This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 74%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
How to connect to a azure cosmos DB with a private endpoint from a public azure Kubernetes service.
I have a Go application deployed in azure aks (not private) which needs access a private cosmos database. Is there a way to whitelist aks or allow traffic from aks to the database.
Following up to see if the below suggestion was helpful. If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.
Regards
Geetha
Hi,
You can connect by creating a VNET peering between the AKS VNET and the Cosmos DB private endpoint VNET, or by creating a cosmos DB private endpoint using the AKS VNET.
We have a reference implementation for building and deploying containerized applications for Azure Kubernetes Service and Azure Cosmos DB. This reference implementation has two flavors, all Bicep and Bicep + Azure Service Operator for Azure Cosmos DB allowing operators to manage Cosmos DB via kubectl.
The other parts include using KeyVault integrated into secret store, managed service identity (auth/n) with RBAC (auth/z), log analytics for monitoring and also has VNET integration using Service Endpoints (not private endpoints).
While this doesn't give you exactly everything with private endpoints, it's very close. Just need to configure the private endpoints for Cosmos DB and private DNS for AKS to connect.
Can start with our blog post on this which walks you through the implementation with links to a GitHub repository you can git clone, modify and deploy yourself.