Configuring the Load Balancer
As part of load balancer configuration, to permit access to the 5443 port for TH deployment, the following needs to be added to the AKS load balancer:
- A health probe and load balancing rule for port 5443
- A health probe and load balancing rule for port 433
These steps are explained below.
To add a health probe for port 5443 using the Azure Portal:
- On your jump host, run the following command to get the value of
nginx-ingress-controller-svc
for port 5443:kubectl get svc -n core | grep nginx-ingress-controller-svc
nginx-ingress-controller-svc NodePort 10.0.146.63 5443:31249/TCP,5444:31036/TCP 21m
- Open the Azure Portal and locate the Azure Kubernetes resource group. (The AKS resource group name is in format MC_<your_resource_group>_<aks_name>_<location>.)
- Open the Kubernetes resource group.
- Find the Kubernetes load balancer and then open it.
- On the Kubernetes load balancer resource, click Health probes.
- Add a health probe for 5443 using the value obtained for the service NodePort in step 1.
To add a health probe for port 5443 using the Azure Cloud Shell:
- Get the AKS resource group and store it in an environment variable for later usage:
# CLUSTER_RESOURCE_GROUP=$(az aks show --resource-group <RESOURCE GROUP> --name <AKS NAME> --query nodeResourceGroup -o tsv)
For example, for AKS srg-demo-aks
from resource group srg-demo
:
# CLUSTER_RESOURCE_GROUP=$(az aks show --resource-group srg-demo --name srg-demo-aks --query nodeResourceGroup -o tsv)
- Create the health probe by running the command:
# az network lb probe create -g $CLUSTER_RESOURCE_GROUP --lb-name kubernetes-internal -n 5443-hp --protocol tcp --port <SERVICE PORT>
# az network lb probe create -g $CLUSTER_RESOURCE_GROUP --lb-name kubernetes-internal -n 5443-hp --protocol tcp --port 31249
To add a load balancing rule for port 5443 using the Azure Portal:
- Open the Kubernetes load balancer and click Load balancing rules.
- Add a rule for port 5443. The backend port is the value for
nginx-ingress-controller-svc
obtained previously and the health probe you just created.
To add a load balancing rule for port 5443 using the Azure Cloud Shell:
- Run the following command:
# az network lb rule create -g <AKS RESOURCE GROUP> --lb-name kubernetes-internal -n 5443-lb-rule --protocol Tcp --frontend-port 5443 --backend-port <SERVICE PORT> --probe-name 5443-hp --backend-pool-name kubernetes
For example:# az network lb rule create -g mc_srg-demo_srg-demo-aks_westeurope --lb-name kubernetes-internal -n 5443-lb-rule --protocol Tcp --frontend-port 5443 --backend-port 31249 --probe-name 5443-hp --backend-pool-name kubernetes
To add a health probe for port 443 using the Azure Portal:
- In the Azure portal, locate the Azure Kubernetes resource group. (The AKS resource group name is in format MC_<your_resource_group>_<aks_name>_<location>.)
- Open the Kubernetes resource group.
- On the Kubernetes load balancer resource, click Health probes.
- Click + Add for Kubernetes load balancer health probes and enter values for the following:
- Name: assign a name to the probe.
- Protocol: select TCP
- Port: enter 443
To add a health probe for port 443 using the Azure Cloud Shell:
- Run the following command:
# az network lb probe create -g <AKS RESOURCE GROUP> --lb-name kubernetes-internal -n 443-hp --protocol tcp --port 443
For example:# az network lb probe create -g mc_srg-demo_srg-demo-aks_westeurope --lb-name kubernetes-internal -n 443-hp --protocol tcp --port 443
To add a load balancing rule for port 443 using the Azure Portal:
- Open the Kubernetes load balancing rule and click Load balancing rules.
- Click + Add for the Kubernetes load balancer load balancing rules and enter values for the following:
- Name: assign a name to the probe.
- Port: enter 443.
- Backend port: enter 443.
- Health probe: select the probe you previously created for port 443.
- Session Persistence: select Client IP and protocol.
- Open the Kubernetes resource group.
To add a load balancing rule for port 443 using the Azure Cloud Shell:
- Run the following command:
# az network lb rule create -g <AKS RESOURCE GROUP> --lb-name kubernetes-internal -n 443-lb-rule --protocol Tcp --frontend-port 443 --backend-port 443 --probe-name 443-hp --backend-pool-name kubernetes
For example:# az network lb rule create -g mc_srg-demo_srg-demo-aks_westeurope --lb-name kubernetes-internal -n 443-lb-rule --protocol Tcp --frontend-port 443 --backend-port 443 --probe-name 443-hp --backend-pool-name kubernetes