'AKS firewall rules to allow
I’ve been deploying an Private AKS cluster. On the subnet where it supposed to be deployed I’ve assigned and UDR to force all traffic 0.0.0.0 to the internal IP of the Azure Firewall that resides in a peered VNEt aka the hub (in a hub and spoke architecture). The AKS deployment was not finishing and actually looking at the node pools to be deployed it looks like the deployment failed because the service couldn’t reach MS stuff. My question now is as I was unable to find, what url do I need to actually permit from the aks subnet in terms of a) deploying it b) keeping it up to date - meaning updating the worker nodes c) NTP d) whatever else ?
Solution 1:[1]
In the official MS documentation there is a section that describes the required outbound ports / network rule for an AKS cluster when using a firewall.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Philip Welz |