Deploying SonarQube Using Helm to AKS With Internal Access Only

Hey all,
New to the SonarQube product and AKS. Using the guides so far, I’ve managed to do a few successful deploys of the SonarQube app using Helm. This is my first venture into Kubernetes (AKS) and Helm. Using the listed documentation I’ve been able to deploy SonarQube to my Azure environment but now I would like to some advanced things and I am unsure how to proceed. During my first few test deployments, I learned how to deploy SonarQube and give it an external IP address for access from the web. What I would like to ideally do, is prevent access to the outside world and only provide access from inside my Azure environment (RFC 1918). I believe this involves creating the LoadBalancer as an “internal” or “private” load balancer in Azure. Using Helm and the values.yaml I’ve tried several things, but nothing seems to work. I have a few specific objectives with the internal deployment I want to achieve:

  • Deploy and restrict access to internal systems only
  • Deploy with a specific IP to a specific VNET and subnet
  • Deploy and setup HTTPS access only (not necessary right now, future focused)

In my values.yaml, after reading a few articles, I’ve tried various iterations of the following configurations:

service:
  type: LoadBalancer
  externalPort: 9000
  internalPort: 9000
  labels:
  annotations: {
    service.beta.kubernetes.io/azure-load-balancer-internal: "true",
    service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "snet-prd-001"
  }
  loadBalancerIP: 10.100.71.5

Using the above, the objective is to deploy the loadbalancer internally with the IP address 10.100.71.5/26 to the “snet-prd-001” subnet (which belongs to a VNET already established in the subscription). The result of running this through Helm seems to be that the load balancer deployment never moves out of “pending” state:

PS C:\support\helm3\sonarqube\version_03> kubectl get service -n sonarqube
NAME                            TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
sonarqube-postgresql            ClusterIP      10.0.67.98     <none>        5432/TCP         5m22s
sonarqube-postgresql-headless   ClusterIP      None           <none>        5432/TCP         5m22s
sonarqube-sonarqube             LoadBalancer   10.0.254.248   <pending>     9000:31839/TCP   5m22s

Does anyone know where I might be tripping up? Based on some other things I was reading, could it be that I need to deploy nginx as well? Currently I have nginx ingress deployment set to false and ingress configuration set to false because I am not really sure about it or what it does.

Any insight would be helpful and if I missed some documentation, just point me in the right direction! My GoogleFu with some of these subjects might nto be the best right now as I am still learning.

So after a bit more digging, I have found some further details that might be able to help. I went ahead and did a “kubectl describe pod” and got a bit more feedback. The following message appeared:

Warning SyncLoadBalancerFailed 27s (x3 over 42s) service-controller Error syncing load balancer: failed to ensure load balancer: ensure(sonarqube/sonarqube-sonarqube): lb(kubernetes-internal) - failed to get subnet: aks-vnet-11801783/snet-prd-001

So a couple points of clarification:

  • aks-vnet-11801783 is a VNET that my AKS cluster automatically created when I set it up (setup done through the Azure GUI)
  • snet-prd-001 is a /26 subnet I’ve created within a VNET associated with the AKS cluster’s subscription. so for example, vnet-prd-001 is 10.100.71.0/24 and snet-prd-001 is 10.100.71.0/26. The IP address i want to assign to the Load Balancer is 10.100.71.5.

Is there something that’s preventing me from building a load balancer that can have an interface on this subnet? I don’t really care about dictating the AKS network on the back end. That can be whatever it needs to be. I simply just need a load balancer with an IP address that’s routeable to the rest of my network.