AKS Egress instructions (#13967)

Signed-off-by: Kalya Subramanian <kasubra@microsoft.com>
2023-10-09 15:37:22 -04:00 · 2023-10-09 15:37:22 -04:00 · 56eb12c044
parent c58ebb99ae
commit 56eb12c044
3 changed files with 78 additions and 2 deletions
--- a/.spelling
+++ b/.spelling
@ -643,6 +643,7 @@ kubectl
 kubelet
 Kubelet
 kubelogin
 Kubenet
 Kubernetes
 kubernetes.default
 KubeSphere
--- a/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
@ -389,9 +389,49 @@ servicesIpv4Cidr: 10.7.240.0/20
 Use `--set values.global.proxy.includeIPRanges="10.4.0.0/14\,10.7.240.0/20"`
-#### Azure Container Service(ACS)
+#### Azure Kubernetes Service (AKS)
-Use `--set values.global.proxy.includeIPRanges="10.244.0.0/16\,10.240.0.0/16`
+##### Kubenet
 To see which service CIDR and pod CIDR are used in the cluster, use `az aks show` and look for the `serviceCidr`:
 {{< text bash >}}
 $ az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep Cidr
    "podCidr": "10.244.0.0/16",
    "podCidrs": [
    "serviceCidr": "10.0.0.0/16",
    "serviceCidrs": [
 {{< /text >}}
 Then use `--set values.global.proxy.includeIPRanges="10.244.0.0/16\,10.0.0.0/16"`
 ##### Azure CNI
 Follow these steps if you are using Azure CNI with a non-overlay networking mode. If using Azure CNI with overlay networking, please follow the [Kubenet instructions](#kubenet). For more information, see the [Azure CNI Overlay documentation](https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay).
 To see which service CIDR is used in the cluster, use `az aks show` and look for the `serviceCidr`:
 {{< text bash >}}
 $ az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep serviceCidr
    "serviceCidr": "10.0.0.0/16",
    "serviceCidrs": [
 {{< /text >}}
 To see which pod CIDR is used in the cluster, use `az` CLI to inspect the `vnet`:
 {{< text bash >}}
 $ az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep nodeResourceGroup
  "nodeResourceGroup": "MC_user-rg_user-cluster_region",
  "nodeResourceGroupProfile": null,
 $ az network vnet list -g MC_user-rg_user-cluster_region | grep name
    "name": "aks-vnet-74242220",
        "name": "aks-subnet",
 $ az network vnet show -g MC_user-rg_user-cluster_region -n aks-vnet-74242220 | grep addressPrefix
    "addressPrefixes": [
      "addressPrefix": "10.224.0.0/16",
 {{< /text >}}
 Then use `--set values.global.proxy.includeIPRanges="10.244.0.0/16\,10.0.0.0/16"`
 #### Minikube, Docker For Desktop, Bare Metal
--- a/content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh
+++ b/content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh
@ -211,6 +211,41 @@ clusterIpv4Cidr: 10.4.0.0/14
 servicesIpv4Cidr: 10.7.240.0/20
 ENDSNIP
 snip_kubenet_1() {
 az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep Cidr
 }
 ! read -r -d '' snip_kubenet_1_out <<\ENDSNIP
    "podCidr": "10.244.0.0/16",
    "podCidrs": [
    "serviceCidr": "10.0.0.0/16",
    "serviceCidrs": [
 ENDSNIP
 snip_azure_cni_1() {
 az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep serviceCidr
 }
 ! read -r -d '' snip_azure_cni_1_out <<\ENDSNIP
    "serviceCidr": "10.0.0.0/16",
    "serviceCidrs": [
 ENDSNIP
 snip_azure_cni_2() {
 az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep nodeResourceGroup
 }
 ! read -r -d '' snip_azure_cni_2_out <<\ENDSNIP
  "nodeResourceGroup": "MC_user-rg_user-cluster_region",
  "nodeResourceGroupProfile": null,
 az network vnet list -g MC_user-rg_user-cluster_region | grep name
    "name": "aks-vnet-74242220",
        "name": "aks-subnet",
 az network vnet show -g MC_user-rg_user-cluster_region -n aks-vnet-74242220 | grep addressPrefix
    "addressPrefixes": [
      "addressPrefix": "10.224.0.0/16",
 ENDSNIP
 snip_minikube_docker_for_desktop_bare_metal_1() {
 kubectl describe pod kube-apiserver -n kube-system | grep 'service-cluster-ip-range'
 }