I have a Kubernetes AKS cluster running in a Site-2-Site connected subnet. Kubernetes is able to automatically create an external LB for a service. This ends up with a config that looks like this:
- Frontend IP config:
52.123.123.12 - Backend pools: kubernetes (2 virtual machines)
- Health probes:
- Protocol:
TCP, Port:30231, Interval:5, Unhealthy threshold:2(Note:30231is the port where HTTPS is reachable on each node) - Protocol:
TCP, Port:32525, Interval:5, Unhealthy threshold:2(Note:32525is the port where HTTP is reachable on each node)
- Protocol:
- Load balancing rules:
- IPv4, Frontend IP:
52.123.123.12, Port:443, Backend port:443, Backend pool:kubernetes (2 virtual machines), Health probe:the one for 30231 - IPv4, Frontend IP:
52.123.123.12, Port:80, Backend port:80, Backend pool:kubernetes (2 virtual machines), Health probe:the one for 32525
- IPv4, Frontend IP:
- Inboud NAT rules: none
The external LB routes everything just fine
Now what I'm trying to do is to manually create an identical LB like this, except internal. I've created an ILB, and added the backend pool, health probes and LB rules with the exact same config as the external LB above (with the exception of the IP).
The internal LB is on IP 10.240.140.5, which is the same subnet as the nodes themselves 10.240.140.0/24. I am able to reach both ports 30231,32525 on both nodes 10.240.140.1,10.240.140.2 directly, but if I try to reach the ILB (10.240.140.5:80 or 10.240.140.5:443), the connection just times out. Even though the same exact configuration of pool + probes + rules worked just fine on an external LB.
Any ideas?
