Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

domain_name_label missing under network_profile part of azurerm_kubernetes_cluster #5085

Open
ghost opened this issue Dec 5, 2019 · 8 comments
Open

domain_name_label missing under network_profile part of azurerm_kubernetes_cluster #5085

ghost opened this issue Dec 5, 2019 · 8 comments
Labels
enhancement service/kubernetes-cluster v/1.x (legacy)

Comments

@ghost
Copy link

ghost commented Dec 5, 2019

This issue was originally opened by @shreekant as hashicorp/terraform#23572. It was migrated here as a result of the provider split. The original body of the issue is below.

Current Terraform Version

Terraform v0.12.9
+ provider.azurerm v1.36.1
+ provider.helm v0.10.4
+ provider.kubernetes v1.10.0

Use-cases

I am creating AKS by using azurerm_kubernetes_cluster resource under that I am using network_profile - would like to add Custom name for Public IP and I also need to set DNS name (domain_name_label ) which is currently not supported.

I tried azurerm_public_ip but cannot associate k8s to it and more over after using azurerm_kubernetes_cluster and azurerm_public_ip - ending up having 2 public ip's.

Attempted Solutions

I tried azurerm_public_ip but cannot associate k8s to it and more over after using azurerm_kubernetes_cluster and azurerm_public_ip - ending up having 2 public ip's.

Proposal

Under network_profile there should be an option to have custom name and domain_name_label for Public IP.

References
@ghost ghost mentioned this issue Dec 5, 2019
Closed
@brennerm
Copy link
Contributor

brennerm commented Dec 5, 2019

@shreekant Do you want to assign a custom DNS name to the K8s API server or to one of your ingresses?

The former is AFAIK not possible as Azure does not give you any control over this IP address. You can of course create your own CNAME or A record.

The latter is possible e.q. by creating a static public IP address, giving it a custom DNS name and creating an ingress controller that uses this address. Check out this doc for more information. The whole process can be realized using Terraform. Feel free to ask for assistance.

@shreekant
Copy link

@brennerm : I want to assign DNS name to the k8s api and not for the ingress.
Basically when i use network_profile it is creating a public ip with random name and assigning a IP to it and also assigning the SKU (in my case its Standard) to the public ip. The issue is with assigning DNS name to it.

As mentioned in the description we cannot use the azurerm_public_ip because it will create a new public ip (we can also assign dns) but cannot associate k8s.

@brennerm
Copy link
Contributor

brennerm commented Dec 6, 2019

The network_profile block is used for the cluster internal network configuration.

The K8s API address is unrelated to this. Azure only gives you the option to add a prefix to it's DNS name.

resource "azurerm_kubernetes_cluster" "example" {
  name                = "myakscluster"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  dns_prefix          = "myaks"
...
}

This will result in a DNS name for your API server similar to myaks-05217418.hcp.westeurope.azmk8s.io. Azure will AFAIK not create a public IP address in your subscription that you have access to.

What you can do is access the DNS name (azurerm_kubernetes_cluster.example.fqdn) after the cluster has been deployed and create a CNAME on your own (myaks.mycompany.com -> myaks-05217418.hcp.westeurope.azmk8s.io).

Hope this helps. 👍

@shreekant
Copy link

@brennerm : Thanks for reply!
Lets take this template as an example. If you dry run this, it creates the AKS cluster with networking and multiple agentpools. This also creates a Public IP under the node resource group that starts with MC_. The issue is in there, it also creates a public IP to which i am referring to.
In the current architecture we have, the dns name (domain_name_label) has to be updated in the public ip - Currently we are doing it manually. Bringing in terraform in place it has to be done via tf script. I guess creating CNAME wouldn't solve the issue.

@brennerm
Copy link
Contributor

brennerm commented Dec 9, 2019

Ahh, guess I understand your problem now.

Had a look at the azure-go-sdk and it is possible to

A. to get the ID of the public IP address that Azure creates
B. to pass an ID of a predefined public IP address

using the ManagedClusterLoadBalancerProfile.

@shreekant What would be your preferred option?
@tombuildsstuff Do you see any issues introducing one/both of these changes?

@shreekant
Copy link

@brennerm : Either of the option is ok for me, preferably assigning the DNS label from network_profile would be easy.

@tombuildsstuff
Copy link
Member

@brennerm thinking about this from our side it'd probably make more sense to pass in the IP of a Public IP Address, rather than letting Azure create it - since this means we're also able to tear it down when the AKS Cluster is destroyed (and track changes to it as needed).

We've implemented both in some other cases and it's confused users in some cases - as such I'm not opposed to either, but I think the only way we're going to know for sure would be by prototyping that - WDYT?

@Lroca88
Copy link

Lroca88 commented Apr 5, 2021

@brennerm, @tombuildsstuff any updates?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement service/kubernetes-cluster v/1.x (legacy)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tombuildsstuff @shreekant @Lroca88 @brennerm @catriona-m