This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 68%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Hello,
When we create standard sku AKS then Azure automatically creates a public ip for us as a new resource in that MC-xxx resource group which is used as outbound in Standard load balancer as mentioned here.
Is that IP static or dynamic. Can azure change that ip anytime as it can change with Default SNAT(mentioned here). Should we provide our own custom ip or can we use that IP only. We don't need more that 1 IP as 64K SNAT ports are enough for us?
Kind Regards,
Tanul
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 94%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hi @Tanul ,
Thank you for your question.
The public IP that is automatically created is dynamic, and as mentioned in the document you thankfully shared, customers don't own the default outbound access IP. This IP may change, and any dependency on it could cause issues in the future.
However, you are able to create a static IP and assign it to the cluster load balancer as mentioned in this document.
Please Accept the answer if the information helped you. This will help us and others in the community as well.
Thank you.
@Akram Kathimi I think you misunderstood. The document which I have shared belongs to this approach. When we create AKS of basic type. I am asking the question for Standard AKS.. The IP which azure creates shows under our All resources section. Though Azure creates that public ip in MC-xxx group but it is a proper resource.. Are you sure azure can control this IP and change it anytime.
If yes, then where is the security and privacy. Tomorrow, azure can make change in any resource created under MC-xxx group. What about the concept of decentration in this case?
Thank you for your reply.
Please note that the IP would not be changed by Azure. However, since the IP is automatically created by AKS in the node resource group (aka MC_**), AKS manages the lifecycle of all resources under that resource group.
This means that the IP resource would be deleted upon the cluster deletion, and no manual updates to it are recommended/supported. Please refer to this document and this document for more information.
Sorry if I wasnt clear the first time :).
Please let me know if you have any follow up questions.
Thank you.
@Akram Kathimi correct. Now it make sense. Public ip is of no use to me other than outbound rule. So I'll go with the default one.
Just one more request. Could you please help me with this question as well. In the comment section I have also asked 2 queries. Would be grateful if you can guide me through all the queries.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Tanul If the answer above helped, please don’t forget to Accept Answer and hit Yes for "was this answer helpful" wherever the information provided helps you. This can be beneficial to other community members for remediation for similar issues.
If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.