Errors after restricting egress traffic in AKS
This article discusses how to troubleshoot issues that occur after you restrict egress traffic for cluster nodes in Microsoft Azure Kubernetes Service (AKS).
Symptoms
Certain commands of the kubectl command-line tool don't work correctly, or you experience errors when you create an AKS cluster or scale a node pool.
Cause
When you restrict egress traffic from an AKS cluster, your settings must comply with required Outbound network and FQDN rules for AKS clusters. If your settings are in conflict with any of these rules, the symptoms of egress traffic restriction issues occur.
Solution
Verify that your configuration doesn't conflict with any of the required Outbound network and FQDN rules for AKS clusters for the following items:
- Outbound ports
- Network rules
- Fully qualified domain names (FQDNs)
- Application rules
Note
The AKS outbound dependencies are almost entirely defined by using FQDNs. These FQDNs don't have static addresses behind them. The lack of static addresses means that you can't use network security groups (NSGs) to restrict outbound traffic from an AKS cluster.
More information
Third-party information disclaimer
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.