Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Certain workloads might require splitting cluster nodes into separate pools for logical isolation. Separate subnets dedicated to each node pool in the cluster can help support this isolation, which can address requirements such as having noncontiguous virtual network address space to split across node pools.
In this article, you learn how to create node pools with unique subnets in Azure Kubernetes Service (AKS).
Prerequisites
- Azure CLI version 2.35.0 or later. Run
az versionto find the version. If you need to install or upgrade, see Install Azure CLI. - An existing AKS cluster with a system node pool. If you need to create one, see Create an AKS cluster with a single node pool.
Limitations
- All subnets assigned to node pools must belong to the same virtual network (VNet).
- System pods must have access to all nodes and pods in the cluster to provide critical functionality, such as DNS resolution and tunneling kubectl logs/exec/port-forward proxy.
- If you expand your VNet after creating the cluster, you must update your cluster before adding a subnet outside the original CIDR block. While AKS errors out on the agent pool add, the
aks-previewAzure CLI extension (version 0.5.66 and higher) now supports runningaz aks updatecommand with only the required--resource-group $RESOURCE_GROUP --name $CLUSTER_NAMEarguments. This command performs an update operation without making any changes, which can recover a cluster stuck in a failed state. - In clusters with Kubernetes version less than 1.23.3, kube-proxy SNATs traffic from new subnets, which can cause Azure Network Policy to drop the packets.
- Windows nodes SNAT traffic to the new subnets until the node pool is reimaged.
- Internal load balancers default to one of the node pool subnets.
Add a node pool with a unique subnet
Add a node pool with a unique subnet into your existing AKS cluster using the
az aks nodepool addcommand and the--vnet-subnet-idparameter specified.az aks nodepool add \ --resource-group $RESOURCE_GROUP_NAME \ --cluster-name $CLUSTER_NAME \ --name $NODE_POOL_NAME \ --node-count 3 \ --vnet-subnet-id $SUBNET_RESOURCE_ID
Next steps
For more information about node pools in AKS, see Manage node pools for a cluster in Azure Kubernetes Service (AKS).