Undocumented public IP in AKS-provisioned load balancer

[piotrgwiazda]

When switched AKS from Basic Load Balancers to Standard after #643 became GA I'm getting a strange public IP with tag type:aks-slb-managed-outbound-ip and it creates a backend pool in the public load balancer named aksOutboundBackendPool.

Please provide any documentation related to this. It becomes a second public IP to this load balancer as the other is created by my service. Please provide instruction on how to control creation of this automatic public IP.

[jnoller]

Please see this document:

https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard#limitations

Limitations
The following limitations apply when you create and manage AKS clusters that support a load balancer with the Standard SKU:

At least one public IP or IP prefix is required for allowing egress traffic from the AKS cluster. The public IP or IP prefix is also required to maintain connectivity between the control plane and agent nodes as well as to maintain compatibility with previous versions of AKS. You have the following options for specifying public IPs or IP prefixes with a Standard SKU load balancer:
Provide your own public IPs.
Provide your own public IP prefixes.
Specify a number up to 100 to allow the AKS cluster to create that many Standard SKU public IPs in the same resource group created as the AKS cluster, which is usually named with MC_ at the beginning. AKS assigns the public IP to the Standard SKU load balancer. By default, one public IP will automatically be created in the same resource group as the AKS cluster, if no public IP, public IP prefix, or number of IPs is specified. You also must allow public addresses and avoid creating any Azure Policy that bans IP creation.

[piotrgwiazda]

Thank you. Just a side note that this is not available via Terraform yet during create time https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html