Azure Cloud Provider
To enable the Azure cloud provider, besides setting the name as azure, there are specific configuration options that must be set. Additionally, the Azure node name must also match the Kubernetes node name.
cloud_provider:
name: azure
azureCloudProvider:
aadClientId: xxxxxxxxx
aadClientSecret: xxxxxxxxx
location: xxxxxxxxx
resourceGroup: xxxxxxxxx
subnetName: xxxxxxxxx
subscriptionId: xxxxxxxxx
vnetName: xxxxxxxxx
tenantId: xxxxxxxxx
securityGroupName: xxxxxxxxx
Overriding the hostname
Since the Azure node name must match the Kubernetes node name, you override the Kubernetes name on the node by setting the hostname_override for each node. If you do not set the hostname_override, the Kubernetes node name will be set as the address, which will cause the Azure cloud provider to fail.
nodes:
- address: x.x.x.x
hostname_override: azure-rke1
user: ubuntu
role:
- controlplane
- etcd
- worker
Azure Configuration Options
Besides the minimum set of options, there are many other options that are supported in RKE:
| Azure Configuration Options | Type | Required | Description |
|---|---|---|---|
| tenantId | string | * | The Azure Active Directory (Azure AD) tenant ID for the subscription that the cluster is deployed in. |
| subscriptionId | string | * | The ID of the Azure subscription that the cluster is deployed in. |
| aadClientId | string | * | The client ID for an Azure AD application with RBAC access to talk to Azure Resource Manager APIs. This is used for service principal authentication. |
| aadClientSecret | string | * | The client secret for an Azure AD application with RBAC access to talk to Azure Resource Manager APIs. This is used for service principal authentication. |
| cloud | string | The cloud environment identifier. Takes values from here. | |
| resourceGroup | string | The name of the resource group that the Vnet is deployed in. | |
| location | string | The location of the resource group that the cluster is deployed in. | |
| vnetName | string | The name of the virtual network that the cluster is deployed in. | |
| vnetResourceGroup | string | The name of the resource group that the virtual network is deployed in. | |
| subnetName | string | The name of the subnet that the cluster is deployed in. | |
| securityGroupName | string | The name of the security group attached to the cluster's subnet. | |
| routeTableName | string | The name of the route table attached to the subnet that the cluster is deployed in. | |
| primaryAvailabilitySetName | string | The name of the availability set that should be used as the load balancer backend. If this is set, the Azure cloud provider will only add nodes from that availability set to the load balancer backend pool. If this is not set, and multiple agent pools (availability sets) are used, then the cloud provider will try to add all nodes to a single backend pool which is forbidden. In other words, if you use multiple agent pools (availability sets), you must set this field. | |
| vmType | string | The type of Azure nodes. Candidate values are: vmss and standard. If not set, it will be default to standard. Set to vmss if the cluster is running on Azure virtual machine scale sets instead of standard machines. | |
| primaryScaleSetName | string | The name of the scale set that should be used as the load balancer backend. If this is set, the Azure cloud provider will only add nodes from that scale set to the load balancer backend pool. If this is not set, and multiple agent pools (scale sets) are used, then the cloud provider will try to add all nodes to a single backend pool which is forbidden. In other words, if you use multiple agent pools (scale sets), you must set this field. | |
| aadClientCertPath | string | The path of a client certificate for an Azure AD application with RBAC access to talk to Azure Resource Manager APIs. This is used for client certificate authentication. | |
| aadClientCertPassword | string | The password of the client certificate for an Azure AD application with RBAC access to talk to Azure Resource Manager APIs. This is used for client certificate authentication. | |
| cloudProviderBackoff | bool | Enable exponential backoff to manage resource request retries. | |
| cloudProviderBackoffRetries | int | Backoff retry limit. | |
| cloudProviderBackoffExponent | int | Backoff exponent. | |
| cloudProviderBackoffDuration | int | Backoff duration. | |
| cloudProviderBackoffJitter | int | Backoff jitter. | |
| cloudProviderRateLimit | bool | Enable rate limiting. | |
| cloudProviderRateLimitQPS | int | Rate limit QPS. | |
| cloudProviderRateLimitBucket | int | Rate limit bucket Size. | |
| useInstanceMetadata | bool | Use instance metadata service where possible. | |
| useManagedIdentityExtension | bool | Use managed service identity for the virtual machine to access Azure Resource Manager APIs. This is used for managed identity authentication. For user-assigned managed identity, UserAssignedIdentityID needs to be set. | |
| UserAssignedIdentityID | string | The client ID of the user assigned Managed Service Identity (MSI) which is assigned to the underlying VMs. This is used for managed identity authentication. | |
| maximumLoadBalancerRuleCount | int | The limit enforced by Azure Load balancer. The default is 0 and maximum is 148. | |
| LoadBalancerSku | string | SKU of the load balancer and public IP. Valid values are basic or standard. Default(blank) to basic. | |
| ExcludeMasterFromStandardLB | bool | Excludes master nodes (labeled with node-role.kubernetes.io/master) from the backend pool of Azure standard loadbalancer. Defaults to nil. |