[Question] Public network in Portal Public network access

[jkroepke]

Describe scenario Today, I found this new toggle on our Portal:

Question

What is this? Whats the different between Public network access and public access to API server?

I can't find nothing inside documentation.

[rouke-broersma]

The helptext seems to suggest that disabling public network access would disable the ARM endpoints as well as the kubernetes api server endpoint. This seems to suggest that you can then no longer execute certain actions through Bicep/Arm template and/or ARM API (cluster start/stop, manage node pool) unless you run the api calls from within an environment that has line of sight within the vnet but in that case we would need to know which dns zones to create etc. Clarification of this option would be great.

[JoeyC-Dev]

It does block my kubectl requests

joey [ ~ ]$ kubectl get node
E0507 08:43:12.651086    6055 memcache.go:265] couldn't get current server API group list: unknown
E0507 08:43:12.724378    6055 memcache.go:265] couldn't get current server API group list: unknown
E0507 08:43:12.797868    6055 memcache.go:265] couldn't get current server API group list: unknown
E0507 08:43:12.871379    6055 memcache.go:265] couldn't get current server API group list: unknown
E0507 08:43:12.944857    6055 memcache.go:265] couldn't get current server API group list: unknown
Error from server (Forbidden): unknown

But does not look like that it will block the new node pool actions via Azure portal: Tried az-cli but same:

Joey [ ~ ]$ az aks nodepool add -n another --cluster-name aks -g rG
 | Running ..

It did not block stop cluster action too:

Is this feature still under development, or am I understanding it wrong?