Azure VPC

The following example will be used to illustrate configuration schema.

vpc:
  the-first-vpc:
    type: azurerm-provision-vpc
    resource_group_name: maxkho-mng-cluster-rg
    address_space: 10.20.0.0/16
    dns_service_ip: "10.0.0.10"
    subnets:
      pods:
        cidr: 10.20.1.0/24
        name: "pods"
      docker_bridge_cidr: 172.17.0.1/16
      service_cidr: 10.0.0.0/16
  the-second-vpc:
    type: azurerm-existing-vpc
    resource_group_name: existing-rg
    dns_service_ip: "10.0.0.10"
    subnets:
      pods:
        name: "default"
      docker_bridge_cidr: 172.17.0.1/16
      service_cidr: 10.0.0.0/16

It is important to emphasize that although the term “VPC” is used in the configuration file for Azure, in essence, it denotes the concept of Azure Virtual Networks. We use the acronym VPC to follow the same naming standards that are used in AWS and GCP.

VPCs (VNets) are defined using YAML syntax as described in the table below

Element

Description

vpc

Parent element for VPC (VNet) definitions, contains a list of named networks.

the-first-vpc, the-second-vpc

VPC (VNet) identifier. Groups VPC (VNet) settings. OpeNgine will assign this name to VPC (VNet), also used as a reference in other configuration sections.

type

For Azure virtual networks, type can have 2 values: azurerm-provision-vpc - the network will be provisioned and configured by OpeNgine, azurerm-existing-vpc - the network already exists and OpeNgine will use it to configure the infrastructure.

resource_group_name

Azure Resource Group where VPC (VNet) should be created (or, in case of existing network, the name of the existing Resource Group contaning this network)

dns_service_ip

IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Defaults to 10.0.0.10

subnets

Parent element for subnets used by AKS cluster.

subnets.pods.cidr

IP range of the Pods subnet. Can be omitted for existing VNets, but is mandatory for new VNets.

subnets.pods.name

Name of the Pods subnet should be set here. For new VNets, OpeNgine will use this name when creating a subnet. For existing VNets, this should be the name of the existing subnet where you want AKS pods to be placed in.

subnets.docker_bridge_cidr

IP address (in CIDR notation) used as the Docker bridge IP address on nodes. This network should be outside the IP range of the VNet where the cluster is being deployed. It should also not overlap with any other VNets with which this VNet peers.

subnets.service_cidr

The Network Range used by the Kubernetes service. This network should be outside the IP range of the VNet where the cluster is being deployed. It should also not overlap with any other VNets with which this VNet peers.

References: