Introduction
Microsoft announces the general availability (GA) of Azure Arc Gateway for Kubernetes. This tool significantly simplifies the network configuration required to integrate Kubernetes clusters with Azure Arc, reducing constraints related to enterprise proxies and firewalls. With outbound connectivity reduced to a set of easily definable endpoints, Azure Arc Gateway enables faster and more secure integration.
Good to know
Azure Arc Gateway is designed to accelerate the onboarding process for Kubernetes clusters while promoting simplified operations in the long term.
What is Azure Arc Gateway?
Azure Arc Gateway introduces two key components:
- Arc Gateway: A single entry point within your Azure tenant, responsible for redirecting inbound traffic from on-premises workloads to the relevant Azure services.
- Azure Arc Proxy: Present on each Arc-enabled Kubernetes cluster, the proxy routes traffic from agents and extensions through the Arc Gateway endpoint.
Simplified Traffic Flow
Here is an overview of the connectivity chain:
1Arc-enabled Kubernetes Agent → Arc Proxy → Enterprise Proxy → Arc Gateway → Azure ServicesKey Benefits
With the move to GA, Azure Arc Gateway brings several benefits:
- Reduction of endpoints to authorize: Instead of 18 distinct endpoints, only 9 are necessary, a 50% reduction.
- Accelerated integration: Companies with strict controls on outbound connections can now reduce delays related to network approvals.
- Simplified operations: Network and security teams benefit from a consistent and repeatable model for managing Arc agent and extension traffic.
Supported Scenarios
Azure Arc Gateway extends its functionality to cover the following scenarios:
- Connection to Arc-enabled Kubernetes cluster.
- Viewing resources of Arc-enabled Kubernetes clusters.
- Custom location.
- Azure Policy extension for Arc.
Specific Scenarios
While the Gateway covers several use cases, certain data plane endpoints must still be manually authorized. This includes:
- Azure Key Vault
- Log Analytics Workspace
- Storage Accounts
Attention
For a complete list of supported Arc Gateway scenarios and specific URLs to authorize, please refer to the official Azure Arc Gateway documentation.
Getting Started
The integration process with Azure Arc Gateway is as follows:
Create an Arc Gateway resource
Use the Azure portal, Azure CLI, or PowerShell to configure your first resource.
1New-AzArcGateway -ResourceGroup "ResourceGroupName" -Name "GatewayName"Authorize the endpoint
Configure your enterprise proxy or firewall to allow the Arc Gateway endpoint.
Enable or update your Kubernetes clusters
Associate your Azure Arc-enabled clusters to use the Arc Gateway resource.
FAQ
Does Arc Gateway require new software installation?
No. Arc Proxy is an integral part of the standard Azure Arc agent enabled for Kubernetes.
Do all Arc scenarios go through the Gateway?
For now, certain data plane endpoints still need to be manually validated. Check regularly for details in the official documentation.
What other Azure services are compatible with Arc Gateway?
Azure Arc Gateway is also in GA for Arc-enabled servers and Azure local environments.
Useful Resources
- Azure Arc Gateway Documentation
- Kubernetes Integration Guide with Azure Arc
- Arc Gateway Product Feedback Forum
Glossary
- GA (General Availability): Stage of a product or service where it is considered ready for public use and fully operational.
- Endpoint: A network address used to enable communication between systems.
- Proxy: An intermediate server that allows for securing and controlling network access.
Tip
To improve security and network management, consider planning a semi-annual review of authorized endpoints in your environment.
