AKS using Internal endpoint for communication

7/12/2019

I know we can set up application with internal or external ip address using load balancer. If I use external Ip address I can reserve it in Azure beforehand as public. Now my question is what if I don't want that ip address to be visible from outside the cluster ?

Configuration for internal ip address in kubernetes yaml would be:

apiVersion: v1
kind: Service
metadata:
  name: internal-app
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
  loadBalancerIP: 10.240.1.90
  type: LoadBalancer
  ports:
  - port: 80
  selector:
    app: internal-app

Now I've read that the specified IP address must reside in the same subnet as the AKS cluster and must not already be assigned to a resource.

If I have ip address for my aks agentpool set up as X.X.0.0/16 and I use for example X.X.0.1 as Ip address for my internal load balancer I'm getting error: 'Private IP address is in reserved subnet range'

I see I also have something like internal endpoints in AKS. Can those be used for internal application-to-application communication ?

I'm just looking for any way for my apps to talk with each other internally with out exposing them to outside world. Also I'd like for that to be repeatable that means that something like dynamic ip addresses wouldn't be too good. I need the set up to be repeatable so I don't have to change all of the apps internal settings every time Ip address changes accidentally.

-- Mateusz MigaƂa
azure-devops
kubernetes

1 Answer

7/12/2019

Easiest solution is just to use a service of type ClusterIP. it would create a virtual IP address inside the cluster that your apps can use to reach each other. You can also use the dns name of the service to reach it:

service-name.namespace.svc.cluster.local

from any pod inside kubernetes. either of these ways you dont have to care about ip addresses at all, kubernetes manages them

-- 4c74356b41
Source: StackOverflow