A community member has associated this post with a similar question:
Control Egress/Ingress Traffic to AKS Cluster
Only moderators can edit this content.
Control Egress/Ingress Traffic to AKS Cluster
Hello,
I run into an issue when an AKS cluster is deployed behind a BASIC Azure Firewall.
I am basically following this guide: https://learn.microsoft.com/en-us/azure/aks/limit-egress-traffic?tabs=aks-with-system-assigned-identities (with the exception where I use a basic firewall)
My firewall route table looks like this:
Firewall policy contains following application rules:
Then DNAT rules to forward ingress traffic through the firewall’s public IP.
When I try deploying the cluster into a subnet that has the firewall RT associated nothing seems to work. Pods get stuck in a “Pending” state and the issue seems to be with assigning pod IPs based on the subnet it was placed in. I am using the Azure CNI network type and Calico network policy. Image below shows an example of what I expect to see when the provisioning completes successfully, in my case I see a “-“ under endpoint.
Can someone point me to what I am missing here?
Thanks.