Azure Kubernetes Service (AKS)
Have feedback for Azure Kubernetes Service (AKS)? Submit your idea or vote up an idea submitted by others. All of the feedback you share here will be monitored and reviewed by the AKS team. Remember that this site is only for feature suggestions and ideas. If you have technical questions or issues, please submit them to our GitHub issues page or on StackOverflow.
-
AKS has a high Log Analytics cost - Azure Monitor for Containers logs every container's perf metrics every 60s
Enabling Azure Monitor for Containers provides very powerful and useful logging and metrics (e.g. available through Azure Portal). However performance metrics for nodes and every running container are gathered and reported every 60 seconds, which results in very high data ingestion costs in Log Analytics.
For our Azure bill, the highest cost is VMs (expected), the second highest cost is Log Analytics. We pay far more for logging than we do for SQL Server and CosmosDB data storage and processing combined(!) Looking into this, the main culprit is the Perf table in Log Analytics which is filled with node and…
53 votes -
Support for Azure Monitor Autoscale
Provide support for Azure Monitor Autoscale that automatically adds instances based on a metric.
This would allow us to mitigate issues and create awareness about them without any manual action.
Bonus points if we can remove instances as well.
52 votesPlease take a look at the Kubernetes cluster autoscaler and let us know if you see the need for additional capabilities or a different approach.
-
Allow LoadBalancers to bind to Static IPs, created in the AKS Resource Group
At the moment LoadBalancers can only bind to IPs, created in the automatically created AKS ResourceGroup (the one starting with MC_).
As I'm not a fan of manually editing automatically created resources. I would like to be able create IPs besides the AKS resource and let my LoadBalancers bind to them.
32 votes -
Having the ability to let Service Principal (non-interactive apps) to consume AKS API without device login when AAD integration is used.
When AAD integration is used on an RBAC AKS cluster [1], you can assign roles to users and groups. These users will have to interactively authenticate with devicelogin the first time they try to access the AKS API.This is good for humans but not that much for automation processes using Service Principals.
Service Principal based applications need to go through devicelogin page to consule AKS API's.
It would be nice to have a way to allow Service Principals to gain RBAC access to AKS API's without device login
[1] Like this way: https://docs.microsoft.com/en-us/azure/aks/aad-integration
28 votes -
MC_ Resource Group should have option to inherit AKS Tags
We use Azure Policy to ensure all our resources inherit tags from their resource group. Cost Center being the big one for our company.
This policy fails when AKS creates an additional resource group, and has been requiring us to manually intervene and apply the cost center tag.
In the absence of removing that resource group altogether, it would be great if in the interim, the MC_ Resource Group could have the option to inherit the tags from the AKS resource in the original resource group.
27 votes -
AKS should add new nodes to the clcuster when existing nodes crash/get deleted
AKS should add new nodes to the cluster when existing nodes crash/get deleted
27 votes -
Adding data disks to AKS nodes
Copied from https://github.com/Azure/AKS/issues/401
It could be possible to add data disks to nodes in AKS at provisioning time? Pretty much like
"diskSizesGB": [30, 30],in acs-engine, or the option --data-disk-sizes-gb for the az vm create command. I'm playing around with OpenEBS, and it's easy to setup distributed storage on separated partitions, but it'll be easier if I have those disks mounted at boot (now I need to manually create/attach managed disks, and ssh into each node).
27 votes -
Allow IP range changes
Currently it is not possible to change the pod nor service IP ranges (CIDR subnets) after an AKS cluster has been created. Therefore it is necessary to over-size IP ranges in case plans change and more services & pods are needed. If IP addresses run out, the only option available is to recreate the cluster entirely.
If AKS allowed changes to these IP ranges, fewer cluster recreations and better sizing would be possible.
25 votes -
Support for Event Grid events
Provide support for Event Grid events so that it provides integration points
First events that come to my mind:
- Deployment Created
- Deployment Succeeded
- Cluster Scaling Initiated
- Pod Scaling Initiated
- Pod Starting
- Pod Failed
- ...
25 votes -
Option to assign public IPv4 addresses to AKS nodes
Please add support to automatically allocate (and associate) public IPv4 addresses with each AKS worker node. Currently the only way to do this is to manually add an Public Ipv4 address to the primary NIC (when using Advanced Networking).
The need is that our application (a UDP based streaming platform) needs direct Internet addressability in order to be able to stream using custom protocols. This needs to be done in combination with Advanced Networking to get good performance.
23 votes -
Auto generated tags via deployment manifests
Description:
When a service is created in AKS such as a load balancer, or a disk, which ties back to an Azure resource, add the ability to tag the resource right in the deployment manifest. For organizations requiring strict tagging policies on resources in their Azure accounts, the creation of resources within AKS leaves un-tagged resources in the account.The outcome of this would be that you, Microsoft, would be empowering your customers with the ability to dynamically organize your resources in the account as they're dynamically created in AKS.
19 votes -
Make Kubernetes Dashboard Deployment Optional
It is not desirable to have the kubernetes-dashboard deployed by default in all scenarios and it should be the decision of the end-user to determine if it should be installed or not (assuming it is not required for ongoing support by Microsoft).
Examples of mis-configured dashboards include https://redlock.io/blog/cryptojacking-tesla and whilst we don't forsee a problem with the current setup ideally we would stop deploying a service we do not require.
If we choose to remove the kubernetes-dashboard deployment from our current implementation the addon-manager will re-deploy it effectively undoing the removal.
16 votes -
Addon for automatic reboot of nodes
At the moment you have to reboot your vm's yourself after updates that require a reboot. You can use kured to take care of this. It would be nice if you can enable an "addon" or something so vm's will be rebooted by Azure for you. So you don't have to do it yourself or use kured.
14 votes -
Integrate PIM with AAD enabled clusters
If you elevate yourself to the Cluster Admin Role via PIM you can download cluster admin credentials with the command:
az aks get-credentials -n mycluster -g myrg --admin
If you then deactivate the role via PIM, you can still use the admin credentials locally. It would be nice if we could somehow set an expiration time to stop those credentials from working (from the client that requested them via PIM elevation) after the requested time frame, or if we could invalidate them via a token of some sort.
9 votes -
Enable tagging of resources in the MC_ resourcegroup
The 2019-07-01 release brought the ability to pass tags to the MC resource group. However, tagging the resources within the MC resourcegroup is still not possible. Making it possible to tag those resources would help users with cost management, compliance, and automation.
8 votes -
Create static IPs for the hosted control plane (Master API)
When create AKS cluster, the FQDN of master API server will be created and the PIP of API might be change.
request to add feature to create static PIP of master API (HCP) when create new AKS cluster
it is good advantage when the customer doesn't have FW feature with application rule to add FQDN and need to add static IP as whitelist for AKS subnet
7 votes -
Restarting Nodes or Scaling Shouldn't Reset Network Security Group Inbound Rules to Default
Similar to GKE, restarting a node or scaling should not overwrite any user changes to network security group rules. This would allow users to easily lock down externally facing services to a range of IP addresses.
7 votes -
Monitor Automated Kernel Updates
Our AKS nodes ran into this bug (https://github.com/Azure/aks-engine/issues/1356), which completely stopped the automated AKS kernel updates that are supposed to take place nightly.
Updates were stalled for weeks until I double-checked the status due to this security notice (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190020), discovered the problem, and applied the work-around to get us past the broken kernel.
This problem should not have had to be discovered manually, but neither my team nor any team at Azure support was notified of the stuck kernel, to my knowledge. I would like failed node updates to cause a notification to be automatically sent…
6 votes -
Add Kubernetes namespace to Azure Monitor Logs
When the container logs are connected to Azure Monitor, it would be helpful if the k8s namespace was one of the fields that we can query by. If we have similarly name containers in different namespaces it is difficult to distinguish between them in a query
5 votes -
Run custom script extension when provisioning new agent nodes
It would be useful to customise agent deployment at a very early stage.
For example: configuring a proxy for Docker, or sending a command to open a firewall during the install, adding privates certificates to Docker etc.
Using Daemonsets is not accurate to tune the system before kubernetes start.
5 votes
- Don't see your idea?