This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 68%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Team.
We already have a Site-2-Site enabled VNet for our Azure VM's(with private ip's). Other than this we have an AKS cluster with public ip running in a separate vnet.
Now we have to move this existing AKS into our existing Site-2-Site network. Has anyone did something like this before. For this, we have to remove the public ip address of AKS and transfer it under site-2-site vnet with a private ip address. We are unable to figure out that this activity will impact which areas in our existing setup as we do not want to be in any disastrous situation.
I'm just guessing that after transferring AKS into other existing vnet is there any chance of facing ip shortage issues within the pods or services etc.
Is it possible to perform this successfully. If not, can anyone share the successful strategy to do this otherwise it shall badly impact all our environments.
Regards,
Tanul
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Hi @Tanul ,
This will require deploying a new AKS cluster into the S2S network. There are 2 primary configurations that will need to be considered:
You would will need to modify the AKS cluster subnet route table to point egress traffic via a default route (0.0.0.0/0) to some kind of appliance like a firewall, gateway, or proxy. From my understanding of your environment setup, the traffic will likely need to be directed to the S2S gateway.
Ensure there is some pathway to public internet which is required for the AKS nodes to provision successfully (e.g. mcr.microsoft.com)
Aside from the hard requirement for a new AKS cluster, it is best to create this new cluster and perform testing and either a gradual migration of workload (if possible) or a full migration of workload after thorough testing.
The following is a good article to read that covers this "fully private" concept: Fully private AKS clusters — without any public ips — finally! | by Dennis Zielke | Medium
Hope that helps. Let me now if you have further questions.