Open jkroepke opened 1 month ago
The helptext seems to suggest that disabling public network access would disable the ARM endpoints as well as the kubernetes api server endpoint. This seems to suggest that you can then no longer execute certain actions through Bicep/Arm template and/or ARM API (cluster start/stop, manage node pool) unless you run the api calls from within an environment that has line of sight within the vnet but in that case we would need to know which dns zones to create etc. Clarification of this option would be great.
It does block my kubectl
requests
joey [ ~ ]$ kubectl get node
E0507 08:43:12.651086 6055 memcache.go:265] couldn't get current server API group list: unknown
E0507 08:43:12.724378 6055 memcache.go:265] couldn't get current server API group list: unknown
E0507 08:43:12.797868 6055 memcache.go:265] couldn't get current server API group list: unknown
E0507 08:43:12.871379 6055 memcache.go:265] couldn't get current server API group list: unknown
E0507 08:43:12.944857 6055 memcache.go:265] couldn't get current server API group list: unknown
Error from server (Forbidden): unknown
But does not look like that it will block the new node pool actions via Azure portal:
Tried az-cli
but same:
Joey [ ~ ]$ az aks nodepool add -n another --cluster-name aks -g rG
| Running ..
It did not block stop cluster action too:
Is this feature still under development, or am I understanding it wrong?
Describe scenario Today, I found this new toggle on our Portal:
Question
What is this? Whats the different between Public network access and public access to API server?
I can't find nothing inside documentation.