You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: azure-stack/user/kubernetes-aks-engine-custom-vnet.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ ms.lastreviewed: 04/14/2022
15
15
16
16
# Deploy a Kubernetes cluster to a custom virtual network on Azure Stack Hub
17
17
18
-
You can deploy a Kubernetes cluster using the Azure Kubernetes Service (AKS) engine on a custom virtual network. This article looks at finding the information you need in your virtual network. You can find steps for calculating the IP addresses used by your cluster, setting the vales in the API Model, and setting the route table and network security group.
18
+
You can deploy a Kubernetes cluster using the Azure Kubernetes Service (AKS) engine on a custom virtual network. This article describes how to find the information you need in your virtual network. The article contains steps for calculating the IP addresses used by your cluster, setting the vales in the API Model, and setting the route table and network security group.
19
19
20
20
The Kubernetes cluster in Azure Stack Hub using the AKS engine uses the kubenet network plugin. The AKS engine on Azure Stack Hub also supports the Azure CNI network plugin.
21
21
@@ -58,20 +58,20 @@ When you create a custom virtual network, you specify the IP address space of yo
58
58
- Overlapping address spaces might result in IP address clashes or communication errors. To reduce the risk of overlapping IP addresses, choose a unique address space for your new virtual network.
59
59
- Address spaces in the `10/8`, `172.16/12`, and `192.168/16` ranges often are used for private networks, and they might be used by your existing datacenter infrastructure. If your Kubernetes applications use resources in your datacenter, reduce the risk of clashes by choosing an address space for your custom virtual network that's different from your datacenter's address space.
60
60
- We recommend that you use a dedicated subnet for your Kubernetes cluster.
61
-
- If you use multiple existing virtual networks consider using different address spaces on each network if you intend to use virtual network peering. Overlapping address spaces can impair your ability to enable peering.
61
+
- If you use multiple existing virtual networks, consider using different address spaces on each network if you intend to use virtual network peering. Overlapping address spaces can impair your ability to enable peering.
62
62
63
63
## Get the IP address blocks
64
64
65
65
The AKS engine supports deployment on an existing virtual network. When deployed on an existing virtual network, your cluster uses blocks of consecutive addresses for agent nodes, control plane nodes, cluster services, and containers (pods). Each address block can be translated into a subnet within the virtual network. All address blocks in the cluster deployment must be a part of the overall virtual network address space. Choosing address blocks outside of the virtual network address space may result in connectivity problems.
66
66
67
67
A minimum of three address blocks are required when setting up a Kubernetes cluster:
68
68
69
-
- Nodes address block: The address block used for assigning addresses to the cluster nodes. This can be a single address block for all cluster nodes or can be separate blocks (subnets) for control plane and agent pools. Take into consideration the node count in your cluster when selecting the address range for this block. For Azure CNI, nodes and containers get their addresses from the same address block thus take into account the number of containers you want to deploy to your cluster when choosing the address range when using Azure CNI.
70
-
- Services address block: The address block from which services deployed to the Kubernetes cluster will get their cluster address from. Take into consideration the maximum number of services you intend to run in your cluster when selecting the address range for this block.
71
-
- Cluster address block: The address block from which pods will get their cluster address. Take into consideration the maximum number of pods you intend to run in your cluster when selecting the address range for this block. As mention earlier, for Azure CNI the cluster and nodes address blocks are the same.
69
+
- Nodes address block: The address block used for assigning addresses to the cluster nodes. This value can be a single address block for all cluster nodes, or can be separate blocks (subnets) for control plane and agent pools. Take into consideration the node count in your cluster when selecting the address range for this block. For Azure CNI, nodes and containers get their addresses from the same address block thus take into account the number of containers you want to deploy to your cluster when choosing the address range when using Azure CNI.
70
+
- Services address block: The address block from which services deployed to the Kubernetes cluster get their cluster address from. Take into consideration the maximum number of services you intend to run in your cluster when selecting the address range for this block.
71
+
- Cluster address block: The address block from which pods get their cluster address. Take into consideration the maximum number of pods you intend to run in your cluster when selecting the address range for this block. As mention earlier, for Azure CNI the cluster and nodes address blocks are the same.
72
72
73
-
In addition to the address blocks, for control plane nodes you will need to set two more values. You will need to know the number of IP addresses you will need to reserve for your cluster, and the first consecutive static IP within the subnet IP space.
74
-
AKS engine requires a range of up to 16 unused IP addresses when you use multiple control plane nodes. The cluster will use one IP address for each control plane up to five control plane nodes. AKS engine will also require the next 10 IP address after the last control plane node for headroom IP address reservation. Finally, another IP address will be used by the load balancer after the control plane nodes and headroom reservation, for a total of 16.
73
+
In addition to the address blocks, for control plane nodes you must set two more values. You need to know the number of IP addresses to reserve for your cluster, and the first consecutive static IP within the subnet IP space.
74
+
AKS engine requires a range of up to 16 unused IP addresses when you use multiple control plane nodes. The cluster uses one IP address for each control plane up to five control plane nodes. AKS engine also requires the next 10 IP address after the last control plane node for headroom IP address reservation. Finally, another IP address is used by the load balancer after the control plane nodes and headroom reservation, for a total of 16.
75
75
When placing your block of IP addresses, the subnet requires the following allocations of the existing IP addresses:
76
76
77
77
- The first four IP addresses and the last IP address are reserved and can't be used in any Azure subnet.
@@ -131,21 +131,21 @@ In **masterProfile**, set the following values:
131
131
132
132
| Field | Example | Description |
133
133
| --- | --- | --- |
134
-
| vnetSubnetId |`/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/MDBN-K8S/providers/Microsoft.Network/virtualNetworks/MDBN-K8S/subnets/control-plane-sn`| Specify the Azure Resource Manager path ID the subnet. This value maps to the control plane nodes address block above. |
134
+
| vnetSubnetId |`/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/MDBN-K8S/providers/Microsoft.Network/virtualNetworks/MDBN-K8S/subnets/control-plane-sn`| Specify the Azure Resource Manager path ID the subnet. This value maps to the control plane nodes address block. |
135
135
| firstConsecutiveStaticIP | 10.100.0.239 | Assign to the `firstConsecutiveStaticIP` configuration property an IP address that is near the *end* of the available IP address space in the desired subnet. `firstConsecutiveStaticIP` only applies to the control plane node pool. |
136
136
137
137
In **agentPoolProfiles** set the following values:
138
138
139
139
| Field | Example | Description |
140
140
| --- | --- | --- |
141
-
| vnetSubnetId |`/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/MDBN-K8S/providers/Microsoft.Network/virtualNetworks/MDBN-K8S/subnets/agents-sn`| Specify the Azure Resource Manager path ID the subnet. This value maps to the agent nodes address block above. |
141
+
| vnetSubnetId |`/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/MDBN-K8S/providers/Microsoft.Network/virtualNetworks/MDBN-K8S/subnets/agents-sn`| Specify the Azure Resource Manager path ID the subnet. This value maps to the agent nodes address block. |
142
142
143
143
In **orchestratorProfile**, find **kubernetesConfig** and set the following value:
144
144
145
145
| Field | Example | Description |
146
146
| --- | --- | --- |
147
-
| clusterSubnet |`10.100.128.0/17`| The IP subnet used for allocating IP addresses for pod network interfaces. This value maps to the cluster address block above. The subnet must be in the VNET address space. With Azure CNI enabled, the default value is 10.240.0.0/12. Without Azure CNI, the default value is 10.244.0.0/16. Use /16 instead /24 subnet. If you use /24, this subnet will be assigned to one node only. Other node will not get POD network assigned, as you will have run out of the IP space, so they will be not ready in the cluster. |
148
-
| serviceCidr |`10.100.16.0/20`|The IP subnet used for allocating IP addresses for services deployed in the cluster. This value maps to the cluster services block above. |
147
+
| clusterSubnet |`10.100.128.0/17`| The IP subnet used for allocating IP addresses for pod network interfaces. This value maps to the cluster address block. The subnet must be in the VNET address space. With Azure CNI enabled, the default value is 10.240.0.0/12. Without Azure CNI, the default value is 10.244.0.0/16. Use /16 instead /24 subnet. If you use /24, this subnet is assigned to one node only. The other node doesn't get a POD network assigned, as you ran out of the IP space, so they are not ready in the cluster. |
148
+
| serviceCidr |`10.100.16.0/20`|The IP subnet used for allocating IP addresses for services deployed in the cluster. This value maps to the cluster services block. |
149
149
| dnsServiceIP |`10.100.16.10`| The IP address to be assigned to the cluster DNS service. The address must come from the serviceCidr subnet. This value must be set when specifying the serviceCidr. The default value is the .10 address of the serviceCidr subnet. |
0 commit comments