Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(SURE-3392) [RFE] Enable possibility to set private DNS on AKS provisioning #131

Closed
3 tasks done
mjura opened this issue Feb 14, 2023 · 10 comments
Closed
3 tasks done

(SURE-3392) [RFE] Enable possibility to set private DNS on AKS provisioning #131

mjura opened this issue Feb 14, 2023 · 10 comments
Assignees
@mjura @cpinjani
Labels
area/network area/ui JIRA Must shout kind/enhancement New feature or request
Milestone
v2.9.0

Comments

@mjura
Copy link
Contributor

mjura commented Feb 14, 2023
edited
Loading

Request description:

Enable the possibility to set private DNS on AKS provisioning cluster.

Actual behavior:

Currently, there is no setting in Rancher to set a private DNS for AKS cluster.

Expected behavior:

Add the possibility to set private DNS on AKS provisioning cluster.

Additional notes:

Customer network infrastructure is more or less the same as the "hub and spoke" on the page: https://docs.microsoft.com/en-us/azure/aks/private-clusters#hub-and-spoke-with-custom-dns

Customer DNS is centralized in the hub network, and they want to run AKS clusters in spoke networks.
To get it to work, they need to be able to point the AKS clusters to the central private DNS zone. Otherwise, the created AKS cluster's Kubernetes API endpoint address won't resolve, and the cluster will fail to provision, and the VMs can't resolve the Kubernetes API address.

Additional Azure documentation on how to set a custom private DNS zone: https://docs.microsoft.com/en-us/azure/aks/private-clusters#create-a-private-aks-cluster-with-a-custom-private-dns-zone

Changes:
@mjura mjura self-assigned this Feb 14, 2023
@mjura mjura mentioned this issue Feb 14, 2023
Closed
@kkaempf kkaempf added the kind/enhancement New feature or request label Apr 5, 2023
@kkaempf
Copy link

kkaempf commented Apr 5, 2023

See also rancher/dashboard#7163

@kkaempf kkaempf added this to the 2023-Q3-v2.7x milestone May 3, 2023
@gaktive gaktive mentioned this issue Jul 11, 2023
Closed
@kkaempf kkaempf mentioned this issue Jul 12, 2023
Closed
@gaktive
Copy link
Member

gaktive commented Jul 13, 2023

@kkaempf not sure what labels are in use on this repo but as noted elsewhere, UI is blocked by this, not the other way around.

@kkaempf kkaempf modified the milestones: 2023-Q3-v2.7x, 2023-Q4-v2.8x Jul 17, 2023
@mjura mjura self-assigned this Jul 26, 2023
@mjura mjura moved this from Backlog to In Progress in CAPI & Hosted Kubernetes providers (EKS/AKS/GKE) Jul 26, 2023
@mjura mjura mentioned this issue Aug 3, 2023
Merged
mjura added a commit to mjura/aks-operator that referenced this issue Aug 3, 2023
@mjura
Add PrivateDNSZone for private clusters
af6cfeb 
Issue: rancher#131
mjura added a commit to mjura/aks-operator that referenced this issue Aug 7, 2023
@mjura
Add PrivateDNSZone for private clusters
6513b9e 
Issue: rancher#131
@mjura
Copy link
Contributor Author

mjura commented Oct 31, 2023

It is still blocked by UI, I have updated UI issue rancher/dashboard#7163 (comment)

@kkaempf kkaempf modified the milestones: v2.8.0, 2024-Q1-v2.8x Dec 8, 2023
@kkaempf kkaempf modified the milestones: v2.8-Next1, v2.9.0 Jan 25, 2024
@kkaempf
Copy link

kkaempf commented Jan 25, 2024

UI scheduled it for 2.9.0, adapting milestone accordingly

@cpinjani cpinjani self-assigned this Feb 6, 2024
@cpinjani
Copy link
Contributor

Blocked, requires UI fixes rancher/dashboard#7163 (comment)

@gaktive
Copy link
Member

gaktive commented Apr 22, 2024

UI has a solution in rancher/dashboard#10744 that has been merged so backend should be unblocked.

@kkaempf is ui-blocked the right label here? If there's something like "blocked by UI" that sounds more apt but I haven't reviewed all the labels on these repos for context.

@kkaempf
Copy link

kkaempf commented Apr 23, 2024

Fixed the label.

@mjura @cpinjani - ptal, we might be unblocked.

@cpinjani
Copy link
Contributor

cpinjani commented Apr 23, 2024
edited
Loading

Seems unblocked as rancher/dashboard#7163 is fixed, adding "To Test", thanks.

@cpinjani
Copy link
Contributor

cpinjani commented May 6, 2024

Validated on build: v2.9-6d87a11ea46b7571646d7c3d7af704584c39fd62-head,
AKS Private cluster provisioning by running Rancher on the same vNet as the AKS nodes blocked due to UI issue rancher/dashboard#10431

Meanwhile tested via API and fix working fine.

spec:
  agentImageOverride: ''
  aksConfig:
    authBaseUrl: null
    authorizedIpRanges: null
    azureCredentialSecret: cattle-global-data:cc-twdkj
    baseUrl: null
    clusterName: cpinjani-priv11
    dnsPrefix: cpinjani-priv11
    dnsServiceIp: 10.0.0.10
    dockerBridgeCidr: null
    httpApplicationRouting: null
    imported: false
    kubernetesVersion: 1.28.5
    linuxAdminUsername: azureuser
    loadBalancerSku: standard
    logAnalyticsWorkspaceGroup: null
    logAnalyticsWorkspaceName: null
    managedIdentity: true
    monitoring: null
    networkPlugin: kubenet
    networkPolicy: calico
    nodePools:
      - availabilityZones:
          - '1'
          - '2'
          - '3'
        count: 1
        enableAutoScaling: false
        maxPods: 110
        maxSurge: '1'
        mode: System
        name: agentpool
        orchestratorVersion: 1.28.5
        osDiskSizeGB: 128
        osDiskType: Managed
        osType: Linux
        vmSize: Standard_DS2_v2
        vnetSubnetID: >-        /subscriptions/<REDACTED>/resourceGroups/<REDACTED>/providers/Microsoft.Network/virtualNetworks/<REDACTED>/subnets/aks-subnet
    outboundType: loadBalancer
    podCidr: null
    privateCluster: true
    privateDnsZone: >-
      /subscriptions/<REDACTED>/resourceGroups/cpinjani-priv/providers/Microsoft.Network/privateDnsZones/<REDACTED>
    resourceGroup: cpinjani-priv
    resourceLocation: eastus
    serviceCidr: 10.0.0.0/16
    subnet: null
    tags:
    userAssignedIdentity: >-
      /subscriptions/<REDACTED>/resourcegroups/cpinjani-priv/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<REDACTED>
    virtualNetwork: null
    virtualNetworkResourceGroup: null

@cpinjani
Copy link
Contributor

Validation passed on build: v2.9-c1d92781561c0d4d5a18b32b2f312655dfe67e9c-head

  • User able to set privateDNS on AKS private cluster provisioning
  • Setting privateDNS on AKS provisioning is only available while private cluster provisioning and is optional

image

Spec:

aksConfig:
    authBaseUrl: null
    authorizedIpRanges: null
    azureCredentialSecret: cattle-global-data:cc-dcgtt
    baseUrl: null
    clusterName: cpinjani-priv
    dnsPrefix: cpinjani-priv
    dnsServiceIp: 10.0.0.10
    dockerBridgeCidr: null
    httpApplicationRouting: null
    imported: false
    kubernetesVersion: 1.29.2
    linuxAdminUsername: azureuser
    loadBalancerSku: standard
    logAnalyticsWorkspaceGroup: null
    logAnalyticsWorkspaceName: null
    managedIdentity: true
    monitoring: null
    networkPlugin: kubenet
    networkPolicy: calico
    nodePools:
      - availabilityZones:
          - '1'
          - '2'
          - '3'
        count: 1
        maxPods: 110
        maxSurge: '1'
        mode: System
        name: agentpool
        orchestratorVersion: 1.29.2
        osDiskSizeGB: 128
        osDiskType: Managed
        osType: Linux
        vmSize: Standard_DS2_v2
    outboundType: loadBalancer
    podCidr: null
    privateCluster: true
    privateDnsZone: >-
      /subscriptions/<REDACTED>/resourceGroups/<REDACTED>/providers/Microsoft.Network/privateDnsZones/<REDACTED>
    resourceGroup: <REDACTED>
    resourceLocation: eastus
    serviceCidr: 10.0.0.0/16
    subnet: null
    tags:
      Account Type: group
    userAssignedIdentity: >-
      /subscriptions/<REDACTED>/resourcegroups/<REDACTED>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<REDACTED>
    virtualNetwork: null
    virtualNetworkResourceGroup: null

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mjura mjura

@cpinjani cpinjani

Labels
area/network area/ui JIRA Must shout kind/enhancement New feature or request
Projects
CAPI & Hosted Kubernetes providers (EKS/AKS/GKE)
Archived in project
Milestone
v2.9.0
Development

No branches or pull requests
5 participants
@kkaempf @mjura @gaktive @cpinjani @Jono-SUSE-Rancher