Configuring the Load Balancer

As part of load balancer configuration, to permit access to the 5443 port for TH deployment, the following needs to be added to the AKS load balancer:

These steps are explained below.

To add a health probe for port 5443 using the Azure Portal:

  1. On your jump host, run the following command to get the value of nginx-ingress-controller-svc for port 5443:
    kubectl get svc -n core | grep nginx-ingress-controller-svc

Example output, showing NodePort as 31249:
nginx-ingress-controller-svc NodePort 10.0.146.63 5443:31249/TCP,5444:31036/TCP 21m

  1. Open the Azure Portal and locate the Azure Kubernetes resource group. (The AKS resource group name is in format MC_<your_resource_group>_<aks_name>_<location>.)

  1. Open the Kubernetes resource group.
  2. Find the Kubernetes load balancer and then open it.

  1. On the Kubernetes load balancer resource, click Health probes.
  2. Add a health probe for 5443 using the value obtained for the service NodePort in step 1.

To add a health probe for port 5443 using the Azure Cloud Shell:

  1. Get the AKS resource group and store it in an environment variable for later usage:
    # CLUSTER_RESOURCE_GROUP=$(az aks show --resource-group <RESOURCE GROUP> --name <AKS NAME> --query nodeResourceGroup -o tsv)

For example, for AKS srg-demo-aks from resource group srg-demo:
# CLUSTER_RESOURCE_GROUP=$(az aks show --resource-group srg-demo --name srg-demo-aks --query nodeResourceGroup -o tsv)

  1. Create the health probe by running the command:
    # az network lb probe create -g $CLUSTER_RESOURCE_GROUP --lb-name kubernetes-internal -n 5443-hp --protocol tcp --port <SERVICE PORT>

Example:
# az network lb probe create -g $CLUSTER_RESOURCE_GROUP --lb-name kubernetes-internal -n 5443-hp --protocol tcp --port 31249

To add a load balancing rule for port 5443 using the Azure Portal:

  1. Open the Kubernetes load balancer and click Load balancing rules.

  1. Add a rule for port 5443. The backend port is the value for nginx-ingress-controller-svc obtained previously and the health probe you just created.

To add a load balancing rule for port 5443 using the Azure Cloud Shell:

  1. Run the following command:
    # az network lb rule create -g <AKS RESOURCE GROUP> --lb-name kubernetes-internal -n 5443-lb-rule --protocol Tcp --frontend-port 5443 --backend-port <SERVICE PORT> --probe-name 5443-hp --backend-pool-name kubernetes

For example:
# az network lb rule create -g mc_srg-demo_srg-demo-aks_westeurope --lb-name kubernetes-internal -n 5443-lb-rule --protocol Tcp --frontend-port 5443 --backend-port 31249 --probe-name 5443-hp --backend-pool-name kubernetes

To add a health probe for port 443 using the Azure Portal:

  1. In the Azure portal, locate the Azure Kubernetes resource group. (The AKS resource group name is in format MC_<your_resource_group>_<aks_name>_<location>.)

  1. Open the Kubernetes resource group.
  2. On the Kubernetes load balancer resource, click Health probes.
  3. Click + Add for Kubernetes load balancer health probes and enter values for the following:
    • Name: assign a name to the probe.
    • Protocol: select TCP
    • Port: enter 443

To add a health probe for port 443 using the Azure Cloud Shell:

  1. Run the following command:
    # az network lb probe create -g <AKS RESOURCE GROUP> --lb-name kubernetes-internal -n 443-hp --protocol tcp --port 443

For example:
# az network lb probe create -g mc_srg-demo_srg-demo-aks_westeurope --lb-name kubernetes-internal -n 443-hp --protocol tcp --port 443

To add a load balancing rule for port 443 using the Azure Portal:

  1. Open the Kubernetes load balancing rule and click Load balancing rules.
  2. Click + Add for the Kubernetes load balancer load balancing rules and enter values for the following:
    • Name: assign a name to the probe.
    • Port: enter 443.
    • Backend port: enter 443.
    • Health probe: select the probe you previously created for port 443.
    • Session Persistence: select Client IP and protocol.

  3. Open the Kubernetes resource group.

To add a load balancing rule for port 443 using the Azure Cloud Shell:

  1. Run the following command:
    # az network lb rule create -g <AKS RESOURCE GROUP> --lb-name kubernetes-internal -n 443-lb-rule --protocol Tcp --frontend-port 443 --backend-port 443 --probe-name 443-hp --backend-pool-name kubernetes

For example:
# az network lb rule create -g mc_srg-demo_srg-demo-aks_westeurope --lb-name kubernetes-internal -n 443-lb-rule --protocol Tcp --frontend-port 443 --backend-port 443 --probe-name 443-hp --backend-pool-name kubernetes