1

I am trying to connect an Azure Kubernetes Service instance to an "On premise" SQL Server through a VPN Gateway.

I'm using this command to create the cluster:

az aks create \
   --resource-group ${rg} \
   --name ${name} \
   --node-count ${nodeCount} \
   --node-vm-size ${vmsize} \
   --service-principal ${appId} \
   --client-secret ${password} \
   --generate-ssh-keys \
   --pod-cidr 10.2.244.0/24 \
   --service-cidr 10.2.10.0/24 \
   --dns-service-ip 10.2.10.10 \
   --docker-bridge-address 172.17.0.1/16 \
   --network-plugin kubenet \
   --vm-set-type VirtualMachineScaleSets \
   --kubernetes-version 1.15.7 \
   --load-balancer-sku standard

However this will create an AKS cluster and default Vnet in a resource group called MC_${rg}${name}${location}. The Vnet has an address space 10.0.0.0/8.

This Vnet prevents me from connecting a VPN Gateway as because 10.0.0.0/8 collides with every possible IP address in the 10.X.X.X range.

What is the correct way to setup a VPN Gateway to an Azure Kubernetes Service?

cfbd
  • 127
  • 1
  • 6

1 Answers1

3

The method you are using has AKS create the vnet it sits in for you, so you have no control over how it is configured etc, this is called Kubenet networking.

For you to be able to control how the vNet is configured and setup VPN etc. you need to use what is called CNI networking, which allows you to create the vNet upfront or use an existing vNet, and then add AKS to that vnet.

To use CNI you still use the az aks create command, but supply the "--network-plugin Azure" flag. You will then also be required to supply additional information such as the vnet ID. Full instructions can be found here.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113