Open fabian-ro opened 1 year ago
hey @chasewilson maybe you could answer this one?
Hi, I have the same problem. Was this ever solved? Thanks
Hi @marcelloformica , unfortunately there was no further feedback and I did not find a solution myself. @PixelRobots @chasewilson do you have any updates on this?
Action required from @Azure/aks-pm
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Scenario We have a hub and spoke network topology, the hub and spoke virtual networks are peered. The hub contains two firewall instances running on VMs and an internal standard load balancer in front of them. The spoke contains AKS in its own virtual network (10.112.130.0/23). The cluster uses Azure CNI for networking. The configured service CIDR for AKS is 10.112.193.0/24. All egress traffic from AKS should be routed through one of the firewall instances. For that, we created a custom route table and associated it with the AKS subnet. The route table contains an "any to firewall" rule (0.0.0.0/0 pointing to the frontend IP of the standard load balancer).
Question Now my question is the following: We see traffic from AKS (10.112.130.0/23) to 10.112.193.0/24 is routed to the firewall instances in the hub, which is not intended. How can we adjust the routing to mitigate this?
A similar question was posted here: https://stackoverflow.com/questions/74470614/will-the-aks-service-cidr-be-routed-to-the-virtual-appliance