Cluster Provisioning diagram not matching the terrafrom deployment

[zarkoc]

Hi all,

The pre-provisioning is setting up the UDR routes. And the cluster provisioning diagram is also mentioning that egress traffic is going through the AZ FW.

But the terraform files don't have that configuration.
As far as I can see terraform is deploying a cluster with "Standard Load Balancer" and "VMSS" which implies the SLB with a public IP address. Would the UDR work in that case, as we would have a LB with public IP that is overriding the UDR?
Im guessing the outbound_type is missing in the terraform config. https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html#outbound_type

https://github.com/Azure/sg-aks-workshop/blob/master/cluster-pre-provisioning/README.md
https://github.com/Azure/sg-aks-workshop/blob/master/cluster-provisioning/README.md
https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype

Regrads,
Zarko

[kevingbb]

Hi @zarkoc, the UDR setup during pre-provisioning overrides all egress traffic. The UDR directs all AKS subnet traffic, 0.0.0.0/0, to the Azure Firewall. If the UDR and Azure Firewall were not there, you are correct, all traffic would flow through the SLB with PIP.