Configure AKS API server authorized IP ranges with Azure Dev Spaces

Question

Hi

we have an AKS on Azure with configured authorized IP ranges for the API server like described here: https://learn.microsoft.com/en-us/azure/aks/api-server-authorized-ip-ranges

We would like to enable the Dev Spaces feature for this AKS cluster.
This documentation: https://learn.microsoft.com/en-us/azure/dev-spaces/configure-networking#using-api-server-authorized-ip-ranges states following:

To use Azure Dev Spaces when using this additional security while creating your cluster, you must allow additional ranges based on your region.

The "additional ranges based on your region" is a link to this: https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview#available-service-tags which however is relevant for Azure Firewall and Network Security Group configurations.

The authorized IP ranges configuration in AKS is just a list of CIDRs, and I see on obvious way to add a service tag there.

How can the Azure Region be whitelisted in this case?

Thank you
Vasil

Answer 1

@Info.nl Vasil Panushev

Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

Your issue: As per documentation, there is a tag for azuredevspace. How can the Azure Region be whitelisted in this case?

For authorizing IP ranges for azure devspaces for AKS api server, you can download this list of Azure cloud IP's based on the tags.
This is a JSON file which contains the public IP's, in this you can get the IP range information of the region you are looking for and whitelist it.

For Ex: IP range for WestEurope region.

Hope this helps.

Please 'Accept as answer' if it helped, so that it can help others in the community looking for help on similar topics.