For Microsoft Azure cloud, with AKS service, we want to deploy an internal application that can been accessed only by our team.
This scenario:
Even use private DNS can only connect the virtual network vms.
Then how to do?
Finally, this is the right solution:
https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/whitelist
If use nginx-ingress, install with this setting:
helm install stable/nginx-ingress \
--set controller.service.externalTrafficPolicy=Local
You can use an Internal Load Balancer (ILB) in Azure, which is just like a regular load balancer but with only private IP's from the same VNET where AKS is deployed (thus, no public IP's). It uses the annotation:
annotations: service.beta.kubernetes.io/azure-load-balancer-internal: "true"
as described in this article. You can use AzureDNS to point an A record to an that IP.
It's a solution with Calico on AWS:
https://docs.aws.amazon.com/eks/latest/userguide/calico.html