Caution! Only regions where Availability Zones are available are supported.


  • A separate resource group is created for the cluster.
  • By default, one external IP address is dynamically allocated to each instance (it is used for Internet access only). Each IP has 64000 ports available for SNAT.
  • The NAT Gateway (pricing) is supported. With it, you can use static public IP addresses for SNAT.
  • Public IP addresses can be assigned to master nodes and nodes created by Terraform.
  • If the master does not have a public IP, then an additional instance with a public IP (aka bastion host) is required for installation tasks and access to the cluster. In this case, you will also need to configure peering between the cluster’s VNet and bastion’s VNet.
  • Peering can also be configured between the cluster VNet and other VNets.

Example of the layout configuration:

kind: AzureClusterConfiguration
layout: Standard
sshPublicKey: "<SSH_PUBLIC_KEY>" # Required.
vNetCIDR: # Required.
subnetCIDR: # Required.
  natGatewayPublicIpCount: 1 # Optional, by default 0.
  replicas: 1
  zones: ["1"] # Optional, by default ["1"].
    machineSize: Standard_F4 # Required.
    diskSizeGb: 32
    urn: Canonical:UbuntuServer:18.04-LTS:18.04.202010140 # Required.
    enableExternalIP: false # Optional, by default true.
  subscriptionId: "<SUBSCRIPTION_ID>" # Required.
  clientId: "<CLIENT_ID>" # Required.
  clientSecret: "<CLIENT_SECRET>" # Required.
  tenantId: "<TENANT_ID>" # Required.
  location: "westeurope" # Required.
# Optional, list of Azure VNets with which Kubernetes VNet will be peered.
  - resourceGroupName: kube-bastion # Required.
    vnetName: kube-bastion-vnet # Required.