From the Azure API management pricing page I see that Virtual Networks aren't supported besides the Developer and Premium tiers.
Currently with my developer tier subscription when configuring the VN of an APIM I can choose between "off", "External" and "Internal". With the other tiers, can I still use an External VN or no VN at all?
When I try to connect a kubernetes cluster/VM to the APIM, I have to configure the APIM with an external VN. So if that's not possible with the other subscription tiers, is it still possible to connect to a kubernetes cluster?
VNET Support (and hence the options) are available only in the Developer and Premium Tiers.
You can still use APIM by routing requests from APIM to the AKS load balancer using a static IP and overriding the Host
header as required. If possible, you could also use Azure Application Gateway as an ingress controller too.
When taking the load balancer approach, you could setup a Network Security Group to allow traffic only from APIM (and any other IPs/Services) to your AKS nodes.
When taking the Application Gateway approach, you could setup IP restrictions to APIM.
You should be able to setup a similar source IP rule on your own ingress controller too instead of an NSG rule I suppose.