Node Outbound
This document describes how to configure your clusters' node outbound traffic.
IPv4 Clusters
For IPv4 clusters ie. clusters with CIDR type is IPv4, CAPZ automatically configures a NAT gateway for node outbound traffic with the default settings. Default, the cluster is IPv4 type unless you specify the CIDR to be an IPv6 address.
To provide custom settings for a node NAT gateway, you can configure the NAT gateway in the node subnets section of cluster configuration by setting the NAT gateway's name. A Public IP will also be created for the NAT gateway once the NAT gateway name is provided.
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: AzureCluster
metadata:
name: cluster-natgw
namespace: default
spec:
location: southcentralus
networkSpec:
vnet:
name: my-vnet
subnets:
- name: subnet-cp
role: control-plane
- name: subnet-node
role: node
natGateway:
name: node-natgw
NatGatewayIP:
name: pip-cluster-natgw-subnet-node-natgw
resourceGroup: cluster-natgw
You can also specify the Public IP name that should be used when creating the Public IP for the NAT gateway. If you don't specify it, CAPZ will automatically generate a name for it.
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: AzureCluster
metadata:
name: cluster-natgw
namespace: default
spec:
location: southcentralus
networkSpec:
vnet:
name: my-vnet
subnets:
- name: subnet-cp
role: control-plane
- name: subnet-node-1
role: node
natGateway:
name: node-natgw-1
NatGatewayIP:
name: pip-cluster-natgw-subnet-node-natgw-1
- name: subnet-node-2
role: node
natGateway:
name: node-natgw-2
NatGatewayIP:
name: pip-cluster-natgw-subnet-node-natgw-2
resourceGroup: cluster-natgw
IPv6 Clusters
For IPv6 clusters ie. clusters with CIDR type is IPv6, NAT gateway is not supported for IPv6 cluster. IPv6 cluster uses load balancer for outbound connections.
Public IPv6 Clusters
For public IPv6 clusters ie. clusters with api server load balancer type set to Public and CIDR type set to IPv6, CAPZ automatically configures a node outbound load balancer with the default settings.
To provide custom settings for the node outbound load balancer, use the nodeOutboundLB section in cluster configuration.
The idleTimeoutInMinutes specifies the number of minutes to keep a TCP connection open for the outbound rule (defaults to 4). See here for more details.
Here is an example of a node outbound load balancer with frontendIPsCount set to 3. CAPZ will read this value and create 3 front end ips for this load balancer.
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: AzureCluster
metadata:
name: my-public-cluster
namespace: default
spec:
location: eastus
networkSpec:
apiServerLB:
type: Public
subnets:
- cidrBlocks:
- 2001:0DB8:0000:1/64
name: subnet-node
role: node
nodeOutboundLB:
frontendIPsCount: 3
idleTimeoutInMinutes: 4
Private IPv6 Clusters
For private IPv6 clusters ie. clusters with api server load balancer type set to Internal and CIDR type set to IPv6, CAPZ does not create a node outbound load balancer by default.
To create a node outbound load balancer, include the nodeOutboundLB section with the desired settings.
Here is an example of configuring a node outbound load balancer with 1 front end ip for a private IPv6 cluster:
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: AzureCluster
metadata:
name: my-private-cluster
namespace: default
spec:
location: eastus
networkSpec:
apiServerLB:
type: Internal
subnets:
- cidrBlocks:
- 2001:0DB8:0000:1/64
name: subnet-node
role: node
nodeOutboundLB:
frontendIPsCount: 1