Static IP in another resource group

service.yaml

apiVersion: v1
kind: Service
metadata:
  name: azure-vote-front
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-resource-group: trash2-staticip
spec:
  loadBalancerIP: 40.76.16.102
  type: LoadBalancer
  ports:
  - port: 80
  selector:
    app: azure-vote-front

test.sh

# create a resource group for resources that outlive a cluster - ex: static IPs
az group create -n trash2-staticip -l eastus
az network public-ip create -g trash2-staticip --name myAKSPublicIP --allocation-method static

# create a cluster
az group create -n trash2-aks -l eastus
az aks create -k 1.10.5 -g trash2-aks -n aks -c 2

# allow the cluster to access the staticIP resource group so that the load balancer can use the IP
az group show -n trash2-aks --query id
az aks show -g trash2-aks -n aks --query servicePrincipalProfile.clientId
az role assignment create --assignee 87458e2a-30f8-49b2-a38c-f8c222839c21 --role 'Network Contributor' --scope /subscriptions/6c1f4f3b-f65f-4667-8f9e-b9c48e09cd6b/resourceGroups/trash2-staticip

# test out a service to make sure it works
az aks get-credentials -n aks -g trash2-aks -f trash.kubeconfig
kubectl apply -f service.yaml

# verify that it's working
kubectl get svc azure-vote-front
az network public-ip show -n myAKSPublicIP -g trash2-staticip --query ipConfiguration.id