Node Outbound

This document describes how to configure your clusters' node outbound traffic.

IPv4 Clusters

For IPv4 clusters ie. clusters with CIDR type is IPv4, CAPZ automatically configures a NAT gateway for node outbound traffic with the default settings. Default, the cluster is IPv4 type unless you specify the CIDR to be an IPv6 address.

To provide custom settings for a node NAT gateway, you can configure the NAT gateway in the node subnets section of cluster configuration by setting the NAT gateway's name. A Public IP will also be created for the NAT gateway once the NAT gateway name is provided.

apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureCluster metadata: name: cluster-natgw namespace: default spec: location: southcentralus networkSpec: vnet: name: my-vnet subnets: - name: subnet-cp role: control-plane - name: subnet-node role: node natGateway: name: node-natgw NatGatewayIP: name: pip-cluster-natgw-subnet-node-natgw resourceGroup: cluster-natgw

You can also specify the Public IP name that should be used when creating the Public IP for the NAT gateway. If you don't specify it, CAPZ will automatically generate a name for it.

apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureCluster metadata: name: cluster-natgw namespace: default spec: location: southcentralus networkSpec: vnet: name: my-vnet subnets: - name: subnet-cp role: control-plane - name: subnet-node-1 role: node natGateway: name: node-natgw-1 NatGatewayIP: name: pip-cluster-natgw-subnet-node-natgw-1 - name: subnet-node-2 role: node natGateway: name: node-natgw-2 NatGatewayIP: name: pip-cluster-natgw-subnet-node-natgw-2 resourceGroup: cluster-natgw

IPv6 Clusters

For IPv6 clusters ie. clusters with CIDR type is IPv6, NAT gateway is not supported for IPv6 cluster. IPv6 cluster uses load balancer for outbound connections.

Public IPv6 Clusters

For public IPv6 clusters ie. clusters with api server load balancer type set to Public and CIDR type set to IPv6, CAPZ automatically configures a node outbound load balancer with the default settings.

To provide custom settings for the node outbound load balancer, use the nodeOutboundLB section in cluster configuration.

The idleTimeoutInMinutes specifies the number of minutes to keep a TCP connection open for the outbound rule (defaults to 4). See here for more details.

Here is an example of a node outbound load balancer with frontendIPsCount set to 3. CAPZ will read this value and create 3 front end ips for this load balancer.

apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureCluster metadata: name: my-public-cluster namespace: default spec: location: eastus networkSpec: apiServerLB: type: Public subnets: - cidrBlocks: - 2001:0DB8:0000:1/64 name: subnet-node role: node nodeOutboundLB: frontendIPsCount: 3 idleTimeoutInMinutes: 4

Private IPv6 Clusters

For private IPv6 clusters ie. clusters with api server load balancer type set to Internal and CIDR type set to IPv6, CAPZ does not create a node outbound load balancer by default. To create a node outbound load balancer, include the nodeOutboundLB section with the desired settings.

Here is an example of configuring a node outbound load balancer with 1 front end ip for a private IPv6 cluster:

apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureCluster metadata: name: my-private-cluster namespace: default spec: location: eastus networkSpec: apiServerLB: type: Internal subnets: - cidrBlocks: - 2001:0DB8:0000:1/64 name: subnet-node role: node nodeOutboundLB: frontendIPsCount: 1