K
Q

In AKS how do I limit access to the cluster DNS to internal VMs

8/15/2018

My scenario is pretty simple, but my google-fu is either not working, or I'm not understanding the documentation correctly.

We have an AKS cluster and we have windows services running on IIS in another vnet running on some VMs. Converting those windows services to run on K8S is not an option.

How can we open up a dns name on the AKS cluster so that our Windows service can call apis for services that exist on the K8S cluster, yet at the same time NOT allow any access to that cluster from the public.

I tried making a VPN gateway but it wanted a public ip.
I tried looking into external-dns but that also looks like its public only.

Our K8S cluster does have public access through an api-gateway, however, we would rather that the "internal" calls not go through the entire auth process on every call.

-- Bob
azure
dns
kubernetes

Similar Questions

Migrating Cockroach DB from local machine to GCP Kubernetes Engine
How to enable Client Certificate Authentication with Traefik & Kubernetes?
argo workflow-controller can't connect to Kubernetes APIServer
Cannot connect to Private, Regional GKE endpoint from OpenVPN client
Unable to set JVM settings with JKube Maven plugin
What are the Kubernetes alternatives logging to ELK/EFK stack for Node.js apps

1 Answer

8/15/2018

You would need to create a vnet peering or vnet site-to-site connection depending on your setup.

https://blogs.technet.microsoft.com/canitpro/2017/06/28/step-by-step-configuring-a-site-to-site-vpn-gateway-between-azure-and-on-premise/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

-- 4c74356b41
Source: StackOverflow