Azure Kubernetes Service (AKS)

Have feedback for Azure Kubernetes Service (AKS)? Submit your idea or vote up an idea submitted by others. All of the feedback you share here will be monitored and reviewed by the AKS team. Remember that this site is only for feature suggestions and ideas. If you have technical questions or issues, please submit them to our GitHub issues page or on StackOverflow.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Run custom script extension when provisioning new agent nodes

    It would be useful to customise agent deployment at a very early stage.

    For example: configuring a proxy for Docker, or sending a command to open a firewall during the install, adding privates certificates to Docker etc.

    Using Daemonsets is not accurate to tune the system before kubernetes start.

    https://github.com/Azure/AKS/issues/212

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support Standard SSDs as storage class

    Currently it seems that only Standard HDD and Premium SSD is supported to be used in a storage class. We would like to select a standard SSD for our test databases also.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  3. Restarting Nodes or Scaling Shouldn't Reset Network Security Group Inbound Rules to Default

    Similar to GKE, restarting a node or scaling should not overwrite any user changes to network security group rules. This would allow users to easily lock down externally facing services to a range of IP addresses.

    https://github.com/Azure/AKS/issues/570

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  4. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure RBAC - Built-In role for cluster creators

    It is confusing on what roles need to be given for the people responsible for aks creation in our organization.. we obviously dont want to give them broader contributor role and hunting for the list of operations one-by-one is cumbersome

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  6. Secure Kubernetes Dashboard with Azure Active Directory

    Should be able to have a Kubernetes dashboard secured by and use rights from a proxy with an Azure AD token.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  7. AGIC Path based routing Implementation - Update more examples in github

    While deploying AGIC referring to below link

    https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/setup/install-new.md

    the aspnetapp.yaml have the annotation mentioned only for one application , IN caseof multipath routing , Please update the aspnetapp.yaml with

    appgw.ingress.kubernetes.io/backend-path-prefix: "/"

    An example yaml file I have used given below with 3 paths

    apiVersion: v1
    kind: Pod
    metadata:
    name: aspnetapp
    labels:

    app: aspnetapp
    

    spec:
    containers:
    - image: "mcr.microsoft.com/dotnet/core/samples:aspnetapp"

    name: aspnetapp-image
    
    ports:
    - containerPort: 80
    protocol: TCP

    apiVersion: v1
    kind: Service
    metadata:
    name: aspnetapp
    spec:
    selector:

    app: aspnetapp
    

    ports:
    - protocol: TCP

    port: 80
    
    targetPort: 80

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    name: aspnetappingress
    annotations:

    kubernetes.io/ingress.class: azure/application-gateway
    
    appgw.ingress.kubernetes.io/backend-path-prefix: "/"

    #kubernetes.io/ingress.global-static-ip-name: appgwpublicip03f3
    #appgw.ingress.kubernetes.io/backend-protocol:…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  8. Generate automatic SSL Certificate without cert-manager

    GKE just announced the possibility to create a custom resource called "ManageCertificate" and than leave GKE to create and manage certificate for you without install cert-manager.

    If you have different clusters it could be super useful.

    Here the GKE link about this feature https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs?utm_sq=g61dk0vqfq

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  9. have access on insights on Kubernetes but not see environment variables

    We would like to have a role that a person can have access on kubernetes Insights and see Cluster/Nodes/Controllers/Containers metrics, but not see Environment Variables, because there could be passwords there that's why we don't want everyone to have access to see that.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  10. Set the DNS name of a static IP for an AKS Service of Type: LoadBalancer so it can be used in Traffic Manager

    When pointing an Azure Traffic Manager endpoint at an AKS Service of Type: LoadBalancer, Traffic Manager will not allow you to use the Load Balancer's IP as an endpoint because the DNS name is not set by default and there's practically no documentation on the error message you get. Because of this, you need to set the DNS name outside of Kubernetes. If the DNS name were set by default, the LoadBalancer's IP could be used without the extra steps or unexpected error message.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure AD Guest User support with RBAC

    As noted on https://docs.microsoft.com/en-us/azure/aks/aad-integration

    'Guest users in Azure AD, such as if you are using a federated login from a different directory, are not supported'

    Please add support for this as it is a major blocker for our company to rollout AKS

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  12. Expand metrics available for alerting in Azure Monitor for containers

    We currently use a third party solution for alerting on node metrics due to the limited metrics available. We'd like to see as a minimum:
    CPU %
    Memory %
    Disk space %
    Disk IO %
    Node availability

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  13. Internal load balancer accessible from peered network in another region

    When I create an AKS cluster in UK South and a HDInsight cluster in East US I cant communicate with an internal load balancer on the AKS cluster from the HDInsight cluster.

    I have peered the two virtual networks and can communicate with the k8s service using node port and the cluster IP, but once I try to use the IP associated with the internal load balancer it times out.

    If I setup both clusters in UK south the internal load balancer works perfectly.

    Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow multiple Service objects to use the same public ip

    I would be nice when multiple Services could bind the same public ip address but different ports. In general it would save public ip’s and should be easy to do, because all service objects are set up on the seam load balancer it just should check if an ip is already on the loadbalancer. Kubernetes allows already service objects with the seam ip.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  15. Changing property 'aadProfile' is not allowed

    Hello!

    I am trying to deploy via Azure ARM templates an AKS cluster. The deployment fails when I try to configure the aadProfile configuration object with the following error: "Changing property 'aadProfile' is not allowed. target: aadProfile."

    Can anyone explain what is happening in the background and causes this interference?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  16. How to request external network in pod

    Here is one service named message-service,

    NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
    message-service-69b98989ff-dqfcs 1/1 Running 2 4d 10.240.0.74 aks-agentpool-71097180-3 <none>

    ⚡ leonzhao☯ mac# ~ k exec -it message-service-69b98989ff-dqfcs -- ip route

    default via 10.240.0.1 dev eth0
    10.240.0.0/16 dev eth0 scope link src 10.240.0.74

    Here is
    $ ip route
    default via 10.240.0.1 dev azure0
    10.240.0.0/16 dev azure0 proto kernel scope link src 10.240.0.68
    172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
2 Next →
  • Don't see your idea?

Feedback and Knowledge Base