Azure Kubernetes Service (AKS)

Have feedback for Azure Kubernetes Service (AKS)? Submit your idea or vote up an idea submitted by others. All of the feedback you share here will be monitored and reviewed by the AKS team. Remember that this site is only for feature suggestions and ideas. If you have technical questions or issues, please submit them to our GitHub issues page or on StackOverflow.

How can we improve the Azure Kubernetes Service (AKS)?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Addon for automatic reboot of nodes

    At the moment you have to reboot your vm's yourself after updates that require a reboot. You can use kured to take care of this. It would be nice if you can enable an "addon" or something so vm's will be rebooted by Azure for you. So you don't have to do it yourself or use kured.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add Kubernetes namespace to Azure Monitor Logs

    When the container logs are connected to Azure Monitor, it would be helpful if the k8s namespace was one of the fields that we can query by. If we have similarly name containers in different namespaces it is difficult to distinguish between them in a query

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  3. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure RBAC - Built-In role for cluster creators

    It is confusing on what roles need to be given for the people responsible for aks creation in our organization.. we obviously dont want to give them broader contributor role and hunting for the list of operations one-by-one is cumbersome

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  5. have access on insights on Kubernetes but not see environment variables

    We would like to have a role that a person can have access on kubernetes Insights and see Cluster/Nodes/Controllers/Containers metrics, but not see Environment Variables, because there could be passwords there that's why we don't want everyone to have access to see that.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  6. Integrate PIM with AAD enabled clusters

    If you elevate yourself to the Cluster Admin Role via PIM you can download cluster admin credentials with the command:

    az aks get-credentials -n my_cluster -g my_rg --admin

    If you then deactivate the role via PIM, you can still use the admin credentials locally. It would be nice if we could somehow set an expiration time to stop those credentials from working (from the client that requested them via PIM elevation) after the requested time frame, or if we could invalidate them via a token of some sort.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  7. Having the ability to let Service Principal (non-interactive apps) to consume AKS API without device login when AAD integration is used.

    When AAD integration is used on an RBAC AKS cluster [1], you can assign roles to users and groups. These users will have to **interactively** authenticate with devicelogin the first time they try to access the AKS API.This is good for humans but not that much for automation processes using Service Principals.

    Service Principal based applications need to go through devicelogin page to consule AKS API's.

    It would be nice to have a way to allow Service Principals to gain RBAC access to AKS API's **without** device login

    [1] Like this way: https://docs.microsoft.com/en-us/azure/aks/aad-integration

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  8. Set the DNS name of a static IP for an AKS Service of Type: LoadBalancer so it can be used in Traffic Manager

    When pointing an Azure Traffic Manager endpoint at an AKS Service of Type: LoadBalancer, Traffic Manager will not allow you to use the Load Balancer's IP as an endpoint because the DNS name is not set by default and there's practically no documentation on the error message you get. Because of this, you need to set the DNS name outside of Kubernetes. If the DNS name were set by default, the LoadBalancer's IP could be used without the extra steps or unexpected error message.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  9. MC_ Resource Group should have option to inherit AKS Tags

    We use Azure Policy to ensure all our resources inherit tags from their resource group. Cost Center being the big one for our company.

    This policy fails when AKS creates an additional resource group, and has been requiring us to manually intervene and apply the cost center tag.

    In the absence of removing that resource group altogether, it would be great if in the interim, the MC_ Resource Group could have the option to inherit the tags from the AKS resource in the original resource group.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow multiple Service objects to use the same public ip

    I would be nice when multiple Services could bind the same public ip address but different ports. In general it would save public ip’s and should be easy to do, because all service objects are set up on the seam load balancer it just should check if an ip is already on the loadbalancer. Kubernetes allows already service objects with the seam ip.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  11. Secure Kubernetes Dashboard with Azure Active Directory

    Should be able to have a Kubernetes dashboard secured by and use rights from a proxy with an Azure AD token.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  12. Changing property 'aadProfile' is not allowed

    Hello!

    I am trying to deploy via Azure ARM templates an AKS cluster. The deployment fails when I try to configure the aadProfile configuration object with the following error: "Changing property 'aadProfile' is not allowed. target: aadProfile."

    Can anyone explain what is happening in the background and causes this interference?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure AD Guest User support with RBAC

    As noted on https://docs.microsoft.com/en-us/azure/aks/aad-integration

    'Guest users in Azure AD, such as if you are using a federated login from a different directory, are not supported'

    Please add support for this as it is a major blocker for our company to rollout AKS

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  14. Run custom script extension when provisioning new agent nodes

    It would be useful to customise agent deployment at a very early stage.

    For example: configuring a proxy for Docker, or sending a command to open a firewall during the install, adding privates certificates to Docker etc.

    Using Daemonsets is not accurate to tune the system before kubernetes start.

    https://github.com/Azure/AKS/issues/212

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  15. How to request external network in pod

    Here is one service named message-service,

    NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
    message-service-69b98989ff-dqfcs 1/1 Running 2 4d 10.240.0.74 aks-agentpool-71097180-3 <none>

    ⚡ leonzhao☯ mac# ~ k exec -it message-service-69b98989ff-dqfcs -- ip route
    default via 10.240.0.1 dev eth0
    10.240.0.0/16 dev eth0 scope link src 10.240.0.74

    Here is
    $ ip route
    default via 10.240.0.1 dev azure0
    10.240.0.0/16 dev azure0 proto kernel scope link src 10.240.0.68
    172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  16. Auto generated tags via deployment manifests

    Description:
    When a service is created in AKS such as a load balancer, or a disk, which ties back to an Azure resource, add the ability to tag the resource right in the deployment manifest. For organizations requiring strict tagging policies on resources in their Azure accounts, the creation of resources within AKS leaves un-tagged resources in the account.

    The outcome of this would be that you, Microsoft, would be empowering your customers with the ability to dynamically organize your resources in the account as they're dynamically created in AKS.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support multiple availability zones for HA (high-availability) clusters

    Allow k8s nodes/agent pool to be created in different/multiple availability zones, to support a highly-available (HA) cluster

    157 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  18 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make Kubernetes Dashboard Deployment Optional

    It is not desirable to have the kubernetes-dashboard deployed by default in all scenarios and it should be the decision of the end-user to determine if it should be installed or not (assuming it is not required for ongoing support by Microsoft).

    Examples of mis-configured dashboards include https://redlock.io/blog/cryptojacking-tesla and whilst we don't forsee a problem with the current setup ideally we would stop deploying a service we do not require.

    If we choose to remove the kubernetes-dashboard deployment from our current implementation the addon-manager will re-deploy it effectively undoing the removal.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support Standard SSDs as storage class

    Currently it seems that only Standard HDD and Premium SSD is supported to be used in a storage class. We would like to select a standard SSD for our test databases also.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support VM Disk Encryption

    Azure Security Recommendations notice that the disks provisioned as part of the Kubernetes Service cluster are not encrypted. And according to the AKS FAQ (https://docs.microsoft.com/en-us/azure/aks/faq),
    "Modifying the resources under the MC_* in the AKS cluster breaks the SLO."

    A method to encrypt the disks should be made available.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base