Azure: How to create Standard Load Balancer without public IP address?

%3CLINGO-SUB%20id%3D%22lingo-sub-2198503%22%20slang%3D%22en-US%22%3EAzure%3A%20How%20to%20create%20Standard%20Load%20Balancer%20without%20public%20IP%20address%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2198503%22%20slang%3D%22en-US%22%3E%3CP%3EI%20want%20to%20run%20my%20application%20with%20AKS%20cluster(version%20-%201.18.14)%20with%20the%20dependency%20of%20standard%20load%20balancer%20to%20create%20multiple%20node%20pools.%20But%2C%20the%20standard%20load%20balancer%20is%20creating%20public%20IP%20address.%20which%20is%20not%20suitable%20for%20my%20application.%20Because%20my%20application%20is%20private%20not%20public.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20to%20%3CSTRONG%3E%22create%20Standard%20load%20balancer%20without%20public%20IP%20address%20in%20Azure%3F%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2198503%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPatch%20%26amp%3B%20Change%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2200567%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%3A%20How%20to%20create%20Standard%20Load%20Balancer%20without%20public%20IP%20address%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2200567%22%20slang%3D%22en-US%22%3EYou%20have%20to%20use%20an%20Internal%20Load%20Balancer%20for%20this%20purpose.%20Please%2C%20follow%20the%20doc%20below%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Faks%2Finternal-lb%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Faks%2Finternal-lb%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2284295%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%3A%20How%20to%20create%20Standard%20Load%20Balancer%20without%20public%20IP%20address%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2284295%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F453722%22%20target%3D%22_blank%22%3E%40hspinto%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20per%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faccess.redhat.com%2Fsolutions%2F3215091%2C%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faccess.redhat.com%2Fsolutions%2F3215091%2C%3C%2FA%3E%26nbsp%3BAzure%20internal%20load%20balancer%20is%20not%20suitable%20in%20front%20of%20a%20pool%20of%20master%20nodes%20servicing%20api%20calls%20that%20may%20come%20from%20master%20nodes%20themselves.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2287019%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%3A%20How%20to%20create%20Standard%20Load%20Balancer%20without%20public%20IP%20address%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2287019%22%20slang%3D%22en-US%22%3EHi%3CBR%20%2F%3EYou%20can%20deploy%20an%20internal%20load%20balancer%20that%20can%20allow%20you%20to%20get%20an%20private%20IP%20.%20The%20manifest%20will%20look%20like%20this%20%3A%3CBR%20%2F%3EapiVersion%3A%20v1%3CBR%20%2F%3Ekind%3A%20Service%3CBR%20%2F%3Emetadata%3A%3CBR%20%2F%3Ename%3A%20internal-app%3CBR%20%2F%3Eannotations%3A%3CBR%20%2F%3Eservice.beta.kubernetes.io%2Fazure-load-balancer-internal%3A%20%22true%22%3CBR%20%2F%3Espec%3A%3CBR%20%2F%3Etype%3A%20LoadBalancer%3CBR%20%2F%3Eports%3A%3CBR%20%2F%3E-%20port%3A%2080%3CBR%20%2F%3Eselector%3A%3CBR%20%2F%3Eapp%3A%20internal-app%3CBR%20%2F%3Eand%20you%20deploy%20it%20with%20%3A%3CBR%20%2F%3Ekubectl%20apply%20-f%20YourManifestName.yaml%3CBR%20%2F%3EIf%20you%20didn%E2%80%99t%20specify%20the%20option%20enable%20private%20cluster%20the%20API%20and%20your%20load%20balancer%20remain%20public%20.%20To%20create%20private%20cluster%20see%20the%20link%20below%20%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Faks%2Fprivate-clusters%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Faks%2Fprivate-clusters%3C%2FA%3E%20.%20Check%20also%20this%20very%20good%20article%20on%20how%20to%20setup%20a%20fully%20private%20aks%20cluster%20(%20no%20public%20ip)%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdenniszielke.medium.com%2Ffully-private-aks-clusters-without-any-public-ips-finally-7f5688411184%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdenniszielke.medium.com%2Ffully-private-aks-clusters-without-any-public-ips-finally-7f5688411184%3C%2FA%3E%3C%2FLINGO-BODY%3E
Visitor

I want to run my application with AKS cluster(version - 1.18.14) with the dependency of standard load balancer to create multiple node pools. But, the standard load balancer is creating public IP address. which is not suitable for my application. Because my application is private not public.

 

Is there any way to "create Standard load balancer without public IP address in Azure?"

 

Thanks.

3 Replies
You have to use an Internal Load Balancer for this purpose. Please, follow the doc below:

https://docs.microsoft.com/en-us/azure/aks/internal-lb

@hspinto 

As per https://access.redhat.com/solutions/3215091, Azure internal load balancer is not suitable in front of a pool of master nodes servicing api calls that may come from master nodes themselves.

Hi
You can deploy an internal load balancer that can allow you to get an private IP . The manifest will look like this :
apiVersion: v1
kind: Service
metadata:
name: internal-app
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: internal-app
and you deploy it with :
kubectl apply -f YourManifestName.yaml
If you didn’t specify the option enable private cluster the API and your load balancer remain public . To create private cluster see the link below :
https://docs.microsoft.com/en-us/azure/aks/private-clusters . Check also this very good article on how to setup a fully private aks cluster ( no public ip)
https://denniszielke.medium.com/fully-private-aks-clusters-without-any-public-ips-finally-7f56884111...