Azure-docs: Example on how to use internal load balancer and delete the public default load balancer

Created on 5 Feb 2020  Â·  12Comments  Â·  Source: MicrosoftDocs/azure-docs

This article https://docs.microsoft.com/en-us/azure/aks/internal-lb explains well about how to create the internal load balancer.

I would like to request a couple of sections as below.

  1. How to delete the default public load balancer that was created when creating the AKS cluster? If we follow this article, we ended up having two load balancers. I think the public load balancer is hosting the Kubernetes API and etc. I am not sure how to move them to the private load balancer.

2. How to deploy the service to use the internal load balancer instead of the default one?
Updated: It seems like you need to put the annotations on your service.
e.g.

apiVersion: v1
kind: Service
metadata:
   name: mvc-service
   annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
 ports:
   - name: http-port
     port: 80
     targetPort: 80
 selector:
   app: mswebmvc
 type: LoadBalancer

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

Pri3 awaiting-product-team-response azure-container-servicsvc container-servicsvc cxp doc-enhancement product-question triaged
Source
picture michaelsync

All 12 comments

@michaelsync Thanks for the Feedback.
I will have the Product team comment on deletion of public default load balancer.

You can check the private AKS Cluster service which is in preview for having internal IP addresses.

VikasPullagura-MSFT picture VikasPullagura-MSFT on 5 Feb 2020
👍1

@MicrosoftDocs/aks-pm Please add your comments.

VikasPullagura-MSFT picture VikasPullagura-MSFT on 5 Feb 2020

@VikasPullagura-MSFT Thanks. Yes. I am aware of the private AKS but we already have the AKS running so we prefer not to delete and re-create a new one. If there is an option to convert the existing public AKS to private AKS, I would like to know.

As of now, we added the internal load balancer to the existing AKS and ended up having two load balancers (default one and internal one). We couldn't delete the default public LB.

I am looking forward to seeing the recommendation from the Product team. Thanks.

michaelsync picture michaelsync on 5 Feb 2020

@MicrosoftDocs/aks-pm Please add your comments.

VikasPullagura-MSFT picture VikasPullagura-MSFT on 11 Feb 2020
👍1

@VikasPullagura-MSFT

I wonder if this @MicrosoftDocs/aks-pm is the right tag. I got 404 page when I access it. No response in 12 days.

michaelsync picture michaelsync on 17 Feb 2020

@michaelsync Yes it is right tag for AKS team. I am following up internally on email for this issue.

VikasPullagura-MSFT picture VikasPullagura-MSFT on 17 Feb 2020
👍1

The public load balancer created when AKS is created is not related to the API .
It's there to provide an IP for Outbound traffic to snat the traffic that goes to the internet.

Creating an ILB for inbound private traffic can be done by following that article and using the annotation you already found.

To not need that PIP you'll have to provide your own means of egress to ensure the cluster can exit to the internet for example:
https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype

palma21 picture palma21 on 18 Feb 2020

@palma21

To not need that PIP you'll have to provide your own means of egress to ensure the cluster can exit to the internet

Thanks. I will check out how to provide my own means of egress.

PIP means Public IP address, right?

What about deleting the public load balancer? Will I be able to delete the default public load balancer once I provide my own means of egress?

I thought this load balancer is being used by the k8s api server for kubectl.

michaelsync picture michaelsync on 19 Feb 2020

@palma21 Can you please confirm on the possibility of LB deletion.

VikasPullagura-MSFT picture VikasPullagura-MSFT on 20 Feb 2020

@VikasPullagura-MSFT Thanks for reminding Jorge.

@palma21 Can you please confirm on the possibility of LB deletion?

michaelsync picture michaelsync on 1 Mar 2020

PIP means Public IP address correct.

We are working on the capability to update from outboundtype LB to outbound type UDR.
With that the outbound IPs would be deleted. Tracking April ETA.

You still need the LB for ingress, be it external or internal (ILB), if you don't have or use any ingress traffic or services then that update would delete the LB too.
(LB would be created by k8s if you add a service later on)

palma21 picture palma21 on 18 Mar 2020

@palma21 Thanks for providing the details.

@michaelsync Hope the above provided information helps with your query.
We will now close this issue. If there are further questions regarding this, please tag me in a comment. I will reopen it and we will continue the discussion.

VikasPullagura-MSFT picture VikasPullagura-MSFT on 19 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

DeepPuddles picture DeepPuddles  Â·  3Comments
bityob picture bityob  Â·  3Comments
jamesgallagher-ie picture jamesgallagher-ie  Â·  3Comments
JeffLoo-ong picture JeffLoo-ong  Â·  3Comments
AronT-TLV picture AronT-TLV  Â·  3Comments