We're trying to connect an AKS Cluster through an IPSEC VPN, which requires us to use only one private IP (they have a whitelist for both public and private IP's). We're using an Azure VPN Gateway to make it.
We want to communicate it using a service (ClusterIP or Internal Load Balancer), but at the other side of the tunnel we always see the private IP of the AKS Node. So if we escalate the cluster, or have to re-deploy the cluster our private IP will change and we won't be able to communicate.
We tried with both Kubenet and Advanced networking options in Azure, but we got the same result.
I'd appreciate if someone here has a better idea about what we can do to have a deterministic private IP for this case. Thanks!
I tried but unfortunately it didn't work (I kept watching the node's IP.
I solved the issue using nodeSelector (so I'm forcing the pod to be deployed to a specific node). And I figured out that I can modify the private IP of the node through the IP configuration in the portal. It's not a fancy solution but it works. I'd like to figure out a way to do it using services though.
Thank you so for your kind help!
For your issue, while we cannot decide the AKS node private IP, so there is just one way to achieve as I know(Maybe there are other ways, but I do not know).
You can create the AKS cluster with the advanced network, and then you should choose one private IP for the internal load balancer, no matter in the same subnet or the different subnet with the cluster. Remember, this private IP will always not be used and just for the load balancer. Finally, you can put this private IP into your whitelist and you can access your application in AKS cluster through this load balancer.
If you have multiple applications in the AKS cluster, then I would suggest the Internal Ingress, it's more helpful and useful.