This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Little guidance needed ...
I'm getting started with building AKS using Terraform. At this stage I'm trying to start a demo application running nginx and nothing else. I want to make sure it's accessible from the public web. For some reason, the public IP is not responding as expected.
My files are as follows. This is the main Terraform file for creating the AKS:
# Configure the Azure provider
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 2.65"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.4.1"
}
}
required_version = ">= 0.14.9"
}
provider "azurerm" {
features {}
}
provider "kubernetes" {
config_path = "~/.kube/config"
}
# Resource group for our SaaS service
resource "azurerm_resource_group" "rg" {
name = "eor-saas"
location = "East US"
}
resource "azurerm_virtual_network" "vn" {
name = "eor-saas-vnet"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["192.168.0.0/16"]
}
resource "azurerm_subnet" "sn" {
name = "eor-saas-subnet"
resource_group_name = azurerm_resource_group.rg.name
address_prefixes = ["192.168.1.0/24"]
virtual_network_name = azurerm_virtual_network.vn.name
}
resource "azurerm_kubernetes_cluster" "aks" {
name = "eor-saas-aks"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
dns_prefix = "eor-saas-aks"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_DS2_v2"
vnet_subnet_id = azurerm_subnet.sn.id
}
identity {
type = "SystemAssigned"
}
network_profile {
network_plugin = "kubenet"
load_balancer_sku = "Standard"
}
}
data "azurerm_public_ip" "example" {
name = reverse(split("/", tolist(azurerm_kubernetes_cluster.aks.network_profile.0.load_balancer_profile.0.effective_outbound_ips)[0]))[0]
resource_group_name = azurerm_kubernetes_cluster.aks.node_resource_group
}
After it's created I'm running az get-credentials to make sure I have connection to the cluster.
Then I run the Terraform file which sets the deployment and service:
# Configure the Azure provider
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.4.1"
}
}
required_version = ">= 0.14.9"
}
provider "kubernetes" {
config_path = "~/.kube/config"
}
resource "kubernetes_deployment" "test" {
metadata {
name = "nginx"
}
spec {
replicas = 2
selector {
match_labels = {
app = "MyTestApp"
}
}
template {
metadata {
labels = {
app = "MyTestApp"
}
}
spec {
container {
image = "nginx"
name = "nginx-container"
port {
container_port = 80
}
}
}
}
}
}
resource "kubernetes_service" "test" {
metadata {
name = "nginx"
}
spec {
selector = {
app = kubernetes_deployment.test.spec.0.template.0.metadata.0.labels.app
}
type = "NodePort"
port {
node_port = 30001
port = 80
target_port = 80
}
}
}
After all this I expect to be able to curl <public_ip>:30001 and get the "Welcome to nginx" message. I don't. I did some debug and saw that the pods are running correctly and serve nginx on port 80. Also the cluster itself (with its internal IP) is able to response to <ip>:30001. However the public IP is misconfigured somehow.
@Sivan , thank you for your question. Can you please check if traffic to port 30001 is allowed from your Source IP address/Internet on the Network Security Group(s) associated with the AKS node(s) and/or AKS node pool virtual network? If not, please add an Inbound rule with appropriate source?
You can confirmif that helped with telnet <Node-IP> 30001 from your client machine. This will allow you to understand if a connection can be established.
Can you please check if you are able to access the application at port 30001 on the Public IP address of any of the nodes? If not what is the error that you are receiving?