sigs.k8s.io/cluster-api-provider-azure@v1.14.3/docs/book/src/topics/api-server-endpoint.md (about) 1 # API Server Endpoint 2 3 This document describes how to configure your clusters' api server load balancer and IP. 4 5 ### Load Balancer Type 6 7 CAPZ supports two load balancer types, `Public` and `Internal`. 8 9 `Public`, which is also the default, means that your API Server Load Balancer will have a publicly accessible IP address. This Load Balancer type supports a "public cluster" configuration, which load balances internet source traffic to the apiserver across the cluster's control plane nodes. 10 11 `Internal` means that the API Server endpoint will only be accessible from within the cluster's virtual network (or peered VNets). This configuration supports a "private cluster" configuration, which load balances internal VNET source traffic to the apiserver across the cluster's control plane nodes. 12 13 For a more complete "private cluster" template example, you may refer to [this reference template](https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/main/templates/cluster-template-private.yaml) that the capz project maintains. 14 15 For more information on Azure load balancing, see [Load Balancer documentation](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview). 16 17 <aside class="note warning"> 18 19 <h1> Warning </h1> 20 21 When creating a workload cluster with `apiServerLB` type `Internal`, the management cluster needs to be in the same VNet, or a peered VNet, as the workload cluster. Otherwise, it will not be able to access the target cluster's api server and the cluster creation will fail. 22 23 </aside> 24 25 Here is an example of configuring the API Server LB type: 26 27 ```yaml 28 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 29 kind: AzureCluster 30 metadata: 31 name: my-private-cluster 32 namespace: default 33 spec: 34 location: eastus 35 networkSpec: 36 apiServerLB: 37 type: Internal 38 ``` 39 40 ### Private IP 41 42 When using an api server load balancer of type `Internal`, the default private IP address associated with that load balancer will be `10.0.0.100`. 43 If also specifying a [custom virtual network](./custom-vnet.md), make sure you provide a private IP address that is in the range of your control plane subnet and not in use. 44 45 For example: 46 47 ```yaml 48 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 49 kind: AzureCluster 50 metadata: 51 name: my-private-cluster 52 namespace: default 53 spec: 54 location: eastus 55 networkSpec: 56 vnet: 57 name: my-vnet 58 cidrBlocks: 59 - 172.16.0.0/16 60 subnets: 61 - name: my-subnet-cp 62 role: control-plane 63 cidrBlocks: 64 - 172.16.0.0/24 65 - name: my-subnet-node 66 role: node 67 cidrBlocks: 68 - 172.16.2.0/24 69 apiServerLB: 70 type: Internal 71 frontendIPs: 72 - name: lb-private-ip-frontend 73 privateIP: 172.16.0.100 74 ``` 75 76 ### Public IP 77 78 When using an api server load balancer of type `Public`, a dynamic public IP address will be created, along with a unique FQDN. 79 80 You can also choose to provide your own public api server IP. To do so, specify the existing public IP as follows: 81 82 ````yaml 83 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 84 kind: AzureCluster 85 metadata: 86 name: my-cluster 87 namespace: default 88 spec: 89 location: eastus 90 networkSpec: 91 apiServerLB: 92 type: Public 93 frontendIPs: 94 - name: lb-public-ip-frontend 95 publicIP: 96 name: my-public-ip 97 dnsName: my-cluster-986b4408.eastus.cloudapp.azure.com 98 ```` 99 100 Note that `dns` is the FQDN associated to your public IP address (look for "DNS name" in the Azure Portal). 101 102 When you BYO api server IP, CAPZ does not manage its lifecycle, ie. the IP will not get deleted as part of cluster deletion. 103 104 ### Load Balancer SKU 105 106 At this time, CAPZ only supports Azure Standard Load Balancers. See [SKU comparison](https://learn.microsoft.com/azure/load-balancer/skus#skus) for more information on Azure Load Balancers SKUs.