Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ENH] - Allow further customization Azure node pools #2904

Open
viniciusdc opened this issue Jan 9, 2025 · 0 comments
Open

[ENH] - Allow further customization Azure node pools #2904

viniciusdc opened this issue Jan 9, 2025 · 0 comments

Comments

@viniciusdc
Copy link
Contributor

Feature description

By default, any default pools created for the Azure Kubernetes service dynamically receive a public IP associated with the node. In some scenarios, this needs to be disabled due to security constraints. The relevant affected places are as follows:

nebari/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/main.tf

Lines 34 to 51 in 8a26ea0

default_node_pool {
vnet_subnet_id = var.vnet_subnet_id
name = var.node_groups[0].name
vm_size = var.node_groups[0].instance_type
enable_auto_scaling = "true"
min_count = var.node_groups[0].min_size
max_count = var.node_groups[0].max_size
max_pods = var.max_pods
orchestrator_version = var.kubernetes_version
node_labels = {
"azure-node-pool" = var.node_groups[0].name
}
tags = var.tags
# temparory_name_for_rotation must be <= 12 characters
temporary_name_for_rotation = "${substr(var.node_groups[0].name, 0, 9)}tmp"
}

nebari/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/main.tf

Lines 70 to 87 in 8a26ea0

resource "azurerm_kubernetes_cluster_node_pool" "node_group" {
for_each = { for i, group in var.node_groups : i => group if i != 0 }
name = each.value.name
kubernetes_cluster_id = azurerm_kubernetes_cluster.main.id
vm_size = each.value.instance_type
enable_auto_scaling = "true"
mode = "User" # "System" or "User", only "User" nodes can scale down to 0
min_count = each.value.min_size
max_count = each.value.max_size
max_pods = var.max_pods
node_labels = {
"azure-node-pool" = each.value.name
}
orchestrator_version = var.kubernetes_version
tags = var.tags
vnet_subnet_id = var.vnet_subnet_id
}

where node_public_ip_enabled needs to be directly disabled (see for more info)

Value and/or benefit

It allows nodes to be deployed in the managed resource group but doesn't have public IP addresses attached to their instance node.

Anything else?

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
🪴 Nebari Project Management
Status: New 🚦
Milestone
No milestone
Development

No branches or pull requests
1 participant
@viniciusdc