Reference and compare with Public Network Access feature in private cluster page

[tdihp]

Since the Public Network Access feature is already available even from portal for AKS, it deserves mentioning and comparison with the existing private cluster feature.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 0b68f2c4-bb6c-11a2-6c61-8af4057a2438
• Version Independent ID: e3498bed-1447-6841-8353-9f1b5d3dc8df
• Content: Create a private Azure Kubernetes Service (AKS) cluster - Azure Kubernetes Service
• Content Source: articles/aks/private-clusters.md
• Service: azure-kubernetes-service
• GitHub Login: @schaffererin
• Microsoft Alias: magoedte

[TPavanBalaji]

@tdihp Thanks for your feedback! We will investigate and update as appropriate.

[ManoharLakkoju-MSFT]

Hi @tdihp Yes, you are correct that the Public Network Access feature is now available for AKS and it allows you to expose your Kubernetes API server to the public internet. This feature is useful when you need to access your Kubernetes API server from outside of your virtual network, for example, when you are using a third-party tool to manage your Kubernetes cluster.

However, it is important to note that enabling Public Network Access can increase the attack surface of your cluster and make it more vulnerable to attacks. Therefore, it is recommended to use Private Clusters instead, which provides a more secure way to access your Kubernetes API server by using a private IP address and a private DNS zone.

Private Clusters ensures that your Kubernetes API server is only accessible from within your virtual network, which reduces the risk of unauthorized access and data exfiltration. Additionally, Private Clusters provides a more secure way to access your Kubernetes API server by using a private IP address and a private DNS zone.

In summary, while Public Network Access can be useful in certain scenarios, Private Clusters is the recommended approach for securing your Kubernetes API server.

[ManoharLakkoju-MSFT]

@tdihp We are going to close this thread as resolved but if there are any further questions regarding the documentation, please tag me in your reply and we will be happy to continue the conversation

[tdihp]

I'm not seeking advice, I'm seeking doc update @ManoharLakkoju-MSFT. Please find what you replied in the doc and share the link, or update the doc.

[ManoharLakkoju-MSFT]

@tdihp I'm going to assign this to the document author so they can take a look at it accordingly

@schaffererin Can you please check and add your comments on this doc update request as applicable.