question

UdayKiranReddyureddy-2664 avatar image
0 Votes"
UdayKiranReddyureddy-2664 asked shivapatpi-MSFT commented

How to access aks service from same vnet?

I have created an aks cluster and deployed an application there and exposed it as a service.

Can be accessible through LoadBalancer.

To access it internally, I created a windows VM in the same vnet (different subnet) of aks cluster and tried to access the application using cluster IP, but can't access it.

Any suggestions?

Because I got the similar issue with application gateway also, so tried this VM now but same issue.

azure-kubernetes-serviceazure-application-gatewayazure-webapps-vnet
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

shivapatpi-MSFT avatar image
0 Votes"
shivapatpi-MSFT answered shivapatpi-MSFT commented

Hello @UdayKiranReddyureddy-2664 ,
ClusterIP service type is accessible only with-in the cluster , it can't be accessed even in the same subnet or different subnet of the VNET.

You can use internal loadbalancer , while creating the service of type LoadBalancer user the annotation service.beta.kubernetes.io/azure-load-balancer-internal: "true"
It will be accessed only with-in the VNET.

https://docs.microsoft.com/en-us/azure/aks/internal-lb


Regards,
Shiva.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Keeping it as loadbalancer will make it expose to internet directly. But we need it restricted and accessible only through application gateway.

0 Votes 0 ·

Keeping it as loadbalancer will make it expose to internet directly. But we need it restricted and accessible only through application gateway

0 Votes 0 ·
shivapatpi-MSFT avatar image shivapatpi-MSFT UdayKiranReddyureddy-2664 ·

When you use LoadBalancer with service.beta.kubernetes.io/azure-load-balancer-internal: "true" - it is accessible only with-in the VNET (It won't be exposed to internet), hence not accessible outside of that VNET.
You can have an Application Gateway in the same VNET

0 Votes 0 ·