Share via

How to Setup Highly Available NAT Gateway W/ AKS Deployment (Zonal Isolation)

Tyler McCoy 65 Reputation points
2023-12-08T19:33:09.2566667+00:00

Hi! Thank you in advance for reading. I've read this article, but I'm having trouble figuring out how to make the zone-resilient setup described work with an AKS deployment.

I'm looking to make the NAT Gateway setup for a single AKS node pool deployed to a single subnet have multi zone redundancy like so:

Screenshot 2023-12-08 at 12.30.46 PM

My question is, is it possible to setup zone resiliency with NAT Gateways for a single AKS node pool that is multi zonal? I've confirmed the nodes are being deployed into multiple zones, but since a subnet can only be associated with one NAT Gateway and an AKS node pool can only be associated with one subnet I'm unable to make a node pools NAT Gateway multi-zonal.

Do I need to deploy a new subnet and node pool for each zone? Or is there another way to handle this?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,509 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,148 questions
Azure NAT Gateway
Azure NAT Gateway
NAT Gateway is a fully managed service that securely routes internet traffic from a private virtual network with enterprise-grade performance and low latency.
38 questions
Accepted answer
  1. ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee
    2023-12-27T20:28:27.4766667+00:00

    @Tyler McCoy

    Thank you for your patience here and apologies for the delay.

    Do I need to deploy a new subnet and node pool for each zone?

    Your understanding here is correct, below is the response I got from the team.

    Currently, a single NAT gateway cannot support multiple zones. For a multi-zone architecture with NAT gateway, I would recommend creating 3 separate node pools per zone and assigning each to their own subnet. Each subnet can then be attached to a NAT gateway assigned to the same zone. To use a multi subnet setup with AKS, you can read more here:  Create node pools in Azure Kubernetes Service (AKS) - Azure Kubernetes Service | Microsoft Learn.

    Meanwhile please feel free to upvote this feature request for Zone-redundant NAT Gateway.

    Please let me know if you have any further questions and we will gladly continue with our discussion. Thank you!

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.