tectonic-installer icon indicating copy to clipboard operation
tectonic-installer copied to clipboard

Published 20 hours ago verified publisher icon coreos

Azure ILB limitation.

Open coresolve opened this issue 8 years ago • 4 comments

The Azure ILB has a limitation described here: https://github.com/Microsoft/azure-docs/blob/master/articles/load-balancer/load-balancer-internal-overview.md#limitations

This keeps the cluster from coming up as bootkube is trying to connect to the api lb address and that is not supported based on this restriction. There may be a way forward by using an application load balancer for this. This would solve the problem by proxying back to the load balanced nodes instead of using SNAT.

Other references: https://github.com/hashicorp/terraform/pull/10413

TF doesn't yet support app_gateway resources?

coresolve avatar May 11 '17 20:05 coresolve

@robszumski

metral avatar May 11 '17 22:05 metral

https://github.com/hashicorp/terraform/pull/14426

sozercan avatar May 12 '17 03:05 sozercan

For context, ILB's are being experimented with to stand up fully private clusters on Azure. In using them, we hit this limitation.

metral avatar May 12 '17 05:05 metral

this is apparently still an issue, though Azure's documentation has changed and is a bit more obscure about the fact. Tested with both Basic and Standard ILBs. Even tried mounting two NICs to a machine, one for incoming from the ILB (subnet 1), one for outgoing to the ILB (subnet 2). Added NIC on subnet 1 to the backend pool, added ILB frontend in subnet 2. Verified routing correctly outbound from the VM. Results: bupkis.

awebneck avatar May 01 '18 22:05 awebneck