Please help advise when will NSG Flow Logs support Azure Services like AKS
The main reason we are asking Azure teams to extend Flow Logs and Traffic Analyser to AKS is for allowing clients with web applications running on Kubernetes clusters to monitor, analyse and alert about all traffic hitting the cluster’s public IP address. This would be essential for identifying sources that may overload, intentionally or not, our applications and implement actions appropriately for avoiding performance issues.
Mohit Agrawal (AZNET PM) commented
NSG Flow Logs supports AKS. There is an extra step that needs to be done as per the best practices mentioned in the public docs - https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#best-practices
Copying below for reference:
AKS Cluster Subnet: AKS adds a default NSG at the cluster subnet. As explained in the above point, flow logging must be enabled on this default NSG.