Tazmaniac
commented
8 months ago For those daring enough to test my setup, your cluster must use load-balancer-backend-pool-type nodeIP for fully functional managed aks internal load balancer. Otherwise, the VMSS manual setup will conflict with it.
In the proposed "userAssignedLoadbalancer" outbound mode, if the AKS engine use the LB nodeIP mode to inject the configuration directly in the nodepool provided "loadBalancerBackendAddressPools" properties (a list of LB backend pools to inject the nodeIP to) the VMSS engine will not need to be involved. load-balancer-backend-pool-type nodeIP could be a hard requirement for the functionality to simplify it implementation.
microsoft-github-policy-service[bot]
Is your feature request related to a problem? Please describe. We would like to be able to select which outbound IP(s) are used inside our distributed application.
Describe the solution you'd like One very simple, elegant and effective possibility is to use one IP/list_of_IP/subnet per K8S nodepool. The application schedule with IP(s) to use for witch workload/usage by scheduling pods on the proper nodepool, or pods could select tasks requiring a specific IP address to use in a message bus by filtering messages based on the pool they are running on. Or many other possibilities.
To achieve that, you simply need
The usage of these new nodepool properties could be subject/conditioned by a new outbound mode "userAssignedLoadbalancer", but it already work today and is just missing this trivial property plumbing between AKS orchestrator engine and the VMSS one. See below. The functionality could be restricted to apiserver-vnet-integrated cluster to simplify things as the outbound path is not need by the nodes to contact their API servers in this case.
Describe alternatives you've considered I have this setup running, but build/maintained in a very inelegant/fragile way:
All scaling up/down operations on the nodepools work without disruption. Start/Stop of the K8S cluster work as intended too.
But for all upgrade/re-imaging/... of K8S (and so VMSS) you need to stop your workload, re-assing the NATgateway to your K8S subnet, do the upgrade, re-set the VMSS loadBalancerBackendAddressPools, disassociate the NAT gateway, restore the workload. Automatic upgrades are prohibited.