The more I use AKS the more cool things I find. This article is one of them. So when AKS is created Azure creates a special resource group for all of the resources like load balancers, vmss, etc. This resource group starts with MC_. When you create a service in kubernetes that uses type load balancer it will add a public IP address to this resource group too. Nice and easy. But say you have a public IP address already created but not in use, one that you have given access through some NSG’s or Firewalls to your other resources. Using this guide below you can do this. It even shows you how to create a new public IP address and set the correct permissions.
Enough talk lets get to it. Oh and as you can probably see I have a little video that walks through the steps also.
Create a static IP address and set permissions
To create a Public IP address use the following command. Just change the resource group and name to something you want to use.
1 2 3 4 |
az network public-ip create \ --resource-group Pixel-General-UKS \ --name Pixel-AKS-PIP \ --allocation-method static |

If you missed the IP address in the output above you can use the following command to retrieve it.
1 |
az network public-ip show --resource-group Pixel-General-UKS --name Pixel-AKS-PIP --query ipAddress --output tsv |

So now we have our public IP It’s time to give the service principal used by the AKS cluster the delegated permissions to the resource group the public IP address resides in. To do that use the following. Just make sure you change the 3 environment values to match yours.
1 2 3 4 5 6 7 8 9 10 11 12 |
# Enter your details below. PIP_RESOURCE_GROUP=Pixel-General-UKS AKS_RESOURCE_GROUP=PixelWinAKS-RG AKS_CLUSTER_NAME=PixelWinAKS # Do not change anything below this line CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv) SUB_ID=$(az account show --query "id" --output tsv) az role assignment create\ --assignee $CLIENT_ID \ --role "Network Contributor" \ --scope /subscriptions/$SUB_ID/resourceGroups/$PIP_RESOURCE_GROUP |

Create a kubernetes service using the static IP
To use the IP address we need to add an annotation to the service definition. You can see my example below with the annotation. Just make sure you change the resource group and IP address values to match yours.
apiVersion: v1 | |
kind: Service | |
metadata: | |
annotations: | |
service.beta.kubernetes.io/azure-load-balancer-resource-group: Pixel-General-UKS | |
name: azurelbpip | |
spec: | |
loadBalancerIP: 51.140.94.151 | |
type: LoadBalancer | |
ports: | |
- port: 433 | |
selector: | |
app: azurelbpip |
Save the above as azurelbpip.yaml and save it somewhere reachable.
Then navigate to the folder that has your yaml file in and run the following.
1 |
kubectl apply -f azurelbpip.yaml |

To check the IP address has been assigned use the following command.
1 |
kubectl get service azurelbpip --watch |
As soon as you see the IP address you are all set. Just hit Ctrl+C to exit the watch.

There you have it! You have now created an Azure load balancer with a static IP address for your AKS cluster.
I hope you found this article helpful. If you have any questions please reach put.
1 Comment
Romain Wilbert · February 4, 2020 at 9:20 am
I can’t figure if this is possible to use same public IP for mutiple services using different ports. This is silly to burn a public IP each time a new service is deployed.