Open denniszielke opened 8 months ago
When is the ETA for trying Vnet encryption in AKS?
We're currently evaluating if there are any impacts to AKS environments. No concrete timeline but are looking to implement.
Hi, is this available now? We were assuming it was following GA across our regions (UKS/UKW) in April, but testing today shows VNet flow logs reporting no layer 4 encryption between AKS VMSS instances.
The VNet Encryption was only for VNet's themselves. We still haven't turned them on in AKS due to the impact evaluation and resource limitations. We're still considering and happy to hear that you're wanting this functionality.
The VNet Encryption was only for VNet's themselves. We still haven't turned them on in AKS due to the impact evaluation and resource limitations. We're still considering and happy to hear that you're wanting this functionality.
Thanks for quick reply. We're spending a lot of time and effort moving off OSM to Istio, but VNet encryption would be so much better as we only use a mesh for encryption between pods. Envoy uses up so much memory and adds complexity, so would like this feature asap. I've raised with our Microsoft support people, so now looking for ETAs.
@chasewilson Any update on this feature, whether it is enabled now for AKS?
@denniszielke @chasewilson isn't it already supported https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-encryption-overview#supported-scenarios or am i understanding the document correctly. you're original ask is not requesting explicitly pod to pod communication on the same host to be encrypted
Is your feature request related to a problem? Please describe. As a customer I need to ensure encryption between host of an AKS cluster.
Describe the solution you'd like I would like to see support for AKS to use native azure vnet encryption as soon as that is available. The limitations seem great for most scenarios. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-encryption-overview
Describe alternatives you've considered Today we are using service mesh but that using istio/ linkerd just for encryption is a wast of computing power.