AKS Networking with Application Gateway and Azure Firewall

Question

Hello everyone,

I am currently implementing a solution in Azure that involves using Azure Kubernetes Service (AKS) as a backend, along with an Application Gateway for incoming traffic. Additionally, I have configured an Azure Firewall to manage outbound traffic. My goal is to ensure that the traffic routing is symmetric.

In my current setup, incoming traffic is routed through the Application Gateway, and I have attached a route table in the AKS subnet directing 0.0.0.0/0 traffic to the Azure Firewall.

Could anyone please advise me on the best practices or steps to achieve symmetric routing in this configuration? Any insights or recommendations would be greatly appreciated!

Thank you !

Answer 1

Hi

If you want to redirect the traffic to Azure Firewall make sur you select the outbound type user-defined routing

https://learn.microsoft.com/en-us/azure/aks/egress-outboundtype?WT.mc_id=AZ-MVP-5004274

This article will help you to make the right choices and has a ready to test example (video +script)

https://learn.microsoft.com/en-us/azure/firewall/protect-azure-kubernetes-service?WT.mc_id=AZ-MVP-5004274

If you want to avoid potential asymmetric routing issue that could happen if you have public load balancer scenario check the link below

https://learn.microsoft.com/en-us/azure/firewall/integrate-lb?WT.mc_id=AZ-MVP-5004274