AKS Kubenet bring your subnet, routetable, and AGIC AKS integration

roger chen 41 Reputation points
2022-03-04T00:00:38.39+00:00

just a question, on microsoft page https://learn.microsoft.com/en-us/azure/aks/configure-kubenet#bring-your-own-subnet-and-route-table-with-kubenet it says

"With kubenet, a route table must exist on your cluster subnet(s). AKS supports bringing your own existing subnet and route table. If your custom subnet does not contain a route table, AKS creates one for you and adds rules to it throughout the cluster lifecycle. If your custom subnet contains a route table when you create your cluster, AKS acknowledges the existing route table during cluster operations and adds/updates rules accordingly for cloud provider operations."

also, for AGIC with Appgateway, you also need to link this routetable to app gateway subnet if it's kubenet https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure

"If you're using kubenet with Azure Kubernetes Service (AKS) and Application Gateway Ingress Controller (AGIC), you'll need a route table to allow traffic sent to the pods from Application Gateway to be routed to the correct node. This won't be necessary if you use Azure CNI."

so this brings a interesting question, what if my client wants to have default traffic from AKS subnet 0.0.0.0/0 to a NVA such as Azure firewall, I don't think this is very uncommon. However, this seems to break App gateway subnet, because app gateway subnet, doesn't allow default route to NVA.

how to get around that? perhaps two routetables but i'm wondering if AKS can update on both?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,126 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,264 questions
0 comments No comments
{count} votes

Accepted answer
  1. risolis 8,741 Reputation points
    2022-03-06T18:08:51.143+00:00

    Hello @Michael Roger

    Have you though of using UDR(userDefinedRouting)?

    Cheers!


1 additional answer

Sort by: Most helpful
  1. risolis 8,741 Reputation points
    2022-03-07T20:16:25.587+00:00

    @roger chen

    Any further concern that I can address ?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.