Azure
Exposing applications internally only is not working
Hi guys, We're trying to expose our applications internally only instead of public, in order to do this we're creating an internal only TCP service as per the documentation
We've got some issues here as it doesn't seem to work as expected.
what we have done so far is:
- create a project
- create an internal lb in that project
oc create -f lb-internal.yml
the contents of lb-internal.yml file:
apiVersion: v1
kind: Service
metadata:
name: internal-lb
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
type: LoadBalancer
ports:
- name: http
port: 80
- name: https
port: 443
selector:
app: internal-lb
- after a little while we've got a new kubernetes-internal LB object in Azure, with a private IP but there's a message in the azure portal stating this:
Backend pool 'kubernetes' was removed from Virtual machine scale set 'ss-compute-1580936549'. Upgrade all the instances of 'ss-compute-1580936549' for this change to apply
Backend pool 'kubernetes' was removed from Virtual machine scale set 'ss-infra-1580936549'. Upgrade all the instances of 'ss-infra-1580936549' for this change to apply
But we don't have the permissions to do that upgrade as it's a managed application.
This happens BOTH to the AROPrivateCluster preview and to the AROGA services.
and because of that there's no access. At least we believe it's because of that.
I also have some videos explaining the issue, if you want to take a look send me a dm.
Internal API LB DNS resolution and Cluster Console access Internal Kubernetes Deployment - infra and compute nodes upgrade - internal kubernetes lb dns resolution
Hi, I just got an update to this. We changed the way to create the Internal LB strictly following the command line and it worked this time, we have connectivity via the VNet Peering to the Internal LB as expected.
However the message about upgrade the infra and compute scale sets is still valid (it can't be done).
