Class AzureNetworkOptions
Specifies Azure related cluster networking options.
Namespace: Neon.Kube.ClusterDef
Assembly: Neon.Kube.dll
Syntax
public class AzureNetworkOptionsRemarks
These options are used to customize the cluster's ingress IP address as well as the NAT gateway used to route traffic from the cluster to the Internet. By default, clusters will create two public IP addresses, one attached to the load balancer for inbound traffic and the other to the NAT gateway for outbound traffic, with each address belonging to the cluster's resource group.
This works well for many clusters, but one downside is that these addresses will be deleted when the cluster is removed (which removes everything in the resource group). This means that if or when the cluster is redeployed, new public addresses will be created, potentially requiring that DNS records and address whitelists may need to be updated as well.
To avoid this, you may create public IP addresses before deploying your cluster and then setting IngressPublicIpAddressId and/or EgressPublicIpPrefixId to the IDs of the addresses you created and the cluster will be deployed using these addresses instead. Since these addresses are not in the resource group, they won't be deleted when the cluster is removed, so you'll be able to reuse them later.
SNAT Exhaustion
Outbound traffic from the cluster routes through the cluster SNAT Gateway which is assigned a single public IP address by default. This configuration allows the cluster to establish about 64K outbound connections at any given moment. This will be sufficient for many clusters but larger or particularly chatty clusters may exceed this limit. Unfortunately, diagnosing this when it happens can be difficult because applications just see this as random socket connection timeouts. This is known as SNAT Exhaustion.
The way to mitigate this is to add additional public IP addresses to the NAT Gateway because each address added can support about 64K connections. NEONKUBE clusters can do this by adding a public IP prefix to the NAT Gateway. These represent between multiple IP addresses that are adjacent to each other in the address space.
Public IP address prefixes are specified by the number of mask bits in an IPv4 CIDR. This can be customized by setting EgressPublicIpPrefixLength to one of these values:
| 31 | Creates a public IPv4 prefix with 2 public IP addresses. |
| 30 | Creates a public IPv4 prefix with 4 public IP addresses. |
| 29 | Creates a public IPv4 prefix with 8 public IP addresses. |
| 28 | Creates a public IPv4 prefix with 16 public IP addresses (the maximum supported by Azure). |
| 0 | Disables prefix creation for the cluster. |
Larger clusters may need to select a prefix with additional IP addresses to avoid SNAT Exhaustion.
You may also create a public IP prefix before deploying your cluster and setting EgressPublicIpPrefixId to its ID.
Constructors
AzureNetworkOptions()
Constructor.
Declaration
public AzureNetworkOptions()Properties
EgressPublicIpAddressId
Optionally specifies the ID of an existing public IPv4 address to be assigned to the NAT Gateway to send outboung network traffic.
note
IMPORTANT: This resource must be located in the same region as the cluster.
note
Setting this is handy when clusters are reprovisioned because the cluster will end up using the same egress address as before, meaning you won't have to update whitelist rules for other services, etc.
Declaration
[JsonProperty(PropertyName = "EgressPublicIpAddressId", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "egressPublicIpAddressId", ApplyNamingConventions = false)]
public string EgressPublicIpAddressId { get; set; }Property Value
| Type | Description |
|---|---|
| string |
EgressPublicIpPrefixId
Optionally specifies the ID of an existing public IPv4 prefix to be assigned to the NAT Gateway to send outboung network traffic.
note
IMPORTANT: This resource must be located in the same region as the cluster.
note
Setting this is handy when clusters are reprovisioned because the cluster will end up using the same egress addresses as before, meaning you won't have to update whitelist rules for other services, etc.
note
Azure clusters support a maximum of 16 IP addresses per prefix.
Declaration
[JsonProperty(PropertyName = "EgressPublicIpPrefixId", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "egressPublicIpPrefixId", ApplyNamingConventions = false)]
public string EgressPublicIpPrefixId { get; set; }Property Value
| Type | Description |
|---|---|
| string |
EgressPublicIpPrefixLength
Optionally indicates that a public IPv4 prefix with the specified prefix length should be created and assigned to the NAT Gateway for outbound traffic. Set this to a one of the following non-zero values to enable this:
| 31 | Creates a public IPv4 prefix with 2 public IP addresses. |
| 30 | Creates a public IPv4 prefix with 4 public IP addresses. |
| 29 | Creates a public IPv4 prefix with 8 public IP addresses. |
| 28 | Creates a public IPv4 prefix with 16 public IP addresses (the maximum supported by Azure). |
| 0 | Disables prefix creation for the cluster. |
Larger clusters may need to select a prefix with additional IP addresses to avoid SNAT Exhaustion.
Declaration
[JsonProperty(PropertyName = "EgressPublicIpPrefixLength", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "egressPublicIpPrefixLength", ApplyNamingConventions = false)]
public int EgressPublicIpPrefixLength { get; set; }Property Value
| Type | Description |
|---|---|
| int |
IngressPublicIpAddressId
Optionally specifies the ID of an existing public IPv4 address to be assigned to the load balancer to receive inbound network traffic. A new address will be created when this isn't specified.
note
IMPORTANT: This resource must be located in the same region as the cluster.
note
Setting this is handy when clusters are reprovisioned because the cluster will end up with the same public address as before, meaning you won't have to update your DNS configuration, etc.
Declaration
[JsonProperty(PropertyName = "IngressPublicIpAddressId", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "ingressPublicIpAddressId", ApplyNamingConventions = false)]
public string IngressPublicIpAddressId { get; set; }Property Value
| Type | Description |
|---|---|
| string |
MaxNatGatewayTcpIdle
Optionally specifies the maximum time in minutes that the cluster's NAT gateway will retain an idle outbound TCP connection. This may be set to between [4..120] minutes inclusive. This defaults to 120 minutes.
Declaration
[JsonProperty(PropertyName = "MaxNatGatewayTcpIdle", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "maxNatGatewayTcpIdle", ApplyNamingConventions = false)]
public int MaxNatGatewayTcpIdle { get; set; }Property Value
| Type | Description |
|---|---|
| int |
NodeSubnet
specifies the subnet within VnetSubnet where the cluster nodes will be provisioned. This defaults to 10.100.0.0/24.
Declaration
[JsonProperty(PropertyName = "NodeSubnet", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "nodeSubnet", ApplyNamingConventions = false)]
public string NodeSubnet { get; set; }Property Value
| Type | Description |
|---|---|
| string |
VnetSubnet
Specifies the subnet for the Azure VNET. This defaults to 10.100.0.0/24
Declaration
[JsonProperty(PropertyName = "VnetSubnet", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "vnetSubnet", ApplyNamingConventions = false)]
public string VnetSubnet { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Methods
Validate(ClusterDefinition)
Validates the options and also ensures that all null properties are
initialized to their default values.
Declaration
public void Validate(ClusterDefinition clusterDefinition)Parameters
| Type | Name | Description |
|---|---|---|
| ClusterDefinition | clusterDefinition | The cluster definition. |
Exceptions
| Type | Condition |
|---|---|
| ClusterDefinitionException | Thrown if the definition is not valid. |