Forum Discussion
Azure: How to create Standard Load Balancer without public IP address?
Microsofthttps://docs.microsoft.com/en-us/azure/aks/internal-lb
Hihspinto ,
The main issue here is that during creation of AKS cluster with Standard LoadBalancer, AKS cluster itself creates a Public IP address. We have clients which do not allow deploying Public IP address in their Tenant. Because of these issues we are unable to migrate to AKS cluster with standard LoadBalancer.
The thing you just described is when the cluster is ready available and only with Basic LoadBalancer. If an AKS cluster is created with basic LoadBalancer it does not create Public IP address and LoadBalancer by its own. And it becomes visible only when we deploy nginx-ingress controller helm chart. This chart we can configure to point public IP or private IP from VNet.
Because of AKS cluster creating public IP address with standard LoadBalancer, we are not able to use this. And we need to create multiple nodepools. Multiple nodepools are only supported with standard LoadBalancer AKS cluster.
Use the flag to create the cluster with Basic Load Balancer, because it won’t be created until you deploy the first external Load Balancer service from Kubernetes.
az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku basic
Basic Load Balancer has implications in capacity for outbound connectivity to Internet from the cluster. basic LB has 1024 SNAT ports fixed, in Standard LB this can be increased
As per https://access.redhat.com/solutions/3215091, Azure internal load balancer is not suitable in front of a pool of master nodes servicing api calls that may come from master nodes themselves.
