NissesSenap
commented
2 years ago We need to be able to define existing ip prefix. How to: https://www.thorsten-hans.com/provision-aks-and-nat-gateway-with-terraform/
Open NissesSenap opened 2 years ago
NissesSenap
commented
2 years ago We need to be able to define existing ip prefix. How to: https://www.thorsten-hans.com/provision-aks-and-nat-gateway-with-terraform/
NissesSenap
commented
1 year ago For now it seems like NAT gateway can't be made zone redundant. Instead we have to rewrite our network stack to use 3 subnets, 3 public ip prefixes and 3 nat gateways. https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-availability-zones#zonal-nat-gateway-resource-for-each-zone-in-a-region-to-create-zone-resiliency
It would increase the cost by allot and it also creates allot more work then we appreciated.
Started to work on a PR but I have closed it. https://github.com/XenitAB/terraform-modules/pull/858
NissesSenap
commented
1 year ago We hope that Azure will solve this for us in the feature so for now I put it to waitning-for-thirdparty. Lets see if we can find some information about future solutions. We might reconsider this in the future.
Currently we are use SNAT for egress traffic in AKS.
Recently AKS NAT Gateway https://docs.microsoft.com/en-us/azure/aks/nat-gateway was released. and we should look in to changing to this.
This will force recreation of the cluster but it should be fine with a standard blue green migration.