search

Configure networking

Kubernetes employs a virtual networking layer to manage access within and between your applications or their components.

When creating an Azure Kubernetes Service (AKS) cluster, the networking model plays a crucial role in how Kubernetes pods communicate within the cluster and externally. In this hands on, we will focus on setting up an AKS cluster that uses Azure CNI with dynamic IP allocation. The new dynamic IP allocation capability in Azure CNI allocates pod IPs from a subnet separate from the subnet hosting the AKS cluster.

To isolate network traffic between nodes and pods, we'll create separate subnets for each:

  • Node Subnet: The subnet that AKS nodes (VMs) will use.

  • Pod Subnet: The subnet from which IPs will be dynamically assigned to Kubernetes pods using the Azure CNI.

Firstly, let's get the pulumi configuration. From the root folder you will create a new config.ts file and use the pulumi.Config object likes below:

import * as pulumi from "@pulumi/pulumi";

// Create a configuration object
const pulumiConfig = new pulumi.Config();

// Access a configuration value and export for reusing
export const config = {
    location: pulumiConfig.require("azure:location")
}

Then from the resources folder, you create a new file named virtualnetwork.ts and add the following code to create the virtual network with two subnets.

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import { config } from "../config";

export const createVirtualNetWork = (resourceGroupName:  pulumi.Input<string>) => {
    // Create a Virtual Network for the cluster.
    const vnet = new azure_native.network.VirtualNetwork("aksVNet", {
        addressSpace: {
            addressPrefixes: ["10.0.0.0/8"],
        },
        flowTimeoutInMinutes: 10,
        location: config.location,
        resourceGroupName: resourceGroupName
    });

    // Create a Node Subnet for the cluster.
    const nodeSubnet = new azure_native.network.Subnet("aksNodeSubnet", {
        addressPrefix: "10.240.0.0/16",
        resourceGroupName: resourceGroupName,
        subnetName: "aksNodeSubnet",
        virtualNetworkName: vnet.name,
    });

    // Create a Pod Subnet for the cluster.
    const podSubnet = new azure_native.network.Subnet("aksPodSubnet", {
        addressPrefix: "10.241.0.0/16",
        resourceGroupName: resourceGroupName,
        // Subnet Delegation to Azure Kubernetes Service
        delegations: [{
            name: "aksDelegation",
            serviceName: "Microsoft.ContainerService/managedClusters", // AKS delegation
        }],
        subnetName: "aksPodSubnet",
        virtualNetworkName: vnet.name,
    });

    return {
        nodeSubnetId: nodeSubnet.id,
        podSubnetId: podSubnet.id,
    };
}

By using subnet delegation in Pulumi, you ensure that each Azure service likes Azure Kubernetes Service (AKS) is properly isolated and configured for optimal performance, while still benefiting from the flexibility of infrastructure as code. The more details about subnet delegation can be found inhttps://learn.microsoft.com/en-us/azure/virtual-network/subnet-delegation-overviewarrow-up-right

circle-info

When IP address planning for your AKS cluster, you should consider the number of IP addresses required for upgrade and scaling operations. If you set the IP address range to only support a fixed number of nodes, you won't be able to upgrade or scale your cluster. See IP address sizingarrow-up-right for more details.

Next, you will update your code in index.ts that includes create a new virtual network with the following code:

You have completed some good steps:

  1. Create a new config.ts file to access the pulumi configuration

  2. Create a new virtual network with 2 subnets for node and pod in virtualnetwok.ts

hashtag
References

PreviousCreate a Resource GroupNextAdding Azure Container Registry (ACR) with Pulumi

Last updated