question

AllenAzemia-2438 avatar image
0 Votes"
AllenAzemia-2438 asked AllenAzemia-2438 answered

Error: Scoring FE IP address not updated yet, when enabling the use of internal load balancer

Hello, currently, I'm having issues to enable private load balancer after attaching an existing AKS Cluster to AML Workspace. The error message "Scoring FE IP address not updated yet" is displayed when trying to enable private load balancer by following the instructions at https://docs.microsoft.com/en-us/azure/machine-learning/how-to-secure-inferencing-vnet?tabs=azure-cli#internal-aks-load-balancer. The AKS Cluster is in a separate VNet than the AML Workspace. The two VNet have peered. Also, I've tried using Azure CLI but receiving the same error message. Can you provide some help on resolving this?

azure-machine-learningazure-machine-learning-inference
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ramr-msft avatar image
0 Votes"
ramr-msft answered ramr-msft converted comment to answer

@AllenAzemia-2438 Thanks for the question. Details of creating a private IP link is here.
https://docs.microsoft.com/en-us/azure/machine-learning/how-to-network-security-overview#use-private-ips-with-azure-kubernetes-service
for secure AKS inference deployment, request an inbound NSG rule on port 80.
32355-aks.jpg
This rule is needed so that scoring endpoint can be called from outside the VNet. IP shown is not static but is the scoring endpoint IP.

Currently all the resources needs to be in the same VNet since AML workspace doesn’t support multiple private endpoints but AKS cluster can be in its own subnet with the VNet. We have forwarded to the product team to check on this.




aks.jpg (63.3 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ramr-msft Thank you for your answers above. Following the instructions from the provided link, I can confirm that it did not resolve the issue. The AKS Cluster is configured to use kubenet networking. Can you advise whether the solutions above works only with Azure CNI?

0 Votes 0 ·
AllenAzemia-2438 avatar image
2 Votes"
AllenAzemia-2438 answered

@ramr-msft We've resolved the issue. The AKS MSI did not have NetworkContributer Reader role assigned on the VNet which we thought that had already been applied. The AML workspace doesn't need to be private. It works for both AKS NetworkType (i.e. kubenet and Azure CNI).

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AllenAzemia-2438 Thanks for sharing the update.

0 Votes 0 ·