Nat Gateway Profile for AKS using terraform
Hi I want to use userAssignedNatGateway for my private aks cluster.
Could anyone help me with network profile block for aks how can I pass the nat gateway that I've created using terraform only
Even I tried with outbound count as 2 still facing issue.
network_profile{
# other network configuration
outbound_type="userAssignedNatGateway"
nat_gateway_profile{
mamaged_outbound_ip_count = 2
}
}
Solution
Nat Gateway Profile for AKS using terraform
It's possible to achieve this requirement declaring the network profile inside the AKS cluster configuration.
This can be achieved by creating a user-assigned NAT Gateway for your private AKS cluster & create a NAT Gateway and assign it to your AKS cluster’s subnet then add the network_profile block to pass the NAT Gateway configuration.
Configuration:
resource "azurerm_public_ip" "nat_gateway_public_ip" {
name = "nat-gateway-public-ip"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_nat_gateway" "nat_gateway" {
name = "vinay-nat-gateway"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku_name = "Standard"
}
resource "azurerm_nat_gateway_public_ip_association" "nat_gateway_ip" {
nat_gateway_id = azurerm_nat_gateway.nat_gateway.id
public_ip_address_id = azurerm_public_ip.nat_gateway_public_ip.id
}
resource "azurerm_virtual_network" "example_vnet" {
name = "vinay-vnet"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "aks_subnet" {
name = "aks-subnet"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example_vnet.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_subnet_nat_gateway_association" "aks_subnet_nat_gateway_association" {
subnet_id = azurerm_subnet.aks_subnet.id
nat_gateway_id = azurerm_nat_gateway.nat_gateway.id
}
resource "azurerm_kubernetes_cluster" "aks_cluster" {
name = "vinay-aks"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_DS2_v2"
vnet_subnet_id = azurerm_subnet.aks_subnet.id
}
identity {
type = "SystemAssigned"
}
network_profile {
network_plugin = "azure"
load_balancer_sku = "standard"
outbound_type = "userAssignedNATGateway"
load_balancer_profile {
outbound_ip_address_ids = [azurerm_public_ip.nat_gateway_public_ip.id]
}
service_cidr = "10.1.0.0/16"
dns_service_ip = "10.1.0.10"
}
depends_on = [
azurerm_subnet_nat_gateway_association.aks_subnet_nat_gateway_association
]
}
Deployment:
refer:
https://learn.microsoft.com/en-us/azure/aks/nat-gateway
azure - How to create a private AKS cluster in an existing VNET using Terraform - Stack Overflow
- Kubectl error: memcache.go:265] couldn’t get current server API group list: Get
- Invalid resource manager ID in primary checkpoint record
- How can I view the config details of the current context in kubectl?
- Webhook call fails while deploying a new Couchbase cluster
- How can we create same resource in multiple terraform providers?
- Can't access a Minikube's NodePort service from outside
- Infinispan dual roles on Kubernetes as a Vert.x cluster manager and cache manager. Cache not being shared problem
- how to use kubectl command with flag --selector?
- Spring Boot with Kubernetes Issue for Prometheus (Cannot file prometheus yml file for configuration)
- EKS cluster pods unable to connect to internet
- kubernetes pod logging broken with journald logging driver
- Helm configMap support for binary files
- Usage of variables in Helm
- How to share a cephfs volume between pods in different k8s namespaces
- is it possible to use Gitlabci parallel matrix to build docker image with certain time delay for each image?
- How to resolve invalid character included yaml attributes from kubernetes
- Why kubectl exec --username=root does not work?
- How to enter a pod as root?
- How to exclude a resource when using namespace in kustomization.yaml?
- Kubernetes Ingress Routing HTTP with Kestrel
- How to pass brackets and other special characters using —set in Helm
- Problem installing Issuer (cert-manager) inside GKE cluster tls: failed to verify certificate: x509: certificate signed by unknown authority
- couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server
- Spring Boot Application Fails to Create/Replace ConfigMap in Minikube After Upgrade
- GKE Autopilot: How to add/manage SSL Certificate to GKE autopilot
- Is it possible to allow egress traffic by hostname?
- helm chart error can't evaluate field Values in type interface {}
- What is the difference between Helm and Kustomize?
- How to delete and recreate pods using yaml file in kubernetes
- Kubernetes: get actual resource limits from within container