0

I have an Azure Kubernetes Service cluster and created a public IP address via:

az network public-ip create --resource-group MC_myResourceGroup_myAKSCluster_eastus --name myAKSPublicIP --sku Standard --allocation-method static --query publicIp.ipAddress -o tsv

I created the ingress controller via:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml

To try and add the IP address to the ingress-controller, I tried following this tutorial, but since I have not installed the ingress controller via helm it does not seem to be working.

An important note is that, without the Azure IP address, the ingress controller does work, but I want to create a static IP so that it does not get delete when the ingress controller gets deleted.

Update:

I followed @silent's advice by:

  1. Going to: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
  2. Copying the yaml code and pasting it in a file
  3. Adding the lines @silent provided in the following piece from the yaml:
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /healthz
    service.beta.kubernetes.io/azure-load-balancer-ipv4: <Azure-IP>
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.1
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  externalTrafficPolicy: Local
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - appProtocol: http
    name: http
    port: 80
    protocol: TCP
    targetPort: http
  - appProtocol: https
    name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: LoadBalancer

When I apply the file without the annotations @silent provided, it works, but of course with a random IP address. When I add the annotations, the service's EXTERNAL-IP will remain <PENDING>.

Jens Voorpyl
  • 30
  • 6

1 Answers1

1

You just need to adjust your yaml file and set the IP address of the service (through annotations, as this is the currently recommended way):

Should be this one

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /healthz
    service.beta.kubernetes.io/azure-load-balancer-ipv4: 1.2.3.4 # <-- here put your ip
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.1
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  externalTrafficPolicy: Local
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - appProtocol: http
    name: http
    port: 80
    protocol: TCP
    targetPort: http
  - appProtocol: https
    name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: LoadBalancer
silent
  • 14,494
  • 4
  • 46
  • 86
  • I added the two lines you suggested, but the service's EXTERNAL-IP remains . I updated my post with details. Also, I was wondering where you found these annotations. I cannot seem to find these anywhere. – Jens Voorpyl Aug 09 '23 at 09:47
  • @JensVoorpyl here you go. make sure your role assignments are in order https://learn.microsoft.com/en-us/azure/aks/static-ip#create-a-service-using-the-static-ip-address – silent Aug 09 '23 at 09:50
  • the link says "Before creating a service, use the az role assignment create command to ensure the cluster identity used by the AKS cluster has delegated permissions to the node resource group." Does this refer to the role I have while creating the public IP address? Because I already succeeded in creating this IP address (I have a contributor role), but I am not authorized to use "az role assignment create". – Jens Voorpyl Aug 09 '23 at 10:05
  • its not about what role you have. But the AKS cluster identity needs to have permission to make changes on the IP address resource – silent Aug 09 '23 at 11:16