# Configure networking

When creating an **Azure Kubernetes Service (AKS)** cluster, the networking model plays a crucial role in how Kubernetes pods communicate within the cluster and externally. In this hands on, we will focus on setting up an AKS cluster that uses **Azure CNI** with dynamic IP allocation. The new dynamic IP allocation capability in Azure CNI allocates pod IPs from a subnet separate from the subnet hosting the AKS cluster.

To isolate network traffic between nodes and pods, we'll create separate subnets for each:

* **Node Subnet**: The subnet that AKS nodes (VMs) will use.
* **Pod Subnet**: The subnet from which IPs will be dynamically assigned to Kubernetes pods using the Azure CNI.

Firstly, let's get the pulumi configuration. From the root folder you will create a new `config.ts` file and use the `pulumi.Config` object likes below:

```typescript
import * as pulumi from "@pulumi/pulumi";

// Create a configuration object
const pulumiConfig = new pulumi.Config();

// Access a configuration value and export for reusing
export const config = {
    location: pulumiConfig.require("azure:location")
}
```

Then from the resources folder, you create a new file named `virtualnetwork.ts` and add the following code to create the virtual network with two subnets.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import { config } from "../config";

export const createVirtualNetWork = (resourceGroupName:  pulumi.Input<string>) => {
    // Create a Virtual Network for the cluster.
    const vnet = new azure_native.network.VirtualNetwork("aksVNet", {
        addressSpace: {
            addressPrefixes: ["10.0.0.0/8"],
        },
        flowTimeoutInMinutes: 10,
        location: config.location,
        resourceGroupName: resourceGroupName
    });

    // Create a Node Subnet for the cluster.
    const nodeSubnet = new azure_native.network.Subnet("aksNodeSubnet", {
        addressPrefix: "10.240.0.0/16",
        resourceGroupName: resourceGroupName,
        subnetName: "aksNodeSubnet",
        virtualNetworkName: vnet.name,
    });

    // Create a Pod Subnet for the cluster.
    const podSubnet = new azure_native.network.Subnet("aksPodSubnet", {
        addressPrefix: "10.241.0.0/16",
        resourceGroupName: resourceGroupName,
        // Subnet Delegation to Azure Kubernetes Service
        delegations: [{
            name: "aksDelegation",
            serviceName: "Microsoft.ContainerService/managedClusters", // AKS delegation
        }],
        subnetName: "aksPodSubnet",
        virtualNetworkName: vnet.name,
    });

    return {
        nodeSubnetId: nodeSubnet.id,
        podSubnetId: podSubnet.id,
    };
}
```

By using subnet delegation in Pulumi, you ensure that each Azure service likes **Azure Kubernetes Service (AKS)** is properly isolated and configured for optimal performance, while still benefiting from the flexibility of infrastructure as code. The more details about subnet delegation can be found in<https://learn.microsoft.com/en-us/azure/virtual-network/subnet-delegation-overview>

{% hint style="info" %}
When IP address planning for your AKS cluster, you should **consider the number of IP addresses required for upgrade and scaling operations**. If you set the IP address range to only support a fixed number of nodes, you won't be able to upgrade or scale your cluster. See [IP address sizing](https://learn.microsoft.com/en-us/azure/aks/concepts-network-ip-address-planning) for more details.
{% endhint %}

Next, you will update your code in `index.ts` that includes create a new virtual network with the following code:

```typescript
import * as resources from "@pulumi/azure-native/resources";
import { createVirtualNetWork } from "./resources/virtualnetwork";

// Create an Azure Resource Group
const resourceGroup = new resources.ResourceGroup("resourceGroup", {
    resourceGroupName: "pulumi-aks-rg"
});

// Create a new virtual network
const virtualNetworking = createVirtualNetWork(resourceGroup.name);

export const resourceGroupName = resourceGroup.name;
```

You have completed some good steps:

1. Create a new `config.ts` file to access the pulumi configuration
2. Create a new virtual network with 2 subnets for node and pod in `virtualnetwok.ts`

### References

* Use kubenet networking with IP address ranges in Azure Kubernetes Service<https://learn.microsoft.com/en-us/azure/aks/configure-kubenet>
* Configure Azure CNI networking<https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni-dynamic-ip-allocation>
* Understanding CIDR Notation<https://devblogs.microsoft.com/premier-developer/understanding-cidr-notation-when-designing-azure-virtual-networks-and-subnets/>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hahoangv.gitbook.io/azure-kubernetes-service/hands-on-provisioning-and-configuring-an-aks-cluster-on-azure-with-pulumi/configure-kubernetes-resources/configure-networking.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.