Azure Kubernetes Service (AKS)

Have feedback for Azure Kubernetes Service (AKS)? Submit your idea or vote up an idea submitted by others. All of the feedback you share here will be monitored and reviewed by the AKS team. Remember that this site is only for feature suggestions and ideas. If you have technical questions or issues, please submit them to our GitHub issues page or on StackOverflow.

How can we improve the Azure Kubernetes Service (AKS)?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support multiple node pool

    We are currently blocked to using a single node pool in AKS. It would be good to allow us to create new node pool (in different region) and to allow us to have a different VM size (per pool). Google and Amazon are already offering that feature.

    421 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
  2. Secure AKS API from Public Internet

    Managed K8s in Azure makes the AKS API publically accessible via an Internet endpoint.
    This Master node access is separate from the Agent nodes we stand up inside a VNet and can protect with interior private IPs and NSGs.

    While access to the AKS-API is be protected using Azure DDOS, and integration to AAD and RBAC for user access, some customer security organizations demand either IP whitelisting on it, or some type of if firewalling to limit access to it to only their company. VNet Service Endpoint as another option although not certain can can work. But that kind of…

    220 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    27 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. 220 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
  4. Increase Kubernetes node docker version to 17.05.x & +

    In order to take full advantage of running a VSTS agent in AKS, the docker version of the node must be at least 17.05 & + to support building project using multi-stage DockerFile.

    127 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →

    We have now enabled Moby for all users. It is roughly in line with Docker Engine 18.06, though you will see it listed as version 3.0.1, an internal Azure build number. With the exception of GPU-based VMs (which still have a Docker Engine dependency), all new nodes (included upgraded nodes) will be built with Moby.

  5. 80 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  4 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support for PodSecurityPolicy

    The PodSecurityPolicy admission controller does not seem to be supported. This is a key part of securing a cluster. I see it has previously been raised as an issue, but no feature request was raised. https://github.com/Azure/AKS/issues/327

    74 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for network policies with calico integration

    It would be awesome to have network policies support in AKS to control/restrict network traffic among the Pods and outside world.

    66 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support for Istio service mesh

    Istio service mesh is now 1.0. Add support within AKS and control plane.

    64 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  9. Ability to change password on Service Principal

    By default when AKS cluster is rolled out, default SP with password validity period of 1Y is created. Because masters are hidden for us, we are not able to change password, in order to change it for some sort of security breach, or just to create new one because old one has expired. So by now we have 2 options:
    1. Create SP with pass that never expires (not so preferable in terms of security),
    2. Create new AKS cluster. But, when you're in production, migrating everything from one cluster to another is not small step. And rolling out new…

    56 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enable Accelerated Networking

    Accelerated Networking enables much higher NIC throughput. See here for benefits and details https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-cli

    42 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Integration with Azure services  ·  Flag idea as inappropriate…  ·  Admin →
  11. AKS-API Control Plane Audit Trail - Activity Logs

    When a user authenticates successfully to the AKS-API we need an audit trail (security log) entry made as well as detail of what commands each user executed and when.
    This is the type of information we would usually see in an Azure Activity Log, but K8s Master Node activity is not captured there.

    A workaround for one small part (who is logging on) can be retrieved using AAD reports but this requires premium licensing and its limited to only who logged in, not what they did.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow changing the Service Principal associated with AKS

    Currently it's impossible to change the Service Principal associated with Azure Kubernetes Service.
    You might want to change the service principal if you're doing big changes in your Azure AD or moving your Azure Subscription to another directory.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Make LsV2 series available on AKS

    Make LsV2 type available on AKS.

    We are creating an k8s operator for ScyllaDB and would like to leverage this powerful hardware (specially because of the NVMes). This would be beneficial not only to our database but to any NoSQL or applications that require fast I/O.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  6 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
  14. 20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
  15. Make AKS available in India

    We have a lot of developers in India, and working with kuberenetes in either Japan, Southeast Asia or Europe, is just too far away.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
  16. Documentation of Changes between AKS versions

    There should be Documentation of changes between aks major and minor upgrade.

    For example what improvements or fixes have been addressed if i upgrade from 1.11.1 to 1.11.2.

    I think this information is required (for example maybe a docker daemon version changes etc)

    az aks get-versions -l westeurope -o table
    KubernetesVersion Upgrades
    ------------------- ---------------------------------------------------------------------------------
    1.11.2 None available
    1.11.1 1.11.2
    1.10.6 1.11.1, 1.11.2
    1.10.5 1.10.6, 1.11.1, 1.11.2
    1.10.3 1.10.5, 1.10.6, 1.11.1, 1.11.2
    1.9.10 1.10.3, 1.10.5, 1.10.6
    1.9.9 1.9.10, 1.10.3, 1.10.5, 1.10.6

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support for Kubernetes 1.14 and Windows cluster

    Support new K8s version that bring GA support for Windows containers

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  0 comments  ·  Portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. Please bring Containers and Serverless together - knative

    Seems like a great opportunity to bring the best of two paradigms into one...

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  0 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support CoreDNS now that it's GA and has been the default since Kubernetes 1.11

    Support CoreDNS now that it's GA and has been the default since Kubernetes 1.11

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Support for Kubernetes features  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base