After review of documentation and some testing it is clear that clusters need to be rebuild to migrate to dual stack. We will use this big change to review other config to better follow best practices.
Make clusters zone redundant
Set of best practice separate nodepool for system/user pods
Backup/Restore deployments
### Investigate
- [ ] Can we put pip in another rg than loadbalancer
- [ ] ~~external-secrets.io~~
### Tasks
- [x] Deploy public ipv6 adress for all clusters
- [x] Deploy publix prefix ipv6 for all cluster
- [x] Create new public ipv4 for all clusters with zone redundancy
- [x] Create new public prefix ipv4 for all clusters with zone redundancy
- [ ] Inform service owners about new ips for whitelisting in source systems
- [x] Update vnet with dualstack
- [x] Create subnet for nodepools
- [x] Enable Azure CNI Overlay
- [x] Enable dual stack for AKS
- [ ] Enable fluxcd
- [x] Backup/Restore deployments
- [x] Update dns with A and AAAA records (PTR records?)
- [ ] ~~Simplify management of accesstokencredential~~
- [x] Enable ipv6 for linkerd
- [x] Deploy updated traefik with dual stack
### To remove Azure CNI policy:```sh
az aks update
--resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME --network-policy none
```- not possible from terraform- will replace all nodes- all pods will restart- short periods of unavailability- Will run for approx 15 minutes
After review of documentation and some testing it is clear that clusters need to be rebuild to migrate to dual stack. We will use this big change to review other config to better follow best practices.
### To remove Azure CNI policy:```sh az aks update --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME --network-policy none```- not possible from terraform- will replace all nodes- all pods will restart- short periods of unavailability- Will run for approx 15 minutes