SatyKrish
commented
8 months ago When is the ETA for trying Vnet encryption in AKS?
Open denniszielke opened 8 months ago
SatyKrish
commented
8 months ago When is the ETA for trying Vnet encryption in AKS?
chasewilson
commented
8 months ago We're currently evaluating if there are any impacts to AKS environments. No concrete timeline but are looking to implement.
peteneville
commented
4 months ago Hi, is this available now? We were assuming it was following GA across our regions (UKS/UKW) in April, but testing today shows VNet flow logs reporting no layer 4 encryption between AKS VMSS instances.
chasewilson
commented
4 months ago The VNet Encryption was only for VNet's themselves. We still haven't turned them on in AKS due to the impact evaluation and resource limitations. We're still considering and happy to hear that you're wanting this functionality.
peteneville
commented
4 months ago The VNet Encryption was only for VNet's themselves. We still haven't turned them on in AKS due to the impact evaluation and resource limitations. We're still considering and happy to hear that you're wanting this functionality.
Thanks for quick reply. We're spending a lot of time and effort moving off OSM to Istio, but VNet encryption would be so much better as we only use a mesh for encryption between pods. Envoy uses up so much memory and adds complexity, so would like this feature asap. I've raised with our Microsoft support people, so now looking for ETAs.
snps-kattav
commented
2 months ago @chasewilson Any update on this feature, whether it is enabled now for AKS?
ivanthelad
commented
1 month ago @denniszielke @chasewilson isn't it already supported https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-encryption-overview#supported-scenarios or am i understanding the document correctly. you're original ask is not requesting explicitly pod to pod communication on the same host to be encrypted
Is your feature request related to a problem? Please describe. As a customer I need to ensure encryption between host of an AKS cluster.
Describe the solution you'd like I would like to see support for AKS to use native azure vnet encryption as soon as that is available. The limitations seem great for most scenarios. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-encryption-overview
Describe alternatives you've considered Today we are using service mesh but that using istio/ linkerd just for encryption is a wast of computing power.