Adding a Load Balancer to your Virtual Machine Scale Set

The Azure Quick Start Templates has a series of ARM templates that can help you deploy a Virtual Machine Scaleset (VMSS), but what if you want to update your existing VMSS instance and expose it to the public internet?

I have a Kubernetes 1.3 cluster created via these instructions. The Kubernetes nodes are deployed in a VMSS and, by default, are not exposed to the public internet:

Exposing the VMSS/Kubernetes nodes should be fairly straightforward right? It took me waaayyy too long to figure out what I needed to do so hopefully this saves you some time.

  1. Install the Azure CLI tool:

    npm install -g azure
    
  2. Create a public IP:

    azure network public-ip create -g [RESOURCE_GROUP] -n [PUBLIC_IP_NAME] -l [REGION] -d [DOMAIN_NAME] -a static -i 4
    
  3. Create the load balancer, front-end + back-end IP:

    azure network lb create [RESOURCE_GROUP] [LOAD_BALANCER_NAME] [REGION]
    
    
    azure network lb frontend-ip create [RESOURCE_GROUP] [LOAD_BALANCER_NAME] [FRONTEND_POOL_NAME] -i [PUBLIC_IP_NAME]
    
    
    azure network lb address-pool create [RESOURCE_GROUP] [LOAD_BALANCER_NAME] [BACKEND_POOL_NAME]
    
  4. Associate the backend IP to your existing VMSS. In order to accomplish this, we'll first need to generate the parameters file for our VMSS:

    azure vmss show --json -g [RESOURCE_GROUP] -n [VMSS_NAME] > createOrUpdate.json
    

    Update the parameters file to include the back-end IP. You can do this one of two ways: (1) through the Azure CLI tool or (2) manually editing the file. If you choose to use the CLI (option 1):

    azure vmss config load-balancer-backend-address-pools set --parameter-file createOrUpdate.json --index 0 --ip-configurations-index 0 --network-interface-configurations-index 0 --value '"id": "/subscriptions/[SUBSCRIPTION_ID]/resourceGroups/[RESOURCE_GROUP]/providers/Microsoft.Network/loadBalancers/[LOAD_BALANCER_NAME]/backendAddressPools/[BACKEND_POOL_NAME]"'
    

    Your createOrUpdate.json should contain now contain an loadBalancerBackendAddressPools element that looks similar to this:

    ...
    "networkProfile": {
     "networkInterfaceConfigurations": [
     {
      ...
      "ipConfigurations": [
      {
       "properties": {
        "loadBalancerBackendAddressPools": [
        {
         "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/loadBalancers/kube-lb/backendAddressPools/..."
        }
        ...
    

    Apply the updates configurations:

    azure vmss create --parameter-file createOrUpdate.json -g [RESOURCE_GROUP] -n [VMSS_NAME]
    
  5. If your VMSS upgrade policy is so 'Manual', upgrade your machines to reflect the updated model:

    azure vmss update-instances -g [RESOURCE_GROUP] -n [VMSS_NAME] --instance-ids [VMSS_INSTANCE_IDS]
    

    Upon updating the VMSS instances, you should see on the portal, that they are running the latest model.

    Finally, you should see the backend pools of your load balancer point to your VMSS: