terraform-modules
terraform-modules copied to clipboard
XenitAB
Change to AKS NAT gateway
Currently we are use SNAT for egress traffic in AKS.
Recently AKS NAT Gateway https://docs.microsoft.com/en-us/azure/aks/nat-gateway was released. and we should look in to changing to this.
This will force recreation of the cluster but it should be fine with a standard blue green migration.
We need to be able to define existing ip prefix. How to: https://www.thorsten-hans.com/provision-aks-and-nat-gateway-with-terraform/
For now it seems like NAT gateway can't be made zone redundant. Instead we have to rewrite our network stack to use 3 subnets, 3 public ip prefixes and 3 nat gateways. https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-availability-zones#zonal-nat-gateway-resource-for-each-zone-in-a-region-to-create-zone-resiliency
It would increase the cost by allot and it also creates allot more work then we appreciated.
Started to work on a PR but I have closed it. https://github.com/XenitAB/terraform-modules/pull/858
We hope that Azure will solve this for us in the feature so for now I put it to waitning-for-thirdparty. Lets see if we can find some information about future solutions. We might reconsider this in the future.