HoussemDellai, thanks so much for this article which really helped clean up the picture in my mind.
We tested the setup using the new API server VNet integration feature and had the following findings:
- Everything worked as you described it.
- We could provide access to the API server using a P2S Azure VPN gateway and peering the gateway VNet with the cluster VNet.
- When using the "Authorized IP ranges" feature on a public VNet-integrated cluster, access via the VPN stopped working. We tried allowing the VPN Gateway VNet CIDR, VPN client IP range and more, however it seemed like API server private access was blocked by this setting. Did you come across this issue and do you have any insight on how the combination of both features (VNet integration and Authorized IP ranges) is supposed to work?
Thanks again!
Microsoft