How to Setup Highly Available NAT Gateway W/ AKS Deployment (Zonal Isolation)

Question

Hi! Thank you in advance for reading. I've read this article, but I'm having trouble figuring out how to make the zone-resilient setup described work with an AKS deployment.

I'm looking to make the NAT Gateway setup for a single AKS node pool deployed to a single subnet have multi zone redundancy like so:

My question is, is it possible to setup zone resiliency with NAT Gateways for a single AKS node pool that is multi zonal? I've confirmed the nodes are being deployed into multiple zones, but since a subnet can only be associated with one NAT Gateway and an AKS node pool can only be associated with one subnet I'm unable to make a node pools NAT Gateway multi-zonal.

Do I need to deploy a new subnet and node pool for each zone? Or is there another way to handle this?

Answer 1

@Tyler McCoy

Thank you for your patience here and apologies for the delay.

Do I need to deploy a new subnet and node pool for each zone?

Your understanding here is correct, below is the response I got from the team.

Currently, a single NAT gateway cannot support multiple zones. For a multi-zone architecture with NAT gateway, I would recommend creating 3 separate node pools per zone and assigning each to their own subnet. Each subnet can then be attached to a NAT gateway assigned to the same zone. To use a multi subnet setup with AKS, you can read more here:  Create node pools in Azure Kubernetes Service (AKS) - Azure Kubernetes Service | Microsoft Learn.

Meanwhile please feel free to upvote this feature request for Zone-redundant NAT Gateway.

Please let me know if you have any further questions and we will gladly continue with our discussion. Thank you!

---

​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.