Azure / AKS

Azure Kubernetes Service
https://azure.github.io/AKS/
1.97k stars 308 forks source link

[Feature] to allow add or update network policy on an existing AKS cluster without requiring a replacement of cluster. #3695

Open jeremybusk opened 1 year ago

jeremybusk commented 1 year ago

Is your feature request related to a problem? Please describe.

I want to be able to change network policy on AKS cluster from None to Calico without replacement of AKS Cluster. I can see maybe why having to do a replacement when going from azure -> calico as it would invalidate existing rules but don't see the reason from None or non-existent. At a minimum allow None to Calico/Azure Network Policy without rebuild because there would be no existing Network Policies in cluster. This currently seems like the old reboot windows solution rather than just actually fixing the issue. I really would expect network policy to be updated from azure to calico or calico to azure without rebuild and have someone just script to translation and application of rules. This seems to be the right way.

Terraform plan line examples using provider https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster

~ network_policy = "None" -> "calico" # forces replacement ~ network_policy = "calico" -> "azure" # forces replacement

Here is stack conversation. https://stackoverflow.com/questions/67395933/how-to-enable-calico-network-policy-on-the-existing-aks-cluster

Describe the solution you'd like At minimum update the Network Policy from None to calico to azure without complete replacement/rebuild of AKS Cluster. Even better would be changing network policy to anything without having to replace cluste.r

Describe alternatives you've considered Do full backup & restore but this is painful for large instances. Use alternatives to AKS for Kubernetes platform.

Additional context

jkroepke commented 1 year ago

I#m also interest into this feature. Updating a cluster from none to calico or azure should be supported.