Private Azure Kubernetes Service cluster


    In a private cluster, the Control Plane/API server will have internal IP addresses defined in RFC1918. By using a private cluster, you can ensure network traffic between your API server and your node pools remains on the private network only. The communication between the control plane/API server, which is in an AKS-managed Azure subscription, and the customers cluster/node pool, which is in a customer subscription, can communicate with each other through the private link service in the API server VNET and a private endpoint exposed in the subnet of the customer AKS cluster.
    Download slide deck from here:
    Other Resources:


    Previous articleCurso Docker Compose: Clase 1
    Next articleTerraform AWS VPC Tutorial (Create AWS VPC for EKS cluster with DNS support) Ep 1


    1. Hello Naveed, nothing was mentioned about payload end-points. if AKS is a Private cluster, would the payload end-points be public or private end-points?

      Currently with AKS installed with default settings will result in public end-points for the API server as well as any of the softwares that will be installed in the worker nodes. From the video it is clear how the API endpoint can be made private via the Private-link and Private-endpoint. But what happens to the endpoints of the softwares that we will install on the worker nodes?

    2. Thanks for the great video. Really helped me get a private cluster up and running. One question, does making the cluster private not make it not resolvable by other Azure services and Azure devops? I am no longer able to use deployment center with Azure devops and it appears to be a DNS issue saying it can;t resolve FQDN of AKS cluster. Also kubectl cli command basically say the same thing. Thanks!