Open WaitingForGuacamole opened 1 year ago
Action required from @Azure/aks-pm
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Is your feature request related to a problem? Please describe. If I configure my AKS cluster in a Virtual Hub spoke VNet, configure it privately (both AGIC and load balancer), then in order to get health probes working, I MUST install a UDR default route of
0.0.0.0/0 -> Internet
. Otherwise all probes result in Unknown status.If I install that default route, then outbound access from my cluster does not work, most likely because my NSGs prohibit inbound access from the internet - WHICH I WANT, because I want all traffic to be inspected by the firewall
The problem here, to me, is that Azure Firewall in a Virtual Hub setting does not allow BYOIP.
I think this problem might go away if I could do one of two things:
If one of these were to happen, then Azure sees the App Gateway at a public IP that has to traverse the firewall, THEN get DNATted to the App Gateway internally.
Describe the solution you'd like
userDefinedRouting
network_profile
option for the AKS cluster, so that I can use an internal load balancerDescribe alternatives you've considered nginx or Traefik as my ingress controller
Additional context Add any other context or screenshots about the feature request here.