Forum Discussion
Does Azure SRE Agent support working with Private AKS cluster ?
While I have my AKS cluster in private and wanted to connect with SRE agent but I don't find a related information on the docs about it
2 Replies
Hi Surya_Narayana, thank you, yes I access my cluster using private endpoint from a Azure VM .
But my dumb question is unlike other azure services I don't find the Network configuration (Vnet Integration) or such an option within Azure SRE Agent so that I can make use of it and deploy into .
So is that am not able to find it , can you help me on that part ?
hi Sreekumar the short answer is Yes, Azure SRE Agent can work with a private AKS cluster, but only if you explicitly configure network connectivity.
A private AKS cluster exposes the API server via a private endpoint. For the SRE Agent to connect, it must be able to:
- Reach the AKS private API endpoint over the network
- Resolve the AKS API DNS name to the private IP
- Have outbound HTTPS (443) allowed by NSGs / firewalls
Common working setups:
- Deploy the SRE Agent in the same VNet as AKS or a peered VNet
- Ensure Private Endpoint + DNS is correctly configured
- Use VNet peering, VPN, or ExpressRoute if the agent runs elsewhere
What won’t work:
- Expecting connectivity without VNet access
- Public DNS resolving to a private IP with no network route
This isn’t clearly called out in current docs, but it follows the same networking model as other Azure services accessing a private AKS API server.
