Azure APIM ( consumption Tier) with dotnet core api deployed on AKS cluster

Neha Oberoi 21 Reputation points
2020-07-13T11:21:48.627+00:00

Hi All,

I have - Azure APIM ( consumption Tier ) and aks ( dotnet core api deployed on kubernetes). I read document https://learn.microsoft.com/en-us/azure/api-management/api-management-kubernetes to secure api's on aks cluster -

I cannot keep apim in vnet ( due to some restriction ) so I was trying 2nd way given on the link above "Install an Ingress Controller", but for that I need APIM IP address( which I dont have in consumption tier ). Can anyone suggest what can be the best way to secure api's on aks with APIM ( consumption )

Regards,
Neha Oberoi

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,771 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,869 questions
Accepted answer
  1. vipullag-MSFT 24,211 Reputation points Microsoft Employee
    2020-07-13T14:34:24.21+00:00

    @NehaOberoi-1041

    Below is a suggestion based on your ask.
    Private ingress controller can be installed which would be available within the Virtual Network only (not accessible for internet or other virtual networks).

    Then APIM can be configured to redirect the traffic to this ingress controller basis the hostname, path etc.

    However, IP of APIM is not required in ingress controller and moreover the IPs of APIM can keep on changing. So it is not recommended to embedded it in the ingress controller. You can read about private ingress controller here.

    Please 'Accept as answer' if it helped, so that it can help others in the community looking for help on similar topics.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Neha Oberoi 21 Reputation points
    2020-07-15T11:41:21.71+00:00

    @vipullag-MSFT : Thanks for your suggestion , I have one question...APIM will not be in vnet ( as I have consumption tier ) so how will it point to ingress controller private (as it should not be accessible outside vnet) .

    0 comments
  2. Neha Oberoi 21 Reputation points
    2020-07-15T11:44:55.957+00:00

    @vipullag-MSFT : to be more specific on above query ...as you said Then APIM can be configured to redirect the traffic to this ingress controller basis the hostname, path etc...How this will be possible as apim will not be in vnet of kubernetes cluster so it should not be able to access ingress controller