Reputation: 2839
How to deploy AKS (Azure container service) in a VPN?
I want to deploy some kubernetes workloads, which are visible from some other VM's on Azure but not visible from the outside world.
For example: I might have a VM running a Zuul Gateway which for some routes I want to redirect to the K8s cluster, yet I don't want to allow people to directly access my K8s cluster.
Is it possible to place my AKS inside a VPN? If so, how should I achieve this?
Upvotes: 0
Views: 1202
Answers (2)
Reputation: 8107
In addition to options, pointed out by @4c74356b41, you can run ingress controller on the cluster, and limit it to your internal server IP only
Upvotes: 1
Reputation: 72171
So this isnt possible now (at least out of the box) due to the nature of AKS being a service with no VNet integration as of yet. You can try to hack around this, but it will probably not work really well as your agents need to talk to the master.
I see 2 options:
- Use internal load balancers instead of public ones to expose your services
- Use ACS which has vnet integration, but I'm not sure if you can apply 2 routes to the same vnet
Upvotes: 1
Related Questions
- AKS Service deployment done and can´t reach external IPs
- Kubernetes / AKS: Route external traffic to Service
- networking in azure kubernetes services
- AKS using Internal endpoint for communication
- Connect AKS Cluster to a Virtual network hosting Virtual machines
- Connect AKS Cluster through IPSEC VPN with only 1 private IP
- AKS(kubernetes) service with UDP and TCP
- Azure AKS connectivity to Data Centre over VPN
- Ingress IP with Azure AKS
- Azure Container Services (AKS) - Exposing containers to other VNET resources