istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AKS Egress instructions (#13967) 

Signed-off-by: Kalya Subramanian <kasubra@microsoft.com>
This commit is contained in:
Kalya Subramanian 2023-10-09 15:37:22 -04:00 committed by GitHub
parent c58ebb99ae
commit 56eb12c044
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 78 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.spelling
View File

@ -643,6 +643,7 @@ kubectl
kubelet
Kubelet
kubelogin
Kubenet
Kubernetes
kubernetes.default
KubeSphere

44
content/en/docs/tasks/traffic-management/egress/egress-control/index.md
View File

@ -389,9 +389,49 @@ servicesIpv4Cidr: 10.7.240.0/20
Use `--set values.global.proxy.includeIPRanges="10.4.0.0/14\,10.7.240.0/20"`
#### Azure Container Service(ACS)
#### Azure Kubernetes Service (AKS)
Use `--set values.global.proxy.includeIPRanges="10.244.0.0/16\,10.240.0.0/16`
##### Kubenet
To see which service CIDR and pod CIDR are used in the cluster, use `az aks show` and look for the `serviceCidr`:
{{< text bash >}}
$ az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep Cidr
"podCidr": "10.244.0.0/16",
"podCidrs": [
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
{{< /text >}}
Then use `--set values.global.proxy.includeIPRanges="10.244.0.0/16\,10.0.0.0/16"`
##### Azure CNI
Follow these steps if you are using Azure CNI with a non-overlay networking mode. If using Azure CNI with overlay networking, please follow the [Kubenet instructions](#kubenet). For more information, see the [Azure CNI Overlay documentation](https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay).
To see which service CIDR is used in the cluster, use `az aks show` and look for the `serviceCidr`:
{{< text bash >}}
$ az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep serviceCidr
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
{{< /text >}}
To see which pod CIDR is used in the cluster, use `az` CLI to inspect the `vnet`:
{{< text bash >}}
$ az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep nodeResourceGroup
"nodeResourceGroup": "MC_user-rg_user-cluster_region",
"nodeResourceGroupProfile": null,
$ az network vnet list -g MC_user-rg_user-cluster_region | grep name
"name": "aks-vnet-74242220",
"name": "aks-subnet",
$ az network vnet show -g MC_user-rg_user-cluster_region -n aks-vnet-74242220 | grep addressPrefix
"addressPrefixes": [
"addressPrefix": "10.224.0.0/16",
{{< /text >}}
Then use `--set values.global.proxy.includeIPRanges="10.244.0.0/16\,10.0.0.0/16"`
#### Minikube, Docker For Desktop, Bare Metal

35
content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh
View File

@ -211,6 +211,41 @@ clusterIpv4Cidr: 10.4.0.0/14
servicesIpv4Cidr: 10.7.240.0/20
ENDSNIP
snip_kubenet_1() {
az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep Cidr
}
! read -r -d '' snip_kubenet_1_out <<\ENDSNIP
"podCidr": "10.244.0.0/16",
"podCidrs": [
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
ENDSNIP
snip_azure_cni_1() {
az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep serviceCidr
}
! read -r -d '' snip_azure_cni_1_out <<\ENDSNIP
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
ENDSNIP
snip_azure_cni_2() {
az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep nodeResourceGroup
}
! read -r -d '' snip_azure_cni_2_out <<\ENDSNIP
"nodeResourceGroup": "MC_user-rg_user-cluster_region",
"nodeResourceGroupProfile": null,
az network vnet list -g MC_user-rg_user-cluster_region | grep name
"name": "aks-vnet-74242220",
"name": "aks-subnet",
az network vnet show -g MC_user-rg_user-cluster_region -n aks-vnet-74242220 | grep addressPrefix
"addressPrefixes": [
"addressPrefix": "10.224.0.0/16",
ENDSNIP
snip_minikube_docker_for_desktop_bare_metal_1() {
kubectl describe pod kube-apiserver -n kube-system | grep 'service-cluster-ip-range'
}