It would be useful to customise agent deployment at a very early stage.
For example: configuring a proxy for Docker, or sending a command to open a firewall during the install, adding privates certificates to Docker etc.
Using Daemonsets is not accurate to tune the system before kubernetes start.4 votes
Similar to GKE, restarting a node or scaling should not overwrite any user changes to network security group rules. This would allow users to easily lock down externally facing services to a range of IP addresses.4 votes
It is confusing on what roles need to be given for the people responsible for aks creation in our organization.. we obviously dont want to give them broader contributor role and hunting for the list of operations one-by-one is cumbersome3 votes
The 2019-07-01 release brought the ability to pass tags to the MC_ resource group. However, tagging the resources within the MC_ resourcegroup is still not possible. Making it possible to tag those resources would help users with cost management, compliance, and automation.2 votes
Add visibility on vm size resources limitations (bandwidth, iops, disk slots...) inside AKS through labels, conditions, allocatable statuses
Not like https://github.com/kubernetes/kubernetes/pull/67772
I would prefer more control over scheduling and affinity by adding labels.2 votes
We would like to have a role that a person can have access on kubernetes Insights and see Cluster/Nodes/Controllers/Containers metrics, but not see Environment Variables, because there could be passwords there that's why we don't want everyone to have access to see that.2 votes
Set the DNS name of a static IP for an AKS Service of Type: LoadBalancer so it can be used in Traffic Manager
When pointing an Azure Traffic Manager endpoint at an AKS Service of Type: LoadBalancer, Traffic Manager will not allow you to use the Load Balancer's IP as an endpoint because the DNS name is not set by default and there's practically no documentation on the error message you get. Because of this, you need to set the DNS name outside of Kubernetes. If the DNS name were set by default, the LoadBalancer's IP could be used without the extra steps or unexpected error message.2 votes
Should be able to have a Kubernetes dashboard secured by and use rights from a proxy with an Azure AD token.2 votes
'Guest users in Azure AD, such as if you are using a federated login from a different directory, are not supported'
Please add support for this as it is a major blocker for our company to rollout AKS2 votes
GKE just announced the possibility to create a custom resource called "ManageCertificate" and than leave GKE to create and manage certificate for you without install cert-manager.
If you have different clusters it could be super useful.
Here the GKE link about this feature https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs?utm_sq=g61dk0vqfq1 vote
When the container logs are connected to Azure Monitor, it would be helpful if the k8s namespace was one of the fields that we can query by. If we have similarly name containers in different namespaces it is difficult to distinguish between them in a query1 vote
Having the ability to let Service Principal (non-interactive apps) to consume AKS API without device login when AAD integration is used.
When AAD integration is used on an RBAC AKS cluster , you can assign roles to users and groups. These users will have to **interactively** authenticate with devicelogin the first time they try to access the AKS API.This is good for humans but not that much for automation processes using Service Principals.
Service Principal based applications need to go through devicelogin page to consule AKS API's.
It would be nice to have a way to allow Service Principals to gain RBAC access to AKS API's **without** device login
 Like this way: https://docs.microsoft.com/en-us/azure/aks/aad-integration1 vote
I would be nice when multiple Services could bind the same public ip address but different ports. In general it would save public ip’s and should be easy to do, because all service objects are set up on the seam load balancer it just should check if an ip is already on the loadbalancer. Kubernetes allows already service objects with the seam ip.1 vote
I am trying to deploy via Azure ARM templates an AKS cluster. The deployment fails when I try to configure the aadProfile configuration object with the following error: "Changing property 'aadProfile' is not allowed. target: aadProfile."
Can anyone explain what is happening in the background and causes this interference?1 vote
Here is one service named message-service,
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
message-service-69b98989ff-dqfcs 1/1 Running 2 4d 10.240.0.74 aks-agentpool-71097180-3 <none>
⚡ leonzhao☯ mac# ~ k exec -it message-service-69b98989ff-dqfcs -- ip route
default via 10.240.0.1 dev eth0
10.240.0.0/16 dev eth0 scope link src 10.240.0.74
$ ip route
default via 10.240.0.1 dev azure0
10.240.0.0/16 dev azure0 proto kernel scope link src 10.240.0.68
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown1 vote
- Don't see your idea?