My scenario is pretty simple, but my google-fu is either not working, or I'm not understanding the documentation correctly.
We have an AKS cluster and we have windows services running on IIS in another vnet running on some VMs. Converting those windows services to run on K8S is not an option.
How can we open up a dns name on the AKS cluster so that our Windows service can call apis for services that exist on the K8S cluster, yet at the same time NOT allow any access to that cluster from the public.
I tried making a VPN gateway but it wanted a public ip.
I tried looking into external-dns but that also looks like its public only.
Our K8S cluster does have public access through an api-gateway, however, we would rather that the "internal" calls not go through the entire auth process on every call.
You would need to create a vnet peering or vnet site-to-site connection depending on your setup.
https://blogs.technet.microsoft.com/canitpro/2017/06/28/step-by-step-configuring-a-site-to-site-vpn-gateway-between-azure-and-on-premise/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview