K
Q

Azure VNet ip to Kubernetes Ingress controller

10/28/2019

I have a question regarding assigning an IP from Azure VNET to nginx-ingress loadbalancer. I am a newbie and hence wanted to check if the approach I am thinking is possible.

We are planning to deploy an internal application in Azure Kubernetes. In order to minimise the use of Ips (since our team has a small number of IP addresses allocated through Azure VNET), we have gone for basic networking in AKS and are planning to update the Nginx Loadbalancer with an allocated IP from the Azure VNET.

Will this approach work?

The confusion I have is the AKS cluster I created uses basic networking, and it has automatically created its own VNET and NSG, however, the ip address allocated to us in the company belongs to a different Azure VNET.

The constraint I have is that I want to use a minimal number of IP addresses from our allocated IP range. I will be interested on how others are solving this issue.

Help much appreciated.

-- jack
azure
kubernetes
nginx-ingress

Similar Questions

Update CoreDNS config via configmap
Is there any Python SDK for Kube-batch?
Production Redis cluster with sharding in Kubernetes
Extracting configmaps from services in kubernetes cluster using a spring microservice
Hasicrop vault warning : Readiness probe failed: Key Value Seal Type shamir Initialized true Sealed true Total Shares 5

1 Answer

10/28/2019

If you need to use the address space of an existing VNET, you need to select the Advanced network configuration when deploying the resource and select the existing VNET and subnet.

This way, applications will obtain an IP lease from your VNETs built-in DHCP server.

While there may be ways to facilitate routing to the cluster in the way you have deployed, using VNET peering, it makes for an unnecessarily complex architecture.

EDIT:

If you have no option but to deploy AKS to a different network segment because of IP allocation contraints you should still use the Advanced network option but create a new VNET with an address space which does not overlap with the existing VNET.

For example, if your production VNET address space is 10.0.0.0/8, then you must use an address space which fits inside 192.168.0.0/16 or 172.16.0.0/12 - non-overlapping.

Once this is deployed you must creating a peering between the two VNETs. See https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Once your peering is configured you can create an internal load balancer in the VNET which has the IP contraints and set the backend pool to the AKS load balancer address for your application.

This architecture is merely a workaround for your IP allocation constraints and is not recommended. There are 16m+ IP addresses available in the 10.0.0.0/8 address space. If you are constrained to a single IP address in this space then you either have a gigantic environment or your VNET setup is not optimal or accomodating

-- Architect Jamie
Source: StackOverflow