Additional private endpoints to an existing private AKS cluster

Question

Hello,

I would like some help/insights on below situation.

• I got a private AKS cluster deployed in Vnet1.
• Now I am trying to create another private endpoint for this AKS cluster from another Vnet2.
• I am able to successfully create one and it gets auto-approved as well, only when I choose the AKS resource from the drop-down (Connect to an Azure resource in my directory).
• But, it doesn't get auto-approved when I create it using the resource ID/alias.

Qs:

• Can this be done? If yes, where does this private endpoint connection request go? and how can I get it approved? If no, why?

Answer 1

Hi, Thanks to reaching to us.

The consumers can request a connection to a private-link service by using either the resource URI or the alias. To connect by using the alias, create a private endpoint by using the manual connection approval method. To use the manual connection approval method, set the manual request parameter to True during the private-endpoint create flow.

This manual request can be auto approved if the consumer's subscription is allow-listed on the provider side.

To learn more go to controlling service access.

Please check below docs for more ref

https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview

https://learn.microsoft.com/en-us/cli/azure/network/private-endpoint?view=azure-cli-latest#az-network-private-endpoint-create

Kindly accept answer if it helps, Thanks!