Cluster Networking and Advanced Settings
Prerequisite(s)
Overview
A well-defined cluster network plan is important for streamlining and automating the provisioning of networks for clusters, ensuring consistency and efficiency. In this section, you select the network configuration to attach to this cluster plan. When developers self-serve their environments, the cluster's network configuration is determined by the cluster network plan you specify here.
In addition to the cluster network plan, you can specify whether the cluster should be public or private. Private clusters are designed to ensure that the cluster nodes and master components are not exposed to the public internet, enhancing security and compliance. This is particularly useful in scenarios where sensitive data and applications require strict access controls and isolation from external sources.
You can optionally specify advanced cluster network settings such as Authorized Master Network, Authorized Networks, Kubernetes Service Address Range and Azure Outbound Type.
📚 For more details on key points, refer to the overview section.
📚 Explore the properties section for additional information on each UI property.
Define a management peering rule
If your cluster is private, then you need to define a management peering rule. Skip this step if your cluster plan does not enable a private cluster.
CLI Instructions
Create a new cluster plan
Follow the instructions in the details section.
Web Interface Instructions
Steps
- Fill in the cluster network details as outlined in the properties section.
- Click Continue to proceed
Steps
- Fill in the cluster network details as outlined in the properties section.
- Optionally fill in the Advanced settings as outlined in the properties section.
- Click Continue to proceed
Screenshot(s)
Properties
| Field | Description |
|---|---|
| Cluster Network Plan | The cluster network plan to use when configuring the cluster's network. |
| Enable private cluster | When enabled, the cluster's nodes are only accessible from within a private network. |
| Advanced Settings | Advanced settings in relation to the cluster's network. You can optionally configure these. |
| - Authorised master networks | Signifies a collection of network CIDR ranges allowed to access the Kubernetes API directly, and not via Wayfinder. |
| - Authorised networks | This signifies the networks which are allowed to connect to this cluster via Wayfinder, using wf access cluster and kubectl commands. |
| - Kubernetes service address range | IP range from which to assign service IPs within the cluster. - Must not overlap with IP ranges used for your cluster subnets. - Cannot use Azure-reserved ranges: -- 169.254.0.0/16 -- 172.30.0.0/16 -- 172.31.0.0/16 -- 192.0.2.0/24 - It is valid for this range to be the same on multiple AKS clusters, even where their networks are connected / peered. - Format: 1.2.3.4/16 -- Minimum size of /21 allowed -- Maximum size of /12 allowed |
| - Outbound Type | Defines the egress type for the cluster. Default value is "Load Balancer". Option(s): - User Defined Routing - Load Balancer |
What comes next?
Related Reading
- Create a Network Plan
- How to define a management peering rule
- Specify the cluster network configuration details based on your cloud provider: