Hi @Tanul ,
This will require deploying a new AKS cluster into the S2S network. There are 2 primary configurations that will need to be considered:
- Deploy a private cluster (Create a private Azure Kubernetes Service cluster - Azure Kubernetes Service | Microsoft Learn)
- During deployment of private cluster also select an --outbound-type of userDefinedRouting (Customize user-defined routes (UDR) in Azure Kubernetes Service (AKS) - Azure Kubernetes Service | Microsoft Learn)
You would will need to modify the AKS cluster subnet route table to point egress traffic via a default route (0.0.0.0/0) to some kind of appliance like a firewall, gateway, or proxy. From my understanding of your environment setup, the traffic will likely need to be directed to the S2S gateway.
Ensure there is some pathway to public internet which is required for the AKS nodes to provision successfully (e.g. mcr.microsoft.com)
Aside from the hard requirement for a new AKS cluster, it is best to create this new cluster and perform testing and either a gradual migration of workload (if possible) or a full migration of workload after thorough testing.
The following is a good article to read that covers this "fully private" concept: Fully private AKS clusters — without any public ips — finally! | by Dennis Zielke | Medium
Hope that helps. Let me now if you have further questions.