AKS - assigning static IP to the your cluster

 

To setup your kubernetes load balancer service type and tied it into your Azure public IP, you need to ensure

1. the service principal of your kubernetes cluster has Network Contributor access to your MC or node resource group

2. deploy the service yaml with the proper namely, service.beta.kubernetes.io/azure-load-balancer-resource-group and service.beta.kubernetes.io/azure-pip-name.

Assuming you have an existing cluster. Please note when you create your AKS cluster using the portal, you would have been given a public ip address that named with a Guid.

Setting up the network contributor 

We need to get the client_id and MC resource group.

Getting cluster client Id

CLIENT_ID=$(az aks show --name aks-static-cluster --resource-group aks-static-rg  --query identity.principalId --output tsv)

Getting resource id

RG_SCOPE=$(az group show --name MC_aks-static-rg_aks-static-cluster_australiaeast --query id --output tsv)

Assigning the scope 

az role assignment create --assignee ${CLIENT_ID} --role "Network Contributor" --scope ${RG_SCOPE}

Next we have to apply our service.yaml


apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-resource-group: MC_aks-static-rg_aks-static-cluster_australiaeast
    service.beta.kubernetes.io/azure-pip-name: myAKSPublicIP
    # service.beta.kubernetes.io/azure-dns-label-name: test.cloudapp.azure.com
  name: azure-load-balancer
spec:
  type: LoadBalancer
  ports:
  - port: 80
  selector:
    app: azure-load-balancer


And after apply it, I can see that my service is associated to my static IP as shown below:

And you can see more details here.


We can also have more than one service associated to a public ip.


Key annotations for AKS.

The following annotations can be added to the Kubernetes service for the external and internal ingress gateways:

  • service.beta.kubernetes.io/azure-load-balancer-internal-subnet: to bind an internal ingress gateway to a specific subnet.
  • service.beta.kubernetes.io/azure-shared-securityrule: for exposing the ingress gateway through an augmented security rule.
  • service.beta.kubernetes.io/azure-allowed-service-tags: for specifying which service tags the ingress gateway can receive requests from.
  • service.beta.kubernetes.io/azure-load-balancer-ipv4: for configuring a static IPv4 address.
  • service.beta.kubernetes.io/azure-load-balancer-resource-group: for specifying the resource group of a public IP in a different resource group from the cluster.
  • service.beta.kubernetes.io/azure-pip-name: for specifying the name of a public IP address.


Comments

Post a Comment

Popular posts from this blog

The specified initialization vector (IV) does not match the block size for this algorithm

Image
If you're getting  exception when trying to assigned key to a symmetric key and getting error message below :- The specified initialization vector (IV) does not match the block size for this algorithm And your code probably look like something below :- Then you need to go into debug mode and start looking into the supported size for IV as shown in diagram below :- As you can see, IV is 16 bytes, so you need to provide 16 bytes. The same goes for Key field too, if you're adding anything to it. As long as you provide a valid key size, then we're good and you're code will be ready.
Read more