Connect to AKS with Private IP without opening routes

@Megha Shah Thank you for your query!!!

The kubenet networking option is the default configuration for AKS cluster creation. With kubenet, nodes get an IP address from the Azure virtual network subnet. Pods receive an IP address from a logically different address space to the Azure virtual network subnet of the nodes. Network address translation (NAT) is then configured so that the pods can reach resources on the Azure virtual network. The source IP address of the traffic is NAT'd to the node's primary IP address.

Nodes use the kubenet Kubernetes plugin. You can let the Azure platform create and configure the virtual networks for you, or choose to deploy your AKS cluster into an existing virtual network subnet. Again, only the nodes receive a routable IP address, and the pods use NAT to communicate with other resources outside the AKS cluster.

You can read more about it here.

For a private AKS cluster API server endpoint has no public IP address. To manage the API server, you will need to use a VM that has access to the AKS cluster's Azure Virtual Network (VNet). There are several options for establishing network connectivity to the private cluster.

• Create a VM in the same Azure Virtual Network (VNet) as the AKS cluster.
• Use a VM in a separate network and set up Virtual network peering. See the section below for more information on this option.
• Use an Express Route or VPN connection.

You can read more about it here.

You can check this article to understand possibility of connecting to AKS cluster.

You can refer to this as well to check easy way to login to AKS node without public IP.

Hope it helps!!!

Please 'Accept as answer' if it helped, so that it can help others in the community looking for help on similar topics