The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119. Here is a list of Azure resource assumptions that are required for cloud provider Azure: All Azure resources MUST be under the same tenant. All virtual machine names MUST be the same as their hostname. The cluster name set for kube-controller-manager --cluster-na...| Topics on Cloud Provider Azure
Azure cloud provider requires a set of permissions to manage the Azure resources. Here is a list of all permissions and reasons of why they’re required. // Required to create, delete or update LoadBalancer for LoadBalancer service Microsoft.Network/loadBalancers/deleteMicrosoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/writeMicrosoft.Network/loadBalancers/backendAddressPools/readMicrosoft.Network/loadBalancers/backendAddressPools/writeMicrosoft.Network/loadBalancers/backendA...| Topics on Cloud Provider Azure
Feature Status: Alpha since v1.12. Kubernetes v1.12 adds support for Azure availability zones (AZ). Nodes in availability zone will be added with label failure-domain.beta.kubernetes.io/zone=<region>-<AZ> and topology-aware provisioning is added for Azure managed disks storage class. TOC: Availability ZonesPre-requirements Node labels Load Balancer Managed DisksStorageClass examples PV examples Appendix Reference Pre-requirements Because only standard load balancer is supported with AZ, it is...| Topics on Cloud Provider Azure
Kubernetes v1.26 adds support for using Azure VMSS Flex VMs as the cluster nodes. Besides, mixing up different VM types in the same cluster is also supported. There is no API change expected from end users’ perspective when manipulating the Kubernetes cluster, however, users can choose to specify the VM type when configuring the Cloud Provider to further optimize the API calls in Cloud Controller Manager. Below are the configurations suggested based on the cluster modes.| Topics on Cloud Provider Azure
Feature status: GA since v1.21. Kubernetes v1.21 adds support for cross resource group (RG) nodes and unmanaged (such as on-prem) nodes in Azure cloud provider. A few assumptions are made for such nodes: Cross-RG nodes are in same region and set with required labels (as clarified in the following part) Nodes will not be part of the load balancer managed by cloud provider Both node and container networking should be configured properly by provisioning tools AzureDisk is supported for Azure cro...| Topics on Cloud Provider Azure
This feature is supported since v1.20.0. Provider Azure supports sharing one IP address among multiple load balancer typed external or internal services. To share an IP address among multiple public services, a public IP resource is needed. This public IP could be created in advance or let the cloud provider provision it when creating the first external service. Specifically, Azure would create a public IP resource automatically when an external service is discovered.| Topics on Cloud Provider Azure
This feature is supported since v1.20.0. We could use tags to organize your Azure resources and management hierarchy. Cloud Provider Azure supports tagging managed resource through configuration file or service annotation. Specifically, the shared resources (load balancer, route table and security group) could be tagged by setting tags in azure.json: {"tags":"a=b,c=d"} the controller manager would parse this configuration and tag the shared resources once restarted. The non-shared resource (p...| Topics on Cloud Provider Azure
As part of Out-of-Tree Credential Providers, the kubelet builtin image pulling from ACR (which could originally be enabled by setting kubelet --azure-container-registry-config=<config-file>) would be moved out-of-tree credential plugin acr-credential-provider. Please refer the original KEP and the credential provider KEP for details. In order to switch the kubelet credential provider to out-of-tree, you’ll have to Remove --azure-container-registry-config from kubelet configuration options. ...| Topics on Cloud Provider Azure
This feature is supported since v1.21.0. Background The in-tree Node IPAM controller only supports a fixed node CIDR mask size for all nodes, while in multiple node pool (VMSS) scenarios, different mask sizes are required for different node pools. There is a GCE-specific cloud CIDR allocator for a similar scenario, but that is not exposed in cloud provider API and it is planned to be moved out-of-tree. Hence this docs proposes an out-of-tree node IPAM controller. Specifically, allocate differ...| Topics on Cloud Provider Azure
Azure Private Link Service (PLS) is an infrastructure component that allows users to privately connect via a Private Endpoint (PE) in a VNET in Azure and a Frontend IP Configuration associated with an Azure Load Balancer (ALB). With Private Link, users as service providers can securely provide their services to consumers who can connect from within Azure or on-premises without data exfiltration risks. Before Private Link Service integration, users who wanted private connectivity from on-premi...| Topics on Cloud Provider Azure
Azure LoadBalancer basics.| Cloud Provider Azure