11/9/2023 0 Comments Mac controlplane mountWhy are two resource groups created with AKS?ĪKS builds upon many Azure infrastructure resources, including Virtual Machine Scale Sets, virtual networks, and managed disks. This is useful in cases where your cluster egress is done via a layer 7 firewall, such as when using Azure Firewall with Application Rules. Yes, you can add the annotation /set-kube-service-host-fqdn to pods to set the KUBERNETES_SERVICE_HOST variable to the domain name of the API server instead of the in-cluster service IP. Can my pods use the API server FQDN instead of the cluster IP? Verify all network rules follow the Azure required network rules and FQDNs. The current main tunnel that is used by AKS is Konnectivity, previously known as apiserver-network-proxy. The tunnel is secured through mTLS encryption. How does the managed Control Plane communicate with my Nodes?ĪKS uses a secure tunnel communication to allow the api-server and individual node kubelets to communicate even on separate virtual networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |