbook` application will be available on both HTTP and HTTPS only on the specified host (`<guestbook.contoso.com>` in this example).
+
+## Integrate with other services
+
+The following ingress will allow you to add additional paths into this ingress and redirect those paths to other services:
+
+    ```yaml
+    apiVersion: extensions/v1beta1
+    kind: Ingress
+    metadata:
+      name: guestbook
+      annotations:
+        kubernetes.io/ingress.class: azure/application-gateway
+    spec:
+      rules:
+      - http:
+          paths:
+          - path: </other/*>
+            backend:
+              serviceName: <other-service>
+              servicePort: 80
+          - backend:
+              serviceName: frontend
+              servicePort: 80
+    ```

articles/application-gateway/application-gateway-ingress-controller-install-existing.md

@@ -1,6 +1,6 @@
 ---
 title: Creating an ingress controller with an existing Application Gateway 
-description: This article provides an introduction to what Application Gateway Ingress Controller is. 
+description: This article provides information on how to deploy an Application Gateway Ingress Controller with an existing Application Gateway. 
 services: application-gateway
 author: caya
 ms.service: application-gateway
@@ -185,7 +185,7 @@ In the first few steps we install Helm's Tiller on your Kubernetes cluster. Use
 
 1. Check the log of the newly created pod to verify if it started properly
 
-Refer to the [tutorials](../tutorial.md) to understand how you can expose an AKS service over HTTP or HTTPS, to the internet, using an Azure App Gateway.
+Refer to [this how-to guide](application-gateway-ingress-controller-expose-service-over-http-https.md) to understand how you can expose an AKS service over HTTP or HTTPS, to the internet, using an Azure App Gateway.
 
 
 

articles/application-gateway/application-gateway-ingress-controller-install-new.md

@@ -1,6 +1,6 @@
 ---
 title: Creating an ingress controller with a new Application Gateway 
-description: This article provides an introduction to what Application Gateway Ingress Controller is. 
+description: This article provides information on how to deploy an Application Gateway Ingress Controller with a new Application Gateway. 
 services: application-gateway
 author: caya
 ms.service: application-gateway
@@ -22,7 +22,7 @@ We recommend the use of [Azure Cloud Shell](https://shell.azure.com/) for all co
 
 Alternatively, launch Cloud Shell from Azure portal using the following icon:
 
-![Portal launch](../portal-launch-icon.png)
+![Portal launch](./media/portal-launch-icon.png)
 
 Your [Azure Cloud Shell](https://shell.azure.com/) already has all necessary tools. Should you
 choose to use another environment, please ensure the following command line tools are installed:
@@ -292,5 +292,5 @@ kubectl apply -f apsnetapp.yaml
 
 
 ## Other Examples
-The **[tutorials](../tutorial.md)** document contains more examples on how toexpose an AKS
+This [how-to guide](application-gateway-ingress-controller-expose-service-over-http-https.md) contains more examples on how to expose an AKS
 service via HTTP or HTTPS, to the Internet with App Gateway.

articles/application-gateway/application-gateway-ingress-controller-overview.md

@@ -26,7 +26,7 @@ AGIC is configured via the Kubernetes [Ingress resource](http://kubernetes.io/do
 
 ## Next Steps
 
-- [**Greenfield Deployment**](https://docs.microsoft.com/azure/application-gateway/application-gateway-ingress-controller-install-new): Instructions on installing AGIC, AKS and App Gateway on
+- [**Greenfield Deployment**](application-gateway-ingress-controller-install-new.md): Instructions on installing AGIC, AKS and App Gateway on
 blank-slate infrastructure.
-- [**Brownfield Deployment**](https://docs.microsoft.com/azure/application-gateway/application-gateway-ingress-controller-install-existing): Install AGIC on an existing AKS and Application Gateway.
+- [**Brownfield Deployment**](application-gateway-ingress-controller-install-existing.md): Install AGIC on an existing AKS and Application Gateway.
 

articles/application-gateway/media/application-gateway-ingress-controller-install-new/portal-launch-icon.png

@@ -50,11 +50,11 @@ Web applications are increasingly targets of malicious attacks that exploit comm
 For more information, see [Web application firewall (WAF) in Application Gateway](https://docs.microsoft.com/azure/application-gateway/waf-overview).
 
 ## Ingress Controller
-Application Gateway Ingress Controller (AGIC) allows you to use Application Gateway as the ingress for an [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/services/kubernetes-service/) cluster. 
+Application Gateway Ingress Controller (AGIC) allows you to use Application Gateway as the ingress for an [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/services/kubernetes-service/) cluster. 
 
-The ingress controller runs as a pod within the AKS cluster and consumes [Kubernetes Ingress Resources](https://kubernetes.io/docs/concepts/services-networking/ingress/) and converts them to an Application Gateway configuration which allows the gateway to load-balance traffic to the Kuberenetes pods. 
+The ingress controller runs as a pod within the AKS cluster and consumes [Kubernetes Ingress Resources](https://kubernetes.io/docs/concepts/services-networking/ingress/) and converts them to an Application Gateway configuration which allows the gateway to load-balance traffic to the Kuberenetes pods. The ingress controller only supports Application Gateway V2 SKU. 
 
-For more information, see [Application Gateway Ingress Controller (AGIC)](https://docs.microsoft.com/azure/application-gateway/application-gateway-ingress-controller-overview).
+For more information, see [Application Gateway Ingress Controller (AGIC)](application-gateway-ingress-controller-overview.md).
 
 ## URL-based routing
 
@@ -101,12 +101,6 @@ The WebSocket and HTTP/2 protocols enable full duplex communication between a se
 
 For more information, see [WebSocket support](https://docs.microsoft.com/azure/application-gateway/application-gateway-websocket) and [HTTP/2 support](https://docs.microsoft.com/azure/application-gateway/configuration-overview#http2-support).
 
-## Azure Kubernetes Service (AKS) Ingress controller preview 
-
-The Application Gateway Ingress controller runs as a pod within the AKS cluster and allows Application Gateway to act as ingress for an AKS cluster. This is supported with Application Gateway v2 only.
-
-For more information, see [Azure Application Gateway Ingress Controller](https://azure.github.io/application-gateway-kubernetes-ingress/).
-
 ## Connection draining
 
 Connection draining helps you achieve graceful removal of backend pool members during planned service updates. This setting is enabled via the backend http setting and can be applied to all members of a backend pool during rule creation. Once enabled, Application Gateway ensures all de-registering instances of a backend pool do not receive any new request while allowing existing requests to complete within a configured time limit. This applies to both backend instances that are explicitly removed from the backend pool by an API call, and backend instances that are reported as unhealthy as determined by the health probes.

articles/application-gateway/overview.md

@@ -163,6 +163,8 @@
       href: create-custom-waf-rules.md
     - name: Configure WAF with custom rules
       href: configure-waf-custom-rules.md
+  - name: Deploy ingress controller over HTTP/HTTPS
+    href: application-gateway-ingress-controller-expose-service-over-http-https.md
   - name: Route by URL
     items:
     - name: Azure PowerShell