Need some design guidance around using NAT Gateway with AKS

Question

Hi,

We have an AKS cluster with multiple nodepools. All nodepools share the same subnet (/20). Nodepools are VMSS with Zone-redundancy.

We want to attach NAT Gateway to that subnet for outbound connectivity.
Since the NAT gateway is a zonal service, which means we have to deploy it in a single zone but our nodes are spread across all AZs. This means a single instance of NAT Gateway could be a single point of failure. Also, we cannot attach multiple NAT Gateways to a single subnet.

This is a blocker for us. Just wondering if there is any detailed design guidance for implementing a High Availability NAT Gateway in AKS with a single subnet?

Answer 1

Hello @Pradeep Chouhan

You are correct that a single instance of NAT Gateway could be a single point of failure, and that attaching multiple NAT Gateways to a single subnet is not possible. However, there are some options available to you for implementing a high availability NAT Gateway in AKS with a single subnet.

One option is to use load balancer, to provide high availability for your NAT Gateway. This can be deployed across multiple zones and can provide failover capabilities in the event of a failure.

Another option is to use Azure Traffic Manager to provide high availability for your NAT Gateway. Traffic Manager is a DNS-based traffic load balancer that can distribute traffic across multiple endpoints, including NAT Gateways.

By configuring Traffic Manager to monitor the health of your NAT Gateways and route traffic to healthy endpoints, you can achieve high availability for your outbound connectivity.

Or you may want to consider using multiple subnets, each with its own NAT Gateway, to provide high availability for your AKS cluster. While this approach may require additional configuration and management, it can provide a more robust and fault-tolerant solution.

I hope this information helps! Let me know if you have any other questions.