The Private Cluster feature for AKS should be enabled

azure.kubernetes
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

The Private Cluster feature for Azure Kubernetes Service (AKS) cluster is enabled.

Rationale

The Private Cluster feature ensures that network traffic between your API server and your node pools remains solely on the private network. The API server is not exposed over the internet as it is with the standard AKS deployment. This configuration is a common requirement in many regulatory and industry compliance standards.

Remediation

Note: This setting cannot be changed after AKS deployment. Changing the setting requires recreating your cluster.

Impact

Creating and managing a Private AKS Cluster requires additional considerations when compared to a standard AKS deployment. It requires understanding how Azure Private Link and Private Endpoints work. It also requires a thorough assessment of your AKS networking architecture and dependencies. If your AKS cluster is on an isolated Azure Virtual Network (VNET), the Private Cluster feature requires additional configurations to allow connectivity between your AKS Cluster and your management VNET. Microsoft’s official documentation, which is included in references, helps you navigate the deployment of Private AKS Clusters.

References

  1. https://docs.microsoft.com/en-us/azure/aks/private-clusters
  2. https://docs.microsoft.com/en-us/azure/private-link/private-link-service-overview
  3. https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview
PREVIEWING: aliciascott/DOCS-9725-Cloudcraft