Forum Discussion
Azure Kubernetes Service (AKS) forbidden address ranges for vnet
DiegoUSC
I know this is an old thread, but I've run into the same problem. We use 172.30.0.0/16 addresses on prem and have had no luck getting function apps to talk to internal servers in this address space. Anybody knows a good workaround I'd be eternally grateful.
mike351425I'm sorry to hear that this problem hasn't been resolved yet. After reviewing the documentation and speaking on several occasions with MS support, the only solution we found was to change the network range of the VNET in which we have the AKS cluster and recreate the cluster. We were able to maintain the addressing in the rest of the peered VNETs and in the on-premises networks, but in the VNET where the AKS is hosted we finally had to change it. With this change everything seems to work fine, and the limitation seems to apply only for the AKS VNET. Our problem was different, and I think that we are not connecting from the AKS to IPs of this forbidden range, and maybe that is the reason why we didn't experience more problems.
The only solution that I can think of for your problem is to expose this on-premise IP forbidden ranges through a NAT that is in the allowed ranges for the AKS cluster.
DiegoUSCThat is what we ended up doing and it does seem to work. Was hoping not to have to go this route though since we'd have to put NATs in for every on premise thing we'd want to hit from logic apps. Guess it's that or move the internal range to another subnet (easier said than done).