Share:
Twitter
LinkedIn
Facebook
Reddit
Whatsapp
Follow by Email
Reading Time: 2 minutes

Hey everyone! Today, I’m excited to share a new feature that’s just hit preview in Azure Kubernetes Service (AKS). If you’ve ever wrestled with managing IP addresses for API server access, you’re going to love this. Azure has introduced the ability to use Service Tags for API Server authorized IP ranges, and it’s a game-changer.

Why This Feature is Awesome

If you’ve been running AKS clusters for a while, you know how tricky it can be to manage IP address ranges for the API server. It’s like trying to keep track of a moving target, especially when you’re dealing with multiple services that need access. Enter Service Tags—these handy tools let you specify a whole group of IP addresses with just one tag. No more manually updating IP ranges when Azure services change their addresses!

For example, let’s say you want all Azure services to access your AKS API server. With this new feature, you can simply use the AzureCloud Service Tag. It’s quick, it’s easy, and it reduces the chance of making mistakes.

Limitations and Where It’s Available

Before you get too excited, there are a few things you need to know:

Not Compatible with API Server VNet Integration: Unfortunately, this feature doesn’t play well with API Server VNet Integration. So, if you’re using that, you’ll need to stick with traditional IP ranges for now.

Only in Certain Regions: As of now, this feature is only available in the following regions:

  • eastus2euap
  • centraluseuap
  • westcentralus
  • eastasia
  • uksouth
  • eastus

It’s also worth mentioning that this feature is still in preview. That means it’s provided “as is,” and it’s not recommended for production use. Support is best-effort, and there’s no service-level agreement (SLA) backing it up just yet.

What Are Service Tags Anyway?

In case you’re new to Service Tags, let me give you a quick rundown. Service Tags are basically predefined groups of IP addresses used by Azure services. Microsoft keeps these up-to-date for you, so you don’t have to worry about manually maintaining your network security rules. If you’re interested in seeing all the available Service Tags, check out the official documentation here.

How to Get Started

If you’re ready to give this a spin, here’s how you can enable and use this feature:

1. Install the AKS Preview Extension: First things first, you’ll need the AKS preview extension in your Azure CLI. Here’s how to get it:

And don’t forget to keep it updated:

2. Register the Feature Flag: Next, you need to register the feature flag that enables Service Tags for API server authorized IP ranges.

Give it a few minutes to complete, and then verify the registration:

3. Create Your AKS Cluster: Once everything’s set up, you can create a new AKS cluster with the Service Tag authorized IP range like this:

With this command, you’re allowing all Azure services (via the AzureCloud Service Tag) and a specific IP address (20.20.20.20) to access your AKS API server.

Final Thoughts

I’m really excited about the potential of this feature. It’s a small change, but it makes managing AKS clusters that much easier. By using Service Tags, you can reduce complexity and make sure your AKS clusters are accessible to the right Azure services without all the hassle.

As always, if you give this a try, I’d love to hear how it works for you. Drop a comment or reach out on Twitter!

Share:
Twitter
LinkedIn
Facebook
Reddit
Whatsapp
Follow by Email

Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *