Skip to main content

Azure Cloud Provider

To enable the Azure cloud provider, besides setting the name as azure, there are specific configuration options that must be set. Additionally, the Azure node name must also match the Kubernetes node name.

cloud_provider:
name: azure
azureCloudProvider:
aadClientId: xxxxxxxxx
aadClientSecret: xxxxxxxxx
location: xxxxxxxxx
resourceGroup: xxxxxxxxx
subnetName: xxxxxxxxx
subscriptionId: xxxxxxxxx
vnetName: xxxxxxxxx
tenantId: xxxxxxxxx
securityGroupName: xxxxxxxxx

Overriding the hostname

Since the Azure node name must match the Kubernetes node name, you override the Kubernetes name on the node by setting the hostname_override for each node. If you do not set the hostname_override, the Kubernetes node name will be set as the address, which will cause the Azure cloud provider to fail.

nodes:
- address: x.x.x.x
hostname_override: azure-rke1
user: ubuntu
role:
- controlplane
- etcd
- worker

Azure Configuration Options

Besides the minimum set of options, there are many other options that are supported in RKE:

Azure Configuration OptionsTypeRequiredDescription
tenantIdstring*The Azure Active Directory (Azure AD) tenant ID for the subscription that the cluster is deployed in.
subscriptionIdstring*The ID of the Azure subscription that the cluster is deployed in.
aadClientIdstring*The client ID for an Azure AD application with RBAC access to talk to Azure Resource Manager APIs. This is used for service principal authentication.
aadClientSecretstring*The client secret for an Azure AD application with RBAC access to talk to Azure Resource Manager APIs. This is used for service principal authentication.
cloudstringThe cloud environment identifier. Takes values from here.
resourceGroupstringThe name of the resource group that the Vnet is deployed in.
locationstringThe location of the resource group that the cluster is deployed in.
vnetNamestringThe name of the virtual network that the cluster is deployed in.
vnetResourceGroupstringThe name of the resource group that the virtual network is deployed in.
subnetNamestringThe name of the subnet that the cluster is deployed in.
securityGroupNamestringThe name of the security group attached to the cluster's subnet.
routeTableNamestringThe name of the route table attached to the subnet that the cluster is deployed in.
primaryAvailabilitySetNamestringThe name of the availability set that should be used as the load balancer backend. If this is set, the Azure cloud provider will only add nodes from that availability set to the load balancer backend pool. If this is not set, and multiple agent pools (availability sets) are used, then the cloud provider will try to add all nodes to a single backend pool which is forbidden. In other words, if you use multiple agent pools (availability sets), you must set this field.
vmTypestringThe type of Azure nodes. Candidate values are: vmss and standard. If not set, it will be default to standard. Set to vmss if the cluster is running on Azure virtual machine scale sets instead of standard machines.
primaryScaleSetNamestringThe name of the scale set that should be used as the load balancer backend. If this is set, the Azure cloud provider will only add nodes from that scale set to the load balancer backend pool. If this is not set, and multiple agent pools (scale sets) are used, then the cloud provider will try to add all nodes to a single backend pool which is forbidden. In other words, if you use multiple agent pools (scale sets), you must set this field.
aadClientCertPathstringThe path of a client certificate for an Azure AD application with RBAC access to talk to Azure Resource Manager APIs. This is used for client certificate authentication.
aadClientCertPasswordstringThe password of the client certificate for an Azure AD application with RBAC access to talk to Azure Resource Manager APIs. This is used for client certificate authentication.
cloudProviderBackoffboolEnable exponential backoff to manage resource request retries.
cloudProviderBackoffRetriesintBackoff retry limit.
cloudProviderBackoffExponentintBackoff exponent.
cloudProviderBackoffDurationintBackoff duration.
cloudProviderBackoffJitterintBackoff jitter.
cloudProviderRateLimitboolEnable rate limiting.
cloudProviderRateLimitQPSintRate limit QPS.
cloudProviderRateLimitBucketintRate limit bucket Size.
useInstanceMetadataboolUse instance metadata service where possible.
useManagedIdentityExtensionboolUse managed service identity for the virtual machine to access Azure Resource Manager APIs. This is used for managed identity authentication. For user-assigned managed identity, UserAssignedIdentityID needs to be set.
UserAssignedIdentityIDstringThe client ID of the user assigned Managed Service Identity (MSI) which is assigned to the underlying VMs. This is used for managed identity authentication.
maximumLoadBalancerRuleCountintThe limit enforced by Azure Load balancer. The default is 0 and maximum is 148.
LoadBalancerSkustringSKU of the load balancer and public IP. Valid values are basic or standard. Default(blank) to basic.
ExcludeMasterFromStandardLBboolExcludes master nodes (labeled with node-role.kubernetes.io/master) from the backend pool of Azure standard loadbalancer. Defaults to nil.