Connectivity Issues from VM to custom image aksEngine cluster

[ritikaguptams]

Problem: I am unable to connect to custom created aks-engine cluster from a VM in the same subscription, though I am able to connect to the cluster from a CORPNET machine.

Solution from Internal Support: Put the VM in the same VNet as the cluster, and traffic should not be blocked by the simply secure rules. However, the VM would likely still not be able to connect to any public IPs used by the cluster; you would have to configure the VM to hit the cluster's private IPs instead. For instance, if the VM queries the cluster's load balancer, it will need to query the private IP instead of its public IP.

Assistance Required: I’d like to understand how to go about the steps to get my cluster on the same VNet and update the kubeconfig to use the clusters private IP address. I would appreciate it if you could share any documentation for the same.

[bridgetkromhout]

Hi, @ritikaguptams - First of all I want to make sure you understand that the AKS Engine project is deprecated. If you are just starting to use AKS Engine, you should stop and re-evaluate your needs. If your needs can be met by AKS, please use AKS. If you must use a self-managed cluster, please look at CAPZ. More information is available in the project status: https://github.com/Azure/aks-engine#project-status; most importantly, AKS Engine is a few weeks away from the Kubernetes 1.24 release, which will be the final supported version.

To your specific question, we do not provide support in this repo, but you could look at https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview for info on how to define rules to allow access to and from specific IPs.

Please let us know if you need assistance figuring out what you should use instead of AKS Engine. Thanks!