Not Monitored
Tag not monitored by Microsoft.
36,431 questions
A community member has associated this post with a similar question:
Control Egress/Ingress Traffic to AKS Cluster
Only moderators can edit this content.
Control Egress/Ingress Traffic to AKS Cluster
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 83%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Kasun Buddika
0
Reputation points
Hello,
I run into an issue when an AKS cluster is deployed behind a BASIC Azure Firewall.
I am basically following this guide: https://learn.microsoft.com/en-us/azure/aks/limit-egress-traffic?tabs=aks-with-system-assigned-identities (with the exception where I use a basic firewall)
My firewall route table looks like this:
Firewall policy contains following application rules:
Then DNAT rules to forward ingress traffic through the firewall’s public IP.
When I try deploying the cluster into a subnet that has the firewall RT associated nothing seems to work. Pods get stuck in a “Pending” state and the issue seems to be with assigning pod IPs based on the subnet it was placed in. I am using the Azure CNI network type and Calico network policy. Image below shows an example of what I expect to see when the provisioning completes successfully, in my case I see a “-“ under endpoint.
Can someone point me to what I am missing here?
Thanks.
{count} votes
-
GitaraniSharma-MSFT 48,011 Reputation points Microsoft Employee2024-05-09T10:47:22.5266667+00:00 @Kasun Buddika , this post seems to be a duplicate of https://learn.microsoft.com/en-us/answers/questions/1664536/control-egress-ingress-traffic-to-aks-cluster, hence marking this thread as duplicate and we will continue working on the other thread.