Private Azure Kubernetes Service cluster

In a private cluster, the Control Plane/API server will have internal IP addresses defined in RFC1918. By using a private cluster, you can ensure network traffic between your API server and your node pools remains on the private network only. The communication between the control plane/API server, which is in an AKS-managed Azure subscription, and the customers cluster/node pool, which is in a customer subscription, can communicate with each other through the private link service in the API server VNET and a private endpoint exposed in the subnet of the customer AKS cluster.
Download slide deck from here:
Other Resources:


7 thoughts on “Private Azure Kubernetes Service cluster”
  1. Can you give more information how I can deploy app using Azure DevOps to K8s behind bastion?

  2. Hello Naveed, nothing was mentioned about payload end-points. if AKS is a Private cluster, would the payload end-points be public or private end-points?

    Currently with AKS installed with default settings will result in public end-points for the API server as well as any of the softwares that will be installed in the worker nodes. From the video it is clear how the API endpoint can be made private via the Private-link and Private-endpoint. But what happens to the endpoints of the softwares that we will install on the worker nodes?

  3. in validating you connection to which VM, we did not created any VM in this process ,so can u explain in detail

  4. Thanks for the great video. Really helped me get a private cluster up and running. One question, does making the cluster private not make it not resolvable by other Azure services and Azure devops? I am no longer able to use deployment center with Azure devops and it appears to be a DNS issue saying it can;t resolve FQDN of AKS cluster. Also kubectl cli command basically say the same thing. Thanks!

  5. Salam Naveed Sir, Seeing your videos after a month. All your videos are really awesome..

Leave a Reply

Your email address will not be published.

Captcha loading...