Azure Kubernetes Service (AKS)

Have feedback for Azure Kubernetes Service (AKS)? Submit your idea or vote up an idea submitted by others. All of the feedback you share here will be monitored and reviewed by the AKS team. Remember that this site is only for feature suggestions and ideas. If you have technical questions or issues, please submit them to our GitHub issues page or on StackOverflow.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow integrating with pre-existing route table

    When deploying AKS with kubenet, you are able to select a pre-existing VNet but are not able to specify a pre-existing route-table. Most organizations require the use of a firewall via a network virtual appliance and thus require use of custom route tables.

    AKS with kubenet deploys a route-table that it creates/manages and updates with new routes for nodes on scale out that it needs.

    Ideally would be better if AKS can optionally integrate with a pre-existing route table associated with the existing VNet, and simply add/remove its routes.

    39 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  2. Create static IPs for the hosted control plane (Master API)

    When create AKS cluster, the FQDN of master API server will be created and the PIP of API might be change.

    request to add feature to create static PIP of master API (HCP) when create new AKS cluster

    it is good advantage when the customer doesn't have FW feature with application rule to add FQDN and need to add static IP as whitelist for AKS subnet

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  3. AKS has a high Log Analytics cost - Azure Monitor for Containers logs every container's perf metrics every 60s

    Enabling Azure Monitor for Containers provides very powerful and useful logging and metrics (e.g. available through Azure Portal). However performance metrics for nodes and every running container are gathered and reported every 60 seconds, which results in very high data ingestion costs in Log Analytics.

    For our Azure bill, the highest cost is VMs (expected), the second highest cost is Log Analytics. We pay far more for logging than we do for SQL Server and CosmosDB data storage and processing combined(!) Looking into this, the main culprit is the Perf table in Log Analytics which is filled with node and…

    53 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  4. AGIC Path based routing Implementation - Update more examples in github

    While deploying AGIC referring to below link

    https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/setup/install-new.md

    the aspnetapp.yaml have the annotation mentioned only for one application , IN caseof multipath routing , Please update the aspnetapp.yaml with

    appgw.ingress.kubernetes.io/backend-path-prefix: "/"

    An example yaml file I have used given below with 3 paths

    apiVersion: v1
    kind: Pod
    metadata:
    name: aspnetapp
    labels:

    app: aspnetapp
    

    spec:
    containers:
    - image: "mcr.microsoft.com/dotnet/core/samples:aspnetapp"

    name: aspnetapp-image
    
    ports:
    - containerPort: 80
    protocol: TCP

    apiVersion: v1
    kind: Service
    metadata:
    name: aspnetapp
    spec:
    selector:

    app: aspnetapp
    

    ports:
    - protocol: TCP

    port: 80
    
    targetPort: 80

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    name: aspnetappingress
    annotations:

    kubernetes.io/ingress.class: azure/application-gateway
    
    appgw.ingress.kubernetes.io/backend-path-prefix: "/"

    #kubernetes.io/ingress.global-static-ip-name: appgwpublicip03f3
    #appgw.ingress.kubernetes.io/backend-protocol:…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support non-interactive login for AAD-integrated clusters

    Currently if your cluster is integrated with AAD, any kubectl command will prompt you for an interactive login, even after logging in via Azure CLI and obtaining Kubectl credentials using 'az aks get-credentials'.

    This won't work for anything using automation (e.g. a CI server such as Jenkins).

    Ideally one could log in using a service principal who is then mapped to roles using RBAC. Once you are logged in via the Azure CLI, you could obtain the credentials and execute Kubectl commands as normal.

    Original issue here: https://github.com/Azure/AKS/issues/556

    A similar issue was raised here, but I would like to be…

    265 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  6. Set the Load Balancer SKU for LB created by the cloud provider

    We can't right now choose the LB sku except from the cloud provider config (which is on the masters and therefore not accessible).

    An annotation could be great for this.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  7. changed to documentation for enabling master logs

    I would like to suggest a change to the documentation for enabling master logs to indicate why you would want to enable each component, what they log, and possibly a blurb about the large log ingestion if you enable the api server logs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  8. Addon for automatic reboot of nodes

    At the moment you have to reboot your vm's yourself after updates that require a reboot. You can use kured to take care of this. It would be nice if you can enable an "addon" or something so vm's will be rebooted by Azure for you. So you don't have to do it yourself or use kured.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  9. MC_ Resource Group should have option to inherit AKS Tags

    We use Azure Policy to ensure all our resources inherit tags from their resource group. Cost Center being the big one for our company.

    This policy fails when AKS creates an additional resource group, and has been requiring us to manually intervene and apply the cost center tag.

    In the absence of removing that resource group altogether, it would be great if in the interim, the MC_ Resource Group could have the option to inherit the tags from the AKS resource in the original resource group.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  2 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enable tagging of resources in the MC_ resourcegroup

    The 2019-07-01 release brought the ability to pass tags to the MC resource group. However, tagging the resources within the MC resourcegroup is still not possible. Making it possible to tag those resources would help users with cost management, compliance, and automation.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  11. Expand metrics available for alerting in Azure Monitor for containers

    We currently use a third party solution for alerting on node metrics due to the limited metrics available. We'd like to see as a minimum:
    CPU %
    Memory %
    Disk space %
    Disk IO %
    Node availability

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  12. Monitor Automated Kernel Updates

    Our AKS nodes ran into this bug (https://github.com/Azure/aks-engine/issues/1356), which completely stopped the automated AKS kernel updates that are supposed to take place nightly.

    Updates were stalled for weeks until I double-checked the status due to this security notice (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190020), discovered the problem, and applied the work-around to get us past the broken kernel.

    This problem should not have had to be discovered manually, but neither my team nor any team at Azure support was notified of the stuck kernel, to my knowledge. I would like failed node updates to cause a notification to be automatically sent…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  13. low priority VMs (and VMSS)

    It would be really nice if AKS could support low priority VM scale sets.

    It seems that support for VMSS is already in the works and available as a preview.

    The original request was mentioned here:
    https://github.com/Azure/AKS/issues/290

    85 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  7 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  14. Having the ability to let Service Principal (non-interactive apps) to consume AKS API without device login when AAD integration is used.

    When AAD integration is used on an RBAC AKS cluster [1], you can assign roles to users and groups. These users will have to interactively authenticate with devicelogin the first time they try to access the AKS API.This is good for humans but not that much for automation processes using Service Principals.

    Service Principal based applications need to go through devicelogin page to consule AKS API's.

    It would be nice to have a way to allow Service Principals to gain RBAC access to AKS API's without device login

    [1] Like this way: https://docs.microsoft.com/en-us/azure/aks/aad-integration

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  15. Generate automatic SSL Certificate without cert-manager

    GKE just announced the possibility to create a custom resource called "ManageCertificate" and than leave GKE to create and manage certificate for you without install cert-manager.

    If you have different clusters it could be super useful.

    Here the GKE link about this feature https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs?utm_sq=g61dk0vqfq

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add Kubernetes namespace to Azure Monitor Logs

    When the container logs are connected to Azure Monitor, it would be helpful if the k8s namespace was one of the fields that we can query by. If we have similarly name containers in different namespaces it is difficult to distinguish between them in a query

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  17. Integrate PIM with AAD enabled clusters

    If you elevate yourself to the Cluster Admin Role via PIM you can download cluster admin credentials with the command:

    az aks get-credentials -n mycluster -g myrg --admin

    If you then deactivate the role via PIM, you can still use the admin credentials locally. It would be nice if we could somehow set an expiration time to stop those credentials from working (from the client that requested them via PIM elevation) after the requested time frame, or if we could invalidate them via a token of some sort.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  18. Auto generated tags via deployment manifests

    Description:
    When a service is created in AKS such as a load balancer, or a disk, which ties back to an Azure resource, add the ability to tag the resource right in the deployment manifest. For organizations requiring strict tagging policies on resources in their Azure accounts, the creation of resources within AKS leaves un-tagged resources in the account.

    The outcome of this would be that you, Microsoft, would be empowering your customers with the ability to dynamically organize your resources in the account as they're dynamically created in AKS.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support for Azure Monitor Autoscale

    Provide support for Azure Monitor Autoscale that automatically adds instances based on a metric.

    This would allow us to mitigate issues and create awareness about them without any manual action.

    Bonus points if we can remove instances as well.

    52 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  20. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base