Share via

Azure ARC Kubernetes: Disable Cluster Connect but not Azure RBAC and Custom Locations

CKAU 20 Reputation points
2025-11-14T09:29:04.7966667+00:00

Hi,

we need the azure arc features "Azure RBAC" and "Custom Locations" but don't want to allow "Cluster Connect" from anywhere as we use private clusters.

We thought about just blocking the "Cluster Connect" service endpoints from the documentation on our firewall but the other features need those endpoints as well.

Can ARC be configured to only disable cluster connect but still allow the other features?

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
0 comments
Answer accepted by question author
  1. Bharath Y P 2,560 Reputation points Microsoft External Staff Moderator
    2025-11-14T11:11:52.3633333+00:00

    Hello CKAU,

    It looks like you're trying to use Azure Arc features like Azure RBAC and Custom Locations while disabling the Cluster Connect feature for privacy concerns with your clusters. Unfortunately, based on current Azure Arc functionality, both Custom Locations and Cluster Connect features are interdependent, meaning Custom Locations require Cluster Connect to be enabled.

    To answer your query, No. Azure Arc does not currently support disabling Cluster Connect while keeping Custom Locations enabled. These two features are interdependent Custom Locations relies on Cluster Connect for namespace management and service deployment. If you turn off Cluster Connect, Custom Locations will stop working.

    User's image Create and manage custom locations on Azure Arc-enabled Kubernetes - Azure Arc | Microsoft Learn

    While Azure RBAC works independently for user access, be aware that you cannot use the Custom Locations feature or view Kubernetes resources directly in the Azure Portal without Cluster Connect, as these features have a dependency on the Cluster Connect infrastructure.

    However, since if your primary goal is to disable Cluster Connect access and rely on Azure RBAC for private cluster access, this configuration may perfectly meet your security requirement.

    Reference document:

    Overview of custom locations with Azure Arc - Azure Arc | Microsoft Learn

    Hope this helps, if you need further assistance, please reach out to us, Thanks

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-14T09:29:18.2066667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Currently, Azure Arc does not provide a configuration option to disable only the Cluster Connect feature while keeping Azure RBAC and Custom Locations enabled. The Cluster Connect feature is integral for certain functionalities, and blocking its service endpoints may impact the ability to use Azure RBAC and Custom Locations as they share some of the same endpoints.

    If you need to maintain the security of your private clusters while using Azure RBAC and Custom Locations, you may need to consider alternative approaches, such as implementing strict network security rules or using other methods of access control that do not involve disabling Cluster Connect entirely.

    For the most accurate and tailored advice, it may be beneficial to consult Azure support or documentation directly regarding your specific use case and requirements.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.