AKS Learn feedback: #264
Description
Type of issue
Typo
Feedback
Based on customer feedback following their move from Azure CNI to CNI Overlay + Cilium, there are some enhancement opportunities from their experience:
- For the migration for CNI Overlay, network policies need to be disabled first:
az aks update -n aks-cni-migration -g $resourceGroupName --network-plugin-mode overlay --pod-cidr 192.168.0.0/16
(ValidationError) Cannot update cluster to Azure CNI Overlay while using network policies with Azure CNI v1.
Code: ValidationError
Message: Cannot update cluster to Azure CNI Overlay while using network policies with Azure CNI v1.
Required command:
az aks update -n aks-cni-migration -g $resourceGroupName --network-policy none
- When migrating to CNI overlay, Cilium network policy needs to be enabled at the same time:
az aks update --name aks-cni-migration --resource-group $resourceGroupName --network-dataplane cilium
(BadRequest) Cilium dataplane requires network policy cilium.
Code: BadRequest
Message: Cilium dataplane requires network policy cilium.
Target: networkProfile.networkPolicy
Required command:
az aks update --name aks-cni-migration --resource-group $resourceGroupName --network-dataplane cilium --network-policy cilium
I would suggest that we add notes/commands for these scenarios to make it easier for customers to perform the migration (or perhaps network policy can be disabled automatically when Overlay is enabled, and Cilium NetPol can be automatically enabled when enabling Cilium dataplane)
Page URL
Content source URL
https://github.com/MicrosoftDocs/azure-aks-docs/blob/main/articles/aks/upgrade-azure-cni.md
Author
Document Id
42557c24-0cea-bfd0-b647-0938b31c54c7
Platform Id
eaafcf8f-a76f-d6c8-857a-9b14a5a3debe