NashTech Insights

Ensuring Azure AKS Cluster Uses Azure CNI Networking with Terraform

Atisha Shaurya
Atisha Shaurya
Table of Contents
woman in grey jacket sits on bed uses grey laptop

Azure Kubernetes Service (AKS) is a popular managed Kubernetes service that simplifies deploying, managing, and scaling containerized applications using Kubernetes. One crucial aspect of configuring AKS is choosing the right networking model. Azure Container Networking Interface (CNI) is one such model that offers advanced networking capabilities and integration with other Azure services. In this blog post of ensuring Azure AKS Cluster Uses Azure CNI Networking with Terraform, we’ll explore the benefits of using Azure CNI networking for AKS and guide you through how to ensure its configuration using Terraform.

Firstly let’s duscuss why we need Azure CNI Networking.

Why Choose Azure CNI Networking for AKS?

Azure CNI is a networking model in which each pod in your AKS cluster gets an IP address directly from the Azure Virtual Network (VNet). Here’s why it’s a preferred choice:

  1. IP Address Management: Azure CNI allows each pod to have its IP address from the VNet’s address space. This simplifies IP address management and makes it easier to connect to other Azure resources.
  2. Network Security Groups: With Azure CNI, you can apply Network Security Groups (NSGs) at the pod level, providing fine-grained control over traffic to and from pods. This enhances the security posture of your cluster.
  3. Azure Service Integration: Azure CNI allows pods in your AKS cluster to seamlessly integrate with other Azure services, such as Azure Database for MySQL, without requiring extra configuration.
  4. Kubernetes Network Policies: You can use Kubernetes Network Policies with Azure CNI to define and enforce network access policies within your AKS cluster, improving isolation and security.

So now we have steps to enable Azure CNI in the aks cluster terraform code.

Enabling Azure CNI Networking with Terraform

To ensure that your AKS cluster uses Azure CNI networking with Terraform, follow these steps:

1. Define AKS Cluster Configuration

Create a Terraform configuration file (e.g., aks_cni.tf) with the following content:

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "aks" {
  name     = "my-aks-rg"
  location = "East US"
}

resource "azurerm_virtual_network" "aks" {
  name                = "aks-vnet"
  address_space       = ["10.1.0.0/16"]
  location            = azurerm_resource_group.aks.location
  resource_group_name = azurerm_resource_group.aks.name
}

resource "azurerm_subnet" "aks" {
  name                 = "aks-subnet"
  resource_group_name  = azurerm_resource_group.aks.name
  virtual_network_name = azurerm_virtual_network.aks.name
  address_prefixes     = ["10.1.2.0/24"]
}

resource "azurerm_kubernetes_cluster" "example" {
  name                = "aks-cluster"
  location            = azurerm_resource_group.aks.location
  resource_group_name = azurerm_resource_group.aks.name
  dns_prefix          = "akscluster"

  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2s_v3"
  }

  network_profile {
    network_plugin = "azure"
    network_policy = "azure"
  }
}

In this Terraform configuration:

  • We define an Azure Resource Group, Virtual Network, and Subnet for your AKS cluster.
  • We create the AKS cluster with the network_plugin set to “azure” and network_policy set to “azure,” which indicates that we want to use Azure CNI networking.

2. Initialize Terraform and Apply Configuration

Run the following Terraform commands in your terminal:

terraform init
terraform apply

Terraform will initialize the project and create the AKS cluster with Azure CNI networking enabled. This might take a few minutes.

3. Verify Azure CNI Networking

After the deployment is complete, you can verify that your AKS cluster is using Azure CNI networking by inspecting the pod IP addresses and checking the network configuration of your cluster.

# Get the IP addresses of pods in your namespace
kubectl get pods -o wide

# Check the network plugin in use for your cluster
az aks show -n my-aks-cluster -g my-aks-rg --query "networkProfile.networkPlugin"

Finally we have Conclusion for the blog ensuring Azure AKS Cluster Uses Azure CNI Networking with Terraform.

Conclusion

Enabling Azure CNI networking for your AKS clusters using Terraform provides a robust and integrated networking solution. With individual pod IP addresses, enhanced security through NSGs, seamless Azure service integration, and support for Kubernetes Network Policies, Azure CNI is a powerful choice for AKS networking. By following the steps outlined in this blog post, you can ensure that your AKS clusters use Azure CNI networking for improved performance and security.

Atisha Shaurya

Atisha Shaurya

Leave a Comment

Your email address will not be published. Required fields are marked *

Suggested Article

%d bloggers like this: