Azure Kubernetes Service (AKS)

Have feedback for Azure Kubernetes Service (AKS)? Submit your idea or vote up an idea submitted by others. All of the feedback you share here will be monitored and reviewed by the AKS team. Remember that this site is only for feature suggestions and ideas. If you have technical questions or issues, please submit them to our GitHub issues page or on StackOverflow.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support multiple availability zones for HA (high-availability) clusters

    Allow k8s nodes/agent pool to be created in different/multiple availability zones, to support a highly-available (HA) cluster

    179 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  20 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  2. Please create all the kubernetes related resources in the same resource group.

    The policies in the company don't allow custom naming for azure resource groups. This is really getting the way of using AKS for production use.

    193 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support non-interactive login for AAD-integrated clusters

    Currently if your cluster is integrated with AAD, any kubectl command will prompt you for an interactive login, even after logging in via Azure CLI and obtaining Kubectl credentials using 'az aks get-credentials'.

    This won't work for anything using automation (e.g. a CI server such as Jenkins).

    Ideally one could log in using a service principal who is then mapped to roles using RBAC. Once you are logged in via the Azure CLI, you could obtain the credentials and execute Kubectl commands as normal.

    Original issue here: https://github.com/Azure/AKS/issues/556

    A similar issue was raised here, but I would like to be…

    136 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  4. AKS has a high Log Analytics cost - Azure Monitor for Containers logs every container's perf metrics every 60s

    Enabling Azure Monitor for Containers provides very powerful and useful logging and metrics (e.g. available through Azure Portal). However performance metrics for nodes *and every running container* are gathered and reported every 60 seconds, which results in very high data ingestion costs in Log Analytics.

    For our Azure bill, the highest cost is VMs (expected), the second highest cost is Log Analytics. We pay far more for logging than we do for SQL Server and CosmosDB data storage and processing combined(!) Looking into this, the main culprit is the Perf table in Log Analytics which is filled with node and…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  5. MC_ Resource Group should have option to inherit AKS Tags

    We use Azure Policy to ensure all our resources inherit tags from their resource group. Cost Center being the big one for our company.

    This policy fails when AKS creates an additional resource group, and has been requiring us to manually intervene and apply the cost center tag.

    In the absence of removing that resource group altogether, it would be great if in the interim, the MC_ Resource Group could have the option to inherit the tags from the AKS resource in the original resource group.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  2 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  6. Addon for automatic reboot of nodes

    At the moment you have to reboot your vm's yourself after updates that require a reboot. You can use kured to take care of this. It would be nice if you can enable an "addon" or something so vm's will be rebooted by Azure for you. So you don't have to do it yourself or use kured.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  7. Monitor Automated Kernel Updates

    Our AKS nodes ran into this bug (https://github.com/Azure/aks-engine/issues/1356), which completely stopped the automated AKS kernel updates that are supposed to take place nightly.

    Updates were stalled for weeks until I double-checked the status due to this security notice (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190020), discovered the problem, and applied the work-around to get us past the broken kernel.

    This problem should not have had to be discovered manually, but neither my team nor any team at Azure support was notified of the stuck kernel, to my knowledge. I would like failed node updates to cause a notification to be automatically sent…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support VM Disk Encryption

    Azure Security Recommendations notice that the disks provisioned as part of the Kubernetes Service cluster are not encrypted. And according to the AKS FAQ (https://docs.microsoft.com/en-us/azure/aks/faq),
    "Modifying the resources under the MC_* in the AKS cluster breaks the SLO."

    A method to encrypt the disks should be made available.

    39 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  9. low priority VMs (and VMSS)

    It would be really nice if AKS could support low priority VM scale sets.

    It seems that support for VMSS is already in the works and available as a preview.

    The original request was mentioned here:
    https://github.com/Azure/AKS/issues/290

    63 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  6 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enable tagging of resources in the MC_ resourcegroup

    The 2019-07-01 release brought the ability to pass tags to the MC_ resource group. However, tagging the resources within the MC_ resourcegroup is still not possible. Making it possible to tag those resources would help users with cost management, compliance, and automation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  11. Integrate PIM with AAD enabled clusters

    If you elevate yourself to the Cluster Admin Role via PIM you can download cluster admin credentials with the command:

    az aks get-credentials -n my_cluster -g my_rg --admin

    If you then deactivate the role via PIM, you can still use the admin credentials locally. It would be nice if we could somehow set an expiration time to stop those credentials from working (from the client that requested them via PIM elevation) after the requested time frame, or if we could invalidate them via a token of some sort.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support for Azure Monitor Autoscale

    Provide support for Azure Monitor Autoscale that automatically adds instances based on a metric.

    This would allow us to mitigate issues and create awareness about them without any manual action.

    Bonus points if we can remove instances as well.

    51 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure RBAC - Built-In role for cluster creators

    It is confusing on what roles need to be given for the people responsible for aks creation in our organization.. we obviously dont want to give them broader contributor role and hunting for the list of operations one-by-one is cumbersome

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  14. Internal load balancer accessible from peered network in another region

    When I create an AKS cluster in UK South and a HDInsight cluster in East US I cant communicate with an internal load balancer on the AKS cluster from the HDInsight cluster.

    I have peered the two virtual networks and can communicate with the k8s service using node port and the cluster IP, but once I try to use the IP associated with the internal load balancer it times out.

    If I setup both clusters in UK south the internal load balancer works perfectly.

    Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  15. Generate automatic SSL Certificate without cert-manager

    GKE just announced the possibility to create a custom resource called "ManageCertificate" and than leave GKE to create and manage certificate for you without install cert-manager.

    If you have different clusters it could be super useful.

    Here the GKE link about this feature https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs?utm_sq=g61dk0vqfq

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  16. AKS should add new nodes to the clcuster when existing nodes crash/get deleted

    AKS should add new nodes to the cluster when existing nodes crash/get deleted

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  17. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  18. Option to assign public IPv4 addresses to AKS nodes

    Please add support to automatically allocate (and associate) public IPv4 addresses with each AKS worker node. Currently the only way to do this is to manually add an Public Ipv4 address to the primary NIC (when using Advanced Networking).

    The need is that our application (a UDP based streaming platform) needs direct Internet addressability in order to be able to stream using custom protocols. This needs to be done in combination with Advanced Networking to get good performance.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow LoadBalancers to bind to Static IPs, created in the AKS Resource Group

    At the moment LoadBalancers can only bind to IPs, created in the automatically created AKS ResourceGroup (the one starting with MC_).

    As I'm not a fan of manually editing automatically created resources. I would like to be able create IPs besides the AKS resource and let my LoadBalancers bind to them.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make Kubernetes Dashboard Deployment Optional

    It is not desirable to have the kubernetes-dashboard deployed by default in all scenarios and it should be the decision of the end-user to determine if it should be installed or not (assuming it is not required for ongoing support by Microsoft).

    Examples of mis-configured dashboards include https://redlock.io/blog/cryptojacking-tesla and whilst we don't forsee a problem with the current setup ideally we would stop deploying a service we do not require.

    If we choose to remove the kubernetes-dashboard deployment from our current implementation the addon-manager will re-deploy it effectively undoing the removal.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base