如何仅将一个静态 public IP 分配给 AKS-multi AZ 负载均衡器

How to assign only one static public IP to AKS-multiAZ Loadbalancer

我正在设置一个多可用区 AKS 集群,我想将我创建的静态 public IP 分配给此负载均衡器。这是我的:

#### Creating a Public static IP ####
resource "azurerm_public_ip" "lb-public-ip1" {
  name                = "${var.public_ip_name}"
  location            = "${var.location}"
  resource_group_name = "${var.resource_group_name}"
  allocation_method   = "Static"
  ip_version          = "IPv4"
  sku                 = "standard"
  #domain_name_label   =
  tags = {
    Environment = "${var.environment}"
    owner       = "${var.resource_owner}"
    created-by  = "${var.policy_created_by}"
  }
  depends_on    = ["null_resource.module_depends_on"]
}
data "azurerm_public_ip" "lb-public-ip1" {
  name                = "${azurerm_public_ip.lb-public-ip1.name}"
  resource_group_name = "${azurerm_public_ip.lb-public-ip1.resource_group_name}"
  depends_on          = ["null_resource.module_depends_on"]
}
resource "null_resource" "module_depends_on" {
  triggers = {
    value = "${length(var.module_depends_on)}"
  }
}

#### Creating AKS Cluster ####
resource "azurerm_kubernetes_cluster" "k8s" {
    name                = "${var.cluster_name}"
    location            = "${var.location}"
    resource_group_name = "${var.resource_group_name}"
    dns_prefix          = "${var.dns_prefix}"
    kubernetes_version  = "1.14.8"
    linux_profile {
        admin_username = "ubuntu"

        ssh_key {
            key_data = "${var.key_data}"
        }
    }

    default_node_pool {
        availability_zones    = ["1","2"]
        enable_auto_scaling   = true 
        enable_node_public_ip = false 
        max_count             = "8" 
        min_count             = "2" 
        name                  = "default" 
        node_count            = "${var.node_count}"  
        os_disk_size_gb       = "${var.os_disk_size}" 
        type                  = "VirtualMachineScaleSets" 
        vm_size               = "Standard_DS2_v2"
       }

    role_based_access_control {
          enabled = true
    }
    service_principal {
        client_id      = "${var.client_id}"
        client_secret  = "${var.client_secret}"
    }
    addon_profile {
        kube_dashboard {
              enabled = true
        }
        oms_agent {
        enabled                    = "${var.oms_agent_activation}"
        log_analytics_workspace_id = "${var.log_analytics_workspace_id}"
        }
    }
    network_profile {
        network_plugin    = "kubenet"
        load_balancer_sku = "Standard"
        load_balancer_profile {
            outbound_ip_address_ids = [ "${azurerm_public_ip.lb-public-ip1.id}" ]

        }
    }
    tags = {
        Environment = "${var.environment}"
        Name        = "${var.cluster_name}"
        owner       = "${var.resource_owner}"
        created-by  = "${var.policy_created_by}"
    }
    depends_on       = [azurerm_public_ip.lb-public-ip1]
}

通过此设置,它创建了一个名为 kubernetes 的 AKS 集群和 LoadBalancer,并将我创建的静态 public IP 分配给没有分配任何 LB 规则的 LoadBalancer,我可以在 "Frontend IP configuration" 下看到它还创建了另一个 IP,并且所有 LoadBalancer 规则和 HealthProbes 都分配给自动创建的 IP。此外,它还创建了两个后端池:kubernetes(2 个虚拟机)和 aksOutboundBackendPool(2 个虚拟机)

在 Azure 文档中它说:"By default, one public IP will automatically be created in the same resource group as the AKS cluster, if NO public IP, public IP prefix, or number of IPs is specified." 但在我的例子中我指定了 PublicIP!

我想知道为什么它自己创建了另一个IP? 如何跳过自动创建的 IP,仅使用我创建并分配给 loadbalancer-profile 的 IP,以及 AKS 如何将 LoadBalancer 规则和运行状况探测分配给我分配的 IP?

拥有多个publicIP有什么用?

最后,我将使用分配给 istio 入口网关的 PublicIP。这就是为什么我只需要一个特定的 public IP。

还有我应该使用哪个后端池?

我只需要一个对 Prod Env 具有高可用性的 AKS 集群,以防万一一个区域中的集群出现故障,它会启动第二个区域中的集群。

如有任何帮助,我们将不胜感激。

据我所知,当您创建 AKS 并创建一个静态 public IP 以通过 Terraform 分配给其出站时,您只需要创建一个 public IP 和 AKS 集群,不需要使用 data 来源和 null_resource。所以你的代码可以改成这样:

#### Creating a Public static IP ####
resource "azurerm_public_ip" "lb-public-ip1" {
  name                = "${var.public_ip_name}"
  location            = "${var.location}"
  resource_group_name = "${var.resource_group_name}"
  allocation_method   = "Static"
  ip_version          = "IPv4"
  sku                 = "standard"
  #domain_name_label   =
  tags = {
    Environment = "${var.environment}"
    owner       = "${var.resource_owner}"
    created-by  = "${var.policy_created_by}"
  }
}


#### Creating AKS Cluster ####
resource "azurerm_kubernetes_cluster" "k8s" {
    name                = "${var.cluster_name}"
    location            = "${var.location}"
    resource_group_name = "${var.resource_group_name}"
    dns_prefix          = "${var.dns_prefix}"
    kubernetes_version  = "1.14.8"
    linux_profile {
        admin_username = "ubuntu"

        ssh_key {
            key_data = "${var.key_data}"
        }
    }

    default_node_pool {
        availability_zones    = ["1","2"]
        enable_auto_scaling   = true 
        enable_node_public_ip = false 
        max_count             = "8" 
        min_count             = "2" 
        name                  = "default" 
        node_count            = "${var.node_count}"  
        os_disk_size_gb       = "${var.os_disk_size}" 
        type                  = "VirtualMachineScaleSets" 
        vm_size               = "Standard_DS2_v2"
       }

    role_based_access_control {
          enabled = true
    }
    service_principal {
        client_id      = "${var.client_id}"
        client_secret  = "${var.client_secret}"
    }
    addon_profile {
        kube_dashboard {
              enabled = true
        }
        oms_agent {
        enabled                    = "${var.oms_agent_activation}"
        log_analytics_workspace_id = "${var.log_analytics_workspace_id}"
        }
    }
    network_profile {
        network_plugin    = "kubenet"
        load_balancer_sku = "Standard"
        load_balancer_profile {
            outbound_ip_address_ids = [ "${azurerm_public_ip.lb-public-ip1.id}" ]

        }
    }
    tags = {
        Environment = "${var.environment}"
        Name        = "${var.cluster_name}"
        owner       = "${var.resource_owner}"
        created-by  = "${var.policy_created_by}"
    }
    depends_on       = [azurerm_public_ip.lb-public-ip1]
}

并且会有两个后端池:aksOutboundBackendPool和kubernetes,以及一个出站规则:aksOutboundRule。没有 lb 规则和探测。一定是其他事情引起的。