microsoft-github-policy-service[bot]
commented
3 months ago @chasewilson would you be able to assist?
Open CocoWang-wql opened 3 months ago
microsoft-github-policy-service[bot]
commented
3 months ago @chasewilson would you be able to assist?
JoeyC-Dev
commented
3 months ago I kinda understand none is for BGP propagation.
But how the "block" work? Will there be any whitelisted NSG rules given by default? And I kinda want to know if NSG rules will be reset for every AKS stop/start because this is "block"?
The reason I asked this is I know there are some outbound rules required for AKS nodes startup like below (or AKS nodes will fail):
https://learn.microsoft.com/en-us/azure/aks/outbound-rules-control-egress#azure-global-required-network-rules
So I really want to know how it works to at least make sure the AKS nodes can start. BTW one of the requirements is accessing acs-mirror.azureedge.net, which is not using MSFT IP (This will challenge how for users to configure NSG rules):
Public Preview ETA: October 2024*
*ETAs are estimations and subject to change
AKS will support 2 new outbound types soon.
Outbound type = none, There is no public Loadbalancer, firewall or NAT gateway configured on AKS cluster. Also, there is no extra NSG set on the nodes.
outbound type = block There is no public Loadbalancer, firewall or NAT gateway configured on AKS cluster. In this case we will set a NIC NSG rule with low priority on the nodes to block the traffic from 0.0.0.0 -> Internet.