Merge pull request #252625 from schaffererin/dnsannotationpublicipaks

American-Dipper · web-flow · commit 014544e5a2eb · 2023-09-22T13:32:28.000-07:00
Updated incorrect documentation per GitHub issue
diff --git a/articles/aks/static-ip.md b/articles/aks/static-ip.md
@@ -19,19 +19,26 @@ This article shows you how to create a static public IP address and assign it to
 
 ## Before you begin
 
-* This article assumes that you have an existing AKS cluster. If you need an AKS cluster, see the AKS quickstart [using the Azure CLI][aks-quickstart-cli], [using Azure PowerShell][aks-quickstart-powershell], or [using the Azure portal][aks-quickstart-portal].
 * You need the Azure CLI version 2.0.59 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
 * This article covers using a *Standard* SKU IP with a *Standard* SKU load balancer. For more information, see [IP address types and allocation methods in Azure][ip-sku].
 
-## Create a static IP address
+## Create an AKS cluster
+
+1. Create an Azure resource group using the [`az group create`][az-group-create] command.
+
+    ```azurecli-interactive
+    az group create --name myNetworkResourceGroup --location eastus
+    ```
 
-1. Create a resource group for your IP address
+2. Create an AKS cluster using the [`az aks create`][az-aks-create] command.
 
     ```azurecli-interactive
-    az group create --name myNetworkResourceGroup
+    az aks create --name myAKSCluster --resource-group myNetworkResourceGroup --generate-ssh-keys
     ```
 
-2. Use the [`az network public ip create`][az-network-public-ip-create] command to create a static public IP address. The following example creates a static IP resource named *myAKSPublicIP* in the *myNetworkResourceGroup* resource group.
+## Create a static IP address
+
+1. Create a static public IP address using the [`az network public ip create`][az-network-public-ip-create] command.
 
     ```azurecli-interactive
     az network public-ip create \
@@ -44,19 +51,25 @@ This article shows you how to create a static public IP address and assign it to
     > [!NOTE]
     > If you're using a *Basic* SKU load balancer in your AKS cluster, use *Basic* for the `--sku` parameter when defining a public IP. Only *Basic* SKU IPs work with the *Basic* SKU load balancer and only *Standard* SKU IPs work with *Standard* SKU load balancers.
 
-3. After you create the static public IP address, use the [`az network public-ip list`][az-network-public-ip-list] command to get the IP address. Specify the name of the node resource group and public IP address you created, and query for the *ipAddress*.
+2. Get the name of the node resource group using the [`az aks show`][az-aks-show] command and query for the `nodeResourceGroup` property.
+
+    ```azurecli-interactive
+    az aks show --name myAKSCluster --resource-group myNetworkResourceGroup --query nodeResourceGroup -o tsv
+    ```
+
+3. Get the static public IP address using the [`az network public-ip list`][az-network-public-ip-list] command. Specify the name of the node resource group and public IP address you created, and query for the `ipAddress`.
 
     ```azurecli-interactive
-    az network public-ip show --resource-group myNetworkResourceGroup --name myAKSPublicIP --query ipAddress --output tsv
+    az network public-ip show --resource-group <node resource group> --name myAKSPublicIP --query ipAddress --output tsv
     ```
 
 ## Create a service using the static IP address
 
-1. Before creating a service, use the [`az role assignment create`][az-role-assignment-create] command to ensure the cluster identity used by the AKS cluster has delegated permissions to the node resource group.
+1. Ensure the cluster identity used by the AKS cluster has delegated permissions to the node resource group using the [`az role assignment create`][az-role-assignment-create] command.
 
     ```azurecli-interactive
-    CLIENT_ID=$(az aks show --name <cluster name> --resource-group <cluster resource group> --query identity.principalId -o tsv)
-    RG_SCOPE=$(az group show --name myNetworkResourceGroup --query id -o tsv)
+    CLIENT_ID=$(az aks show --name myAKSCluster --resource-group myNetworkResourceGroup --query identity.principalId -o tsv)
+    RG_SCOPE=$(az group show --name <node resource group> --query id -o tsv)
     az role assignment create \
         --assignee ${CLIENT_ID} \
         --role "Network Contributor" \
@@ -69,79 +82,78 @@ This article shows you how to create a static public IP address and assign it to
 2. Create a file named `load-balancer-service.yaml` and copy in the contents of the following YAML file, providing your own public IP address created in the previous step and the node resource group name.
 
     > [!IMPORTANT]
-    > Adding the `loadBalancerIP` property to the load balancer YAML manifest is deprecating following [upstream Kubernetes](https://github.com/kubernetes/kubernetes/pull/107235). While current usage remains the same and existing services are expected to work without modification, we **highly recommend setting service annotations** instead. To set service annotations, you can use `service.beta.kubernetes.io/azure-load-balancer-ipv4` for an IPv4 address and `service.beta.kubernetes.io/azure-load-balancer-ipv6` for an IPv6 address.
+    > Adding the `loadBalancerIP` property to the load balancer YAML manifest is deprecating following [upstream Kubernetes](https://github.com/kubernetes/kubernetes/pull/107235). While current usage remains the same and existing services are expected to work without modification, we **highly recommend setting service annotations** instead. To set service annotations, you can use `service.beta.kubernetes.io/azure-load-balancer-ipv4` for an IPv4 address and `service.beta.kubernetes.io/azure-load-balancer-ipv6` for an IPv6 address, as shown in the example YAML.
 
     ```yaml
     apiVersion: v1
     kind: Service
     metadata:
       annotations:
-        service.beta.kubernetes.io/azure-load-balancer-resource-group: myNetworkResourceGroup
+        service.beta.kubernetes.io/azure-load-balancer-resource-group: <node resource group>
+        service.beta.kubernetes.io/azure-load-balancer-ipv4: <public IP address>
       name: azure-load-balancer
     spec:
-      loadBalancerIP: 40.121.183.52
       type: LoadBalancer
       ports:
       - port: 80
       selector:
         app: azure-load-balancer
     ```
 
-3. Use the `kubectl apply` command to create the service and deployment.
+3. Set a public-facing DNS label to the service using the `service.beta.kubernetes.io/azure-dns-label-name` service annotation. This publishes a fully qualified domain name (FQDN) for your service using Azure's public DNS servers and top-level domain. The annotation value must be unique within the Azure location, so we recommend you use a sufficiently qualified label. Azure automatically appends a default suffix in the location you selected, such as `<location>.cloudapp.azure.com`, to the name you provide, creating the FQDN.
 
-    ```console
-    kubectl apply -f load-balancer-service.yaml
+    > [!NOTE]
+    > If you want to publish the service on your own domain, see [Azure DNS][azure-dns-zone] and the [external-dns][external-dns] project.
+  
+    ```yaml
+    apiVersion: v1
+    kind: Service
+    metadata:
+      annotations:
+        service.beta.kubernetes.io/azure-load-balancer-resource-group: <node resource group>
+        service.beta.kubernetes.io/azure-load-balancer-ipv4: <public IP address>
+        service.beta.kubernetes.io/azure-dns-label-name: <unique-service-label>
+      name: azure-load-balancer
+    spec:
+      type: LoadBalancer
+      ports:
+      - port: 80
+      selector:
+        app: azure-load-balancer
     ```
 
-## Apply a DNS label to the service
-
-If your service uses a dynamic or static public IP address, you can use the `service.beta.kubernetes.io/azure-dns-label-name` service annotation to set a public-facing DNS label. This publishes a fully qualified domain name (FQDN) for your service using Azure's public DNS servers and top-level domain. The annotation value must be unique within the Azure location, so it's recommended to use a sufficiently qualified label. Azure automatically appends a default suffix in the location you selected, such as `<location>.cloudapp.azure.com`, to the name you provide, creating the FQDN.
-
-```yaml
-apiVersion: v1
-kind: Service
-metadata:
-  annotations:
-    service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel
-  name: azure-load-balancer
-spec:
-  type: LoadBalancer
-  ports:
-  - port: 80
-  selector:
-    app: azure-load-balancer
-```
+4. Create the service and deployment using the `kubectl apply` command.
 
-To see the DNS label for your load balancer, run the following command:
+    ```console
+    kubectl apply -f load-balancer-service.yaml
+    ```
 
-```console
-kubectl describe service azure-load-balancer
-```
+5. To see the DNS label for your load balancer, use the `kubectl describe service` command.
 
-The DNS label will be listed under the `Annotations`, as shown in the following condensed example output:
+    ```console
+    kubectl describe service azure-load-balancer
+    ```
 
-```console
-Name:                    azure-load-balancer
-Namespace:               default
-Labels:                  <none>
-Annotations:             service.beta.kuberenetes.io/azure-dns-label-name: myserviceuniquelabel
-...
-```
+    The DNS label will be listed under the `Annotations`, as shown in the following condensed example output:
 
-> [!NOTE]
-> To publish the service on your own domain, see [Azure DNS][azure-dns-zone] and the [external-dns][external-dns] project.
+    ```output
+    Name:                    azure-load-balancer
+    Namespace:               default
+    Labels:                  <none>
+    Annotations:             service.beta.kuberenetes.io/azure-dns-label-name: <unique-service-label>
+    ```
 
 ## Troubleshoot
 
-If the static IP address defined in the *loadBalancerIP* property of the Kubernetes service manifest doesn't exist or hasn't been created in the node resource group and there are no additional delegations configured, the load balancer service creation fails. To troubleshoot, review the service creation events using the [`kubectl describe`][kubectl-describe] command. Provide the name of the service specified in the YAML manifest, as shown in the following example:
+If the static IP address defined in the `loadBalancerIP` property of the Kubernetes service manifest doesn't exist or hasn't been created in the node resource group and there are no other delegations configured, the load balancer service creation fails. To troubleshoot, review the service creation events using the [`kubectl describe`][kubectl-describe] command. Provide the name of the service specified in the YAML manifest, as shown in the following example:
 
 ```console
 kubectl describe service azure-load-balancer
 ```
 
-The output will show you information about the Kubernetes service resource. The following example output shows a `Warning` in the `Events`: "`user supplied IP address was not found`." In this scenario, make sure you've created the static public IP address in the node resource group and that the IP address specified in the Kubernetes service manifest is correct.
+The output shows you information about the Kubernetes service resource. The following example output shows a `Warning` in the `Events`: "`user supplied IP address was not found`." In this scenario, make sure you created the static public IP address in the node resource group and that the IP address specified in the Kubernetes service manifest is correct.
 
-```console
+```output
 Name:                     azure-load-balancer
 Namespace:                default
 Labels:                   <none>
@@ -165,7 +177,7 @@ Events:
 
 ## Next steps
 
-For additional control over the network traffic to your applications, you may want to [create an ingress controller][aks-ingress-basic]. You can also [create an ingress controller with a static public IP address][aks-static-ingress].
+For more control over the network traffic to your applications, you may want to [create an ingress controller][aks-ingress-basic]. You can also [create an ingress controller with a static public IP address][aks-static-ingress].
 
 <!-- LINKS - External -->
 [kubectl-describe]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#describe
@@ -177,10 +189,9 @@ For additional control over the network traffic to your applications, you may wa
 [az-network-public-ip-list]: /cli/azure/network/public-ip#az_network_public_ip_list
 [aks-ingress-basic]: ingress-basic.md
 [aks-static-ingress]: ingress-static-ip.md
-[aks-quickstart-cli]: ./learn/quick-kubernetes-deploy-cli.md
-[aks-quickstart-portal]: ./learn/quick-kubernetes-deploy-portal.md
-[aks-quickstart-powershell]: ./learn/quick-kubernetes-deploy-powershell.md
 [install-azure-cli]: /cli/azure/install-azure-cli
 [ip-sku]: ../virtual-network/ip-services/public-ip-addresses.md#sku
 [az-role-assignment-create]: /cli/azure/role/assignment#az-role-assignment-create
 [az-aks-show]: /cli/azure/aks#az-aks-show
+[az-aks-create]: /cli/azure/aks#az-aks-create
+[az-group-create]: /cli/azure/group#az-group-create
