Hi!
You are right, using an ARM template to provision the blob storage and key vault would be the better choice. Back then I did not had a final production-ready deployment ready.

Regarding Azure Application Gateway: I did not use it with AKS so far. But there is a Terraform provider available -> https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html

Also, there is a new Ingress Controller which integrates with the Application Gateway very nicely. For me, this is the perfect fit because you then can store the definitions with your application deployment code -> https://github.com/Azure/application-gateway-kubernetes-ingress