This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
All,
There was a discussion that came up about making AKS an air-gapped environment. What does this mean? The AKS which is a Private AKS is a combination of PaaS/IaaS with the management plane in the control of Microsoft and the compute plane with us.
We have our internal ACR to which we load the images from the vendors and eventually update the applications. The AKS does not have access to the internet.
Thanks,
grajee
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Hi Gopinath Rajee ,Thanks for posting your query on Microsoft Q&A.
An air-gapped environment refers to a network that is isolated from the internet and other networks that are connected to it. This means that there is no way for data to be transferred between the air-gapped system and other systems.
In the context of AKS, making AKS an air-gapped environment means that the AKS cluster does not have access to the internet and is isolated from other networks. This can be achieved by deploying or attaching a default AKS cluster to an isolated Azure Virtual Network (VNet) or by attaching a private AKS cluster to a VNet.
To secure the Azure Machine Learning workspace resources and compute environments, you can use an isolated Azure Virtual Network. If your AKS cluster is behind a VNet, your workspace and its associated resources (such as storage, key vault, and ACR) must have private endpoints or service endpoints in the same VNet as the AKS cluster.
In the context of AKS on Azure Stack Hub, this means that customers may deploy Azure Stack Hub in a fully disconnected environment*.*
Additional Reading:
If you have any questions/concerns, let me know in the "comments" and I will be happy to investigate further.
If this helped, please 'Accept Answer' so that it can help others in the community.
Kashmira - Our AKS installations are all Private AKS deployments deployed within dedicated VNet with no other application deployed in the VNet. Also, since it is a Private AKS we are forced to use Azure CNI.
With the above description what more is needed for the AKS to be air-gapped.
I will review the link also and thanks for your quick response :)