Skip to content

Commit

Permalink
Use UserDefinedRouting for AKS when running with Private Networking (#…
Browse files Browse the repository at this point in the history 
…779)

Co-authored-by: Blair L Murri <[email protected]>
  • Loading branch information
@MattMcL4475 @BMurri
MattMcL4475 and BMurri authored Aug 26, 2024
1 parent 0829063 commit be0fd81
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 3 deletions.
11 changes: 8 additions & 3 deletions src/deploy-cromwell-on-azure/Configuration.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ public class Configuration : UserAccessibleConfiguration

public abstract class UserAccessibleConfiguration
{
// https://learn.microsoft.com/azure/aks/private-clusters?tabs=azure-portal#configure-a-private-dns-zone CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID
public string AksPrivateDnsZoneResourceId { get; set; }
public string AksNodeResourceGroupName { get; set; }
public string IdentityResourceId { get; set; }
public string AzureCloudName { get; set; } = AzureCloudConfig.DefaultAzureCloudName;
Expand All @@ -44,9 +46,9 @@ public abstract class UserAccessibleConfiguration
public string VmSubnetAddressSpace { get; set; } = "10.1.0.0/24"; // 10.1.0.0 - 10.1.0.255, 256 IPs
public string PostgreSqlSubnetAddressSpace { get; set; } = "10.1.1.0/24"; // 10.1.1.0 - 10.1.1.255, 256 IPs
// Address space for kubernetes system services, must not overlap with any subnet.
public string KubernetesServiceCidr = "10.1.4.0/22"; // 10.1.4.0 -> 10.1.7.255, 1024 IPs
public string KubernetesDnsServiceIP = "10.1.4.10";
public string KubernetesDockerBridgeCidr = "172.17.0.1/16"; // 172.17.0.0 - 172.17.255.255, 65536 IPs
public string KubernetesServiceCidr { get; set; } = "10.1.4.0/22"; // 10.1.4.0 -> 10.1.7.255, 1024 IPs
public string KubernetesDnsServiceIP { get; set; } = "10.1.4.10";
public string KubernetesDockerBridgeCidr { get; set; } = "172.17.0.1/16"; // 172.17.0.0 - 172.17.255.255, 65536 IPs
public string BatchNodesSubnetAddressSpace { get; set; } = "10.1.128.0/17"; // 10.1.128.0 - 10.1.255.255, 32768 IPs

public string ResourceGroupName { get; set; }
Expand Down Expand Up @@ -74,6 +76,9 @@ public abstract class UserAccessibleConfiguration
public string PostgreSqlSubnetName { get; set; }
public string BatchSubnetName { get; set; }
public bool? PrivateNetworking { get; set; } = null;
// https://learn.microsoft.com/azure/aks/egress-outboundtype#outbound-type-of-userdefinedrouting
// https://learn.microsoft.com/azure/aks/egress-udr
public bool? UserDefinedRouting { get; set; } = null;
public string Tags { get; set; } = null;
public string BatchNodesSubnetId { get; set; } = null;
public bool? DisableBatchNodesPublicIpAddress { get; set; } = null;
Expand Down
13 changes: 13 additions & 0 deletions src/deploy-cromwell-on-azure/Deployer.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -933,7 +933,18 @@ private async Task<ContainerServiceManagedClusterResource> ProvisionManagedClust
EnablePrivateClusterPublicFqdn = false
};

if (!string.IsNullOrWhiteSpace(configuration.AksPrivateDnsZoneResourceId))
{
cluster.ApiServerAccessProfile.PrivateDnsZone = configuration.AksPrivateDnsZoneResourceId;
}

cluster.PublicNetworkAccess = ContainerServicePublicNetworkAccess.Disabled;

if (configuration.UserDefinedRouting == true)
{
cluster.NetworkProfile ??= new();
cluster.NetworkProfile.OutboundType = ContainerServiceOutboundType.UserDefinedRouting;
}
}

return await Execute(
Expand Down Expand Up @@ -2212,6 +2223,8 @@ void ValidateHelmInstall(string helmPath, string featureName)
ThrowIfProvidedForUpdate(configuration.CrossSubscriptionAKSDeployment, nameof(configuration.CrossSubscriptionAKSDeployment));
ThrowIfProvidedForUpdate(configuration.ApplicationInsightsAccountName, nameof(configuration.ApplicationInsightsAccountName));
ThrowIfProvidedForUpdate(configuration.PrivateNetworking, nameof(configuration.PrivateNetworking));
ThrowIfProvidedForUpdate(configuration.AksPrivateDnsZoneResourceId, nameof(configuration.AksPrivateDnsZoneResourceId));
ThrowIfProvidedForUpdate(configuration.UserDefinedRouting, nameof(configuration.UserDefinedRouting));
ThrowIfProvidedForUpdate(configuration.VnetName, nameof(configuration.VnetName));
ThrowIfProvidedForUpdate(configuration.VnetResourceGroupName, nameof(configuration.VnetResourceGroupName));
ThrowIfProvidedForUpdate(configuration.SubnetName, nameof(configuration.SubnetName));
Expand Down

0 comments on commit be0fd81

Please sign in to comment.