Use a static public IP address and DNS label with the Azure Kubernetes Service (AKS) load balancer
When you create a load balancer resource in an Azure Kubernetes Service (AKS) cluster, the public IP address assigned to it is only valid for the lifespan of that resource. If you delete the Kubernetes service, the associated load balancer and IP address are also deleted. If you want to assign a specific IP address or retain an IP address for redeployed Kubernetes services, you can create and use a static public IP address.
This article shows you how to create a static public IP address and assign it to your Kubernetes service.
Before you begin
- This article assumes that you have an existing AKS cluster. If you need an AKS cluster, see the AKS quickstart using the Azure CLI, using Azure PowerShell, or using the Azure portal.
- You need the Azure CLI version 2.0.59 or later installed and configured. Run
az --versionto find the version. If you need to install or upgrade, see Install Azure CLI.
- This article covers using a Standard SKU IP with a Standard SKU load balancer. For more information, see IP address types and allocation methods in Azure.
Create a static IP address
az aks showaz-aks-show command to get the node resource group name of your AKS cluster, which follows this format:
MC_<resource group name>_<AKS cluster name>_<region>.
az aks show \ --resource-group myResourceGroup \ --name myAKSCluster --query nodeResourceGroup --output tsv
az network public ip createcommand to create a static public IP address. The following example creates a static IP resource named myAKSPublicIP in the MC_myResourceGroup_myAKSCluster_eastus node resource group.
az network public-ip create \ --resource-group MC_myResourceGroup_myAKSCluster_eastus \ --name myAKSPublicIP \ --sku Standard \ --allocation-method static
If you're using a Basic SKU load balancer in your AKS cluster, use Basic for the
--skuparameter when defining a public IP. Only Basic SKU IPs work with the Basic SKU load balancer and only Standard SKU IPs work with Standard SKU load balancers.
After you create the static public IP address, use the
az network public-ip listcommand to get the IP address. Specify the name of the node resource group and public IP address you created, and query for the ipAddress.
az network public-ip show --resource-group MC_myResourceGroup_myAKSCluster_eastus --name myAKSPublicIP --query ipAddress --output tsv
Create a service using the static IP address
Before creating a service, use the
az role assignment createcommand to ensure the cluster identity used by the AKS cluster has delegated permissions to the node resource group.
az role assignment create \ --assignee <Client ID> \ --role "Network Contributor" \ --scope /subscriptions/<subscription id>/resourceGroups/<MC_myResourceGroup_myAKSCluster_eastus>
If you customized your outbound IP, make sure your cluster identity has permissions to both the outbound public IP and the inbound public IP.
Create a file named
load-balancer-service.yamland copy in the contents of the following YAML file, providing your own public IP address created in the previous step and the node resource group name.
apiVersion: v1 kind: Service metadata: annotations: service.beta.kubernetes.io/azure-load-balancer-resource-group: MC_myResourceGroup_myAKSCluster_eastus name: azure-load-balancer spec: loadBalancerIP: 22.214.171.124 type: LoadBalancer ports: - port: 80 selector: app: azure-load-balancer
kubectl applycommand to create the service and deployment.
kubectl apply -f load-balancer-service.yaml
Apply a DNS label to the service
If your service uses a dynamic or static public IP address, you can use the
service.beta.kubernetes.io/azure-dns-label-name service annotation to set a public-facing DNS label. This publishes a fully qualified domain name (FQDN) for your service using Azure's public DNS servers and top-level domain. The annotation value must be unique within the Azure location, so it's recommended to use a sufficiently qualified label. Azure automatically appends a default suffix in the location you selected, such as
<location>.cloudapp.azure.com, to the name you provide, creating the FQDN.
apiVersion: v1 kind: Service metadata: annotations: service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel name: azure-load-balancer spec: type: LoadBalancer ports: - port: 80 selector: app: azure-load-balancer
To see the DNS label for your load balancer, run the following command:
kubectl describe service azure-load-balancer
The DNS label will be listed under the
Annotations, as shown in the following condensed example output:
Name: azure-load-balancer Namespace: default Labels: <none> Annotations: service.beta.kuberenetes.io/azure-dns-label-name: myserviceuniquelabel ...
To publish the service on your own domain, see Azure DNS and the external-dns project.
If the static IP address defined in the loadBalancerIP property of the Kubernetes service manifest doesn't exist or hasn't been created in the node resource group and there are no additional delegations configured, the load balancer service creation fails. To troubleshoot, review the service creation events using the
kubectl describe command. Provide the name of the service specified in the YAML manifest, as shown in the following example:
kubectl describe service azure-load-balancer
The output will show you information about the Kubernetes service resource. The following example output shows a
Warning in the
user supplied IP address was not found." In this scenario, make sure you've created the static public IP address in the node resource group and that the IP address specified in the Kubernetes service manifest is correct.
Name: azure-load-balancer Namespace: default Labels: <none> Annotations: <none> Selector: app=azure-load-balancer Type: LoadBalancer IP: 10.0.18.125 IP: 126.96.36.199 Port: <unset> 80/TCP TargetPort: 80/TCP NodePort: <unset> 32582/TCP Endpoints: <none> Session Affinity: None External Traffic Policy: Cluster Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CreatingLoadBalancer 7s (x2 over 22s) service-controller Creating load balancer Warning CreatingLoadBalancerFailed 6s (x2 over 12s) service-controller Error creating load balancer (will retry): Failed to create load balancer for service default/azure-load-balancer: user supplied IP Address 188.8.131.52 was not found
For additional control over the network traffic to your applications, you may want to create an ingress controller. You can also create an ingress controller with a static public IP address.
Submit and view feedback for