search

Azure / AKS

Azure Kubernetes Service
https://azure.github.io/AKS/
1.97k stars 310 forks source link

[BUG] Stop/start private AKS cluster got new AKS API IP #4668

Closed slawekww closed 1 day ago

slawekww commented 5 days ago

Describe the bug After starting previously stop private AKS cluster, AKS API is changed. It is problem for Spoke-Hub functionality where firewall rules are defined on specific IP. After starting cluster, users are not able to access AKS API until firewall rule is updated.

AKS cluster settings:

# As part of TF azurerm_kubernetes_cluster resource
private_cluster_enabled = true
private_dns_zone_id = "None"
private_cluster_public_fqdn_enabled = true

  network_profile {
    network_policy = "azure"
    outbound_type  = "userDefinedRouting"

    network_plugin      = "azure"
    network_mode        = "transparent" 
    network_plugin_mode = "overlay"
  }

To Reproduce

  1. Stop AKS cluster
  2. Start AKS cluster
  3. Access AKS API via kubectl

Expected behavior Allow to define specific IP for API service of private AKS or keep it constant for AKS stop/start action.

Environment (please complete the following information):

Additional context Frequent stop/start of cluster (weekly basis) is expected for cost saving.

kevinharing commented 4 days ago

This is not a bug, see here.

slawekww commented 1 day ago

Thanks for reference to doc - I've not found it earlier. I close this issue.