Add All-ports parameter to AKS LoadBalancer Services

[polaroi8d]

I would like to request a new feature in AKS. In GCP when you configure a TCP/UDP Load Balancer Service you can add an All-ports service parameter which has the ability for the TCP/UDP load balancer to forward all ports instead of specific ports. Our problem within AKS is that we reach the cluster limits and we must support passive FTP connection with more than 2000 passive ports for our client who is dealing with legacy devices.

[ghost]

Hi polaroi8d, AKS bot here :wave: Thank you for posting on the AKS Repo, I'll do my best to get a kind human from the AKS team to assist you.

I might be just a bot, but I'm told my suggestions are normally quite good, as such: 1) If this case is urgent, please open a Support Request so that our 24/7 support team may help you faster. 2) Please abide by the AKS repo Guidelines and Code of Conduct. 3) If you're having an issue, could it be described on the AKS Troubleshooting guides or AKS Diagnostics? 4) Make sure your subscribed to the AKS Release Notes to keep up to date with all that's new on AKS. 5) Make sure there isn't a duplicate of this issue already reported. If there is, feel free to close this one and '+1' the existing issue. 6) If you have a question, do take a look at our AKS FAQ. We place the most common ones there!

[ghost]

Triage required from @Azure/aks-pm

[phealy]

This is available already via HA Ports for internal load balancers on clusters that are running the out-of-tree controller (preview for AKS 1.20/1.21; GA and default on AKS 1.22+) by setting the service.beta.kubernetes.io/azure-load-balancer-enable-high-availability-ports annotation on your service.

This feature is not currently available on Azure Standard Load Balancers (public), so we cannot add it to AKS.

[ghost]

Action required from @Azure/aks-pm

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[sliu2200899]

@phealy I'm wondering when we use "service.beta.kubernetes.io/azure-load-balancer-enable-high-availability-ports" annotation on our service, do we need some other configuration? (kubernetes server version: 1.24.9, istio version: 1.17.1)

my use case is that I have thousands of ports that need to be load balanced. After I added the following annotations in the istio-ingressgateway Load Balancer,

service.beta.kubernetes.io/azure-load-balancer-enable-high-availability-ports: "true"
service.beta.kubernetes.io/azure-load-balancer-internal: true

what I can see is that azure created a kubernetes-internal Load balancer which has a rule configured as HA ports, and

[vagrant@localhost istio-gateway]$ kubectl get svc -n istio-system
NAME                   TYPE           CLUSTER-IP    EXTERNAL-IP   PORT(S)                                                                      AGE
istio-egressgateway    ClusterIP      10.0.73.7     <none>        80/TCP,443/TCP                                                               57m
istio-ingressgateway   LoadBalancer   10.0.120.69   10.224.0.5    15021:31623/TCP,80:31234/TCP,443:31906/TCP,31400:32160/TCP,15443:32577/TCP   57m
istiod                 ClusterIP      10.0.46.87    <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP                                        57m

Does "HA port" means that I can access to the pods/service with any port without specifying it in the istio-ingressgateway? My experiment shows that it only works when I explicitly add the port in the istio-ingressgateway, but cannot work without it.

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[miqm]

@phealy is there any eta when this will be available in AKS?

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads