Reputation: 11
AKS Load Balancer IP Address Not Accessible
I created a load balancer for service in AKS, and the load balancer got approved to be accessible from AKS Network Subnet Group. The load balancer has an external IP address corresponding to an internal service. But I'm not able to access the IP address provided by the load balancer.
Upvotes: 1
Views: 7845
Answers (1)
Reputation: 1210
Please perform a kubectl get service -n <namespace> on the AKS cluster:
If you see something like the following, where the External-IP is a Public IP address:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-service LoadBalancer 10.0.192.89 20.69.145.115 80:31541/TCP 6s
then the Service was allocated a Public IP address from the Frontend IP addresses of the AKS public Load Balancer. Please ensure that all Network Security Groups associated with the AKS cluster subnet or the node virtual machines' network interfaces effectively Allow Inbound traffic from the Internet or the Public IP address (range) from which you are trying to connect. Please also ensure that there are no Firewalls, Network Virtual Appliances etc. which blocks inbound traffic to the AKS cluster subnet and node virtual machines.
If you see something like the following where the External-IP is a private IP address:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-service LoadBalancer 10.0.184.168 10.240.0.25 80:30225/TCP 4m
then you have created an Azure Internal Load Balancer Service on the AKS cluster and a private IP address from the associated virtual network was associated to the Service. Please ensure that you are connecting to the Service from a device inside the AKS cluster's virtual network or a connected network(like peered virtual networks, virtual networks connected over a VPN gateway, on-premise network connected to the Azure Virtual network). Default Network Security Group rules allow connectivity inside the virtual network and connected networks, however if custom rules are added please ensure that the effective rules allow traffic between the source and the AKS cluster subnet and node Virtual machines.
In a third scenario, you might see the External-IP <pending> for a very long time as in the following:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-service LoadBalancer 10.0.192.89 <pending> 80:31541/TCP 45m
In this case please describe the Service using kubectl describe service. Under the events section of the output, you might find errors during EnsuringLoadBalancer. Please ensure that annotations are correctly set in the service manifest and correct permissions are granted to the AKS cluster's managed identity or service p[rincipal as described in:
https://learn.microsoft.com/en-us/azure/aks/internal-lb and/or
https://learn.microsoft.com/en-us/azure/aks/static-ip
Upvotes: 5
Related Questions
- load balancer not reachable after creating as service
- source IP using AKS azure internal load balancer
- AKS load balancer service accessible on wrong port
- How to allocate a static IP for an internal load balancer in Azure AKS
- Unable to create AKS load balance with static public IP
- AKS load balancer static IP assignment not working (stays pending)
- Azure kubernetes service loadbalancer external IP not accessible
- Load Balancer not getting Public IP on Azure AKS-engine
- AKS loadbalancer expose different external IP address
- Azure aks could not access to EXTERNAL-IP