This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 5%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
We need our On Prem CI/CD Devops agent to reach AKS Private Cluster's Control plane.
and we are trying to explore the best possible options here.
Now there are different option mentioned here https://learn.microsoft.com/en-us/azure/architecture/guide/security/access-azure-kubernetes-service-cluster-api-server
Most of the data flow suggests "A user initiates RDP or SSH traffic to the jump box from an on-premises workstation."
Now can someone tell me if we can directly reach from our On Prem network to AKS Private Cluster Control plane without having a Jump box server in the middle ?
Can we use Express route or VPN Gateway with IPsec tunnel to reach the Control plane ?
Note: aks command invoke is not a options for us.
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
Per mutaz-msft 's answer, yes, you should be able to connect to your private cluster via VPN or ExpressRoute.
To directly access AKS Cluster, just make sure you configure OnPrem DNS to resolve to the private IP of the AKS cluster in Azure.
Thanks,
Kapil
Please Accept an answer if correct.
Original posters help the community find answers faster by identifying the correct answer.
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Kapil
Thanks for the help. we are trying to consider cloud hosted DevOps agent to avoid express route.
Hi @Sourav Bhattacharya,
Yes, you can use Express route or VPN to connect to the private AKS cluster as mentioned here:
https://learn.microsoft.com/en-us/azure/aks/private-clusters?tabs=azure-portal#options-for-connecting-to-the-private-cluster