kubernetes kubernetes-ingress azure-aks azure-application-gateway

App Gateway(AGIC) not pointing to service instead pointing to pods in the AKS

I am trying out AGIC, Previously, we have APIM premium with services deployed in AKS with internal loadbalancer and APIM can communicate with it directly because of VNet integration. My current setup is I am have a deployment with two pods and a service with internal load balancer(I dont think its required) and an Ingress path for the service. I was assuming that when I deploy the yaml file it will create a backendpool in App gateway with the IP of the service instead the ingress created the IP of the pods and added two IP, obviously I have two pods. I wanted to know,

If we need service with internal loadbalancer or just service with default exposure of clusterip.
Currently, my dotnet application is exposing port 8080, and the service was exposing 8000. since AGIC is directly pointing to pods, the service and the pods should expose the same ports?
if its going to add the pod's IP directly how it will work incase of autoscale it will add/remove the pods ip as and when it happens ?

I wasn going through app gateway documentation, I couldnt fetch much information from there.

sample deployment yaml file

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sampleservice-deployment
  labels:
    app: sampleservice
spec:
  replicas: 2
  selector:
    matchLabels:
      app: sampleservice
  template:
    metadata:
      labels:
        app: sampleservice
    spec:
      containers:
        - name: sampleapi
          image: #{containerRepo}#/samplesvc:#{tag}#
          imagePullPolicy: Always
          ports:
            - containerPort: 8080
              protocol: TCP
          resources:
            requests:
              cpu: #{hpa_samplesvc_requestedcpu}#
            limits:
              cpu: #{hpa_samplesvc_maxcpulimit}#
---
apiVersion: v1
kind: Service
metadata:
  name: samplesvc
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
  labels:
    app: samplesvc
spec:
  ports:
    - name: http-port
      port: 8080
      protocol: TCP
      targetPort: 8080
  selector:
    app: sampleservice
  type: LoadBalancer
---
apiVersion: autoscaling/v2
<not relevant>
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sampleingress
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
spec:
  rules:
  - http:
      paths:
      - path: /sample-path
        backend:
          service:
            name: samplesvc
            port:
              number: 8080
        pathType: Exact

here is deployment.yaml

Solution

To answer your questions directly:-

-> Just have a service with default exposure of clusterIP
-> Both the Service and Pods should have the same Port as it is being configured for individual paths in the ingress YAML file
-> As and when your deployment scales when the new pods comes up with IPs, those IPs will be added directly to the Backend pools of AG.

Basically there will be a AGIC pod which gets deployed and the main purpose of that pod is to monitor the changes and reflect back

More information:

The Ingress Controller runs in its own pod on the customer’s AKS. AGIC monitors a subset of Kubernetes Resources for changes. The state of the AKS cluster is translated to Application Gateway specific configuration and applied to the Azure Resource Manager (ARM).