@Ramr-msft We've resolved the issue. The AKS MSI did not have NetworkContributer Reader role assigned on the VNet which we thought that had already been applied. The AML workspace doesn't need to be private. It works for both AKS NetworkType (i.e. kubenet and Azure CNI).
Error: Scoring FE IP address not updated yet, when enabling the use of internal load balancer
Hello, currently, I'm having issues to enable private load balancer after attaching an existing AKS Cluster to AML Workspace. The error message "Scoring FE IP address not updated yet" is displayed when trying to enable private load balancer by following the instructions at https://learn.microsoft.com/en-us/azure/machine-learning/how-to-secure-inferencing-vnet?tabs=azure-cli#internal-aks-load-balancer. The AKS Cluster is in a separate VNet than the AML Workspace. The two VNet have peered. Also, I've tried using Azure CLI but receiving the same error message. Can you provide some help on resolving this?
2 answers
Sort by: Most helpful
-
-
Ramr-msft 17,741 Reputation points
2020-10-14T13:38:20.347+00:00 @Allen Azemia Thanks for the question. Details of creating a private IP link is here.
https://learn.microsoft.com/en-us/azure/machine-learning/how-to-network-security-overview#use-private-ips-with-azure-kubernetes-service
for secure AKS inference deployment, request an inbound NSG rule on port 80.
This rule is needed so that scoring endpoint can be called from outside the VNet. IP shown is not static but is the scoring endpoint IP.Currently all the resources needs to be in the same VNet since AML workspace doesn’t support multiple private endpoints but AKS cluster can be in its own subnet with the VNet. We have forwarded to the product team to check on this.