Add documentation for OSM and AGIC ingress

nshankar13 · nshankar13 · commit e2ad6cea4274 · 2022-08-10T12:06:38.000-04:00
Signed-off-by: nshankar13 &lt;nshankar@microsoft.com&gt;
diff --git a/articles/aks/open-service-mesh-integrations.md b/articles/aks/open-service-mesh-integrations.md
@@ -15,9 +15,129 @@ The Open Service Mesh (OSM) add-on integrates with features provided by Azure as
 
 ## Ingress
 
-Ingress allows for traffic external to the mesh to be routed to services within the mesh. With OSM, you can configure most ingress solutions to work with your mesh, but OSM works best with [Web Application Routing][web-app-routing], [NGINX ingress][osm-nginx], or [Contour ingress][osm-contour]. Open source projects integrating with OSM, including NGINX ingress and Contour ingress, aren't covered by the [AKS support policy][aks-support-policy].
+Ingress allows for traffic external to the mesh to be routed to services within the mesh. With OSM, you can configure most ingress solutions to work with your mesh, but OSM works best with [Web Application Routing][web-app-routing], [NGINX ingress][osm-nginx], or [Contour ingress][osm-contour]. Open source projects integrating with OSM are not covered by the [AKS support policy][aks-support-policy]. 
 
-Using [Azure Gateway Ingress Controller (AGIC)][agic] for ingress with OSM isn't supported and not recommended.
+At this time,  [Azure Gateway Ingress Controller (AGIC)][agic] only works for HTTP backends. If you configure OSM to use AGIC, AGIC will not be used for other backends such as HTTPS and mTLS. 
+
+### Using the Azure Gateway Ingress Controller (AGIC) with the OSM add-on for HTTP ingress
+
+> [!IMPORTANT]
+> You can't configure [Azure Gateway Ingress Controller (AGIC)][agic] for HTTPS ingress. 
+
+After installing the AGIC ingress controller, create a namespace for the application service, add it to the mesh using the OSM CLI, and deploy the application service to that namespace:
+
+```console
+# Create a namespace
+kubectl create ns httpbin
+
+# Add the namespace to the mesh
+osm namespace add httpbin
+
+# Deploy the application
+
+export RELEASE_BRANCH=release-v1.2
+kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/$RELEASE_BRANCH/manifests/samples/httpbin/httpbin.yaml -n httpbin
+```
+
+Verify that the pods are up and running, and have the envoy sidecar injected:
+
+```console
+kubectl get pods -n httpbin
+```
+
+Example output: 
+
+```console
+NAME                      READY   STATUS    RESTARTS   AGE
+httpbin-7c6464475-9wrr8   2/2     Running   0          6d20h
+```
+
+```console
+kubectl get svc -n httpbin
+```
+
+Example output:
+
+```console
+NAME      TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)     AGE
+httpbin   ClusterIP   10.0.92.135   <none>        14001/TCP   6d20h
+```
+
+Next, deploy the following `Ingress` and `IngressBackend` configurations to allow external clients to access the `httpbin` service on port `14001`.
+
+```console
+kubectl apply -f <<EOF
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: httpbin
+  namespace: httpbin
+  annotations:
+    kubernetes.io/ingress.class: azure/application-gateway
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: httpbin
+            port:
+              number: 14001
+---
+kind: IngressBackend
+apiVersion: policy.openservicemesh.io/v1alpha1
+metadata:
+  name: httpbin
+  namespace: httpbin
+spec:
+  backends:
+  - name: httpbin
+    port:
+      number: 14001 # targetPort of httpbin service
+      protocol: http
+  sources:
+  - kind: IPRange
+    name: 10.0.0.0/8
+EOF
+```
+
+Ensure that both the Ingress and IngressBackend objects have been successfully deployed: 
+
+```console
+kubectl get ingress -n httpbin
+```
+
+Example output: 
+
+```console
+NAME      CLASS    HOSTS   ADDRESS         PORTS   AGE
+httpbin   <none>   *       20.85.173.179   80      6d20h
+```
+
+```console
+kubectl get ingressbackend -n httpbin
+```
+
+Example output: 
+
+```console
+NAME      STATUS
+httpbin   committed
+```
+
+Use `kubectl` to display the external IP address of the ingress service.
+```console
+kubectl get ingress -n httpbin
+```
+
+Use `curl` to verify you can access the `httpbin` service using the external IP address of the ingress service.
+```console
+curl -sI http://<external-ip>/get
+```
+
+Confirm you receive a response with `status 200`. 
 
 ## Metrics observability
 
