Check out my github repo for an ARM Template that deploys AKS. https://github.com/PinportLtd/Kubernetes-AKS
Private AKS Endpoint.
If you enable the AKS private endpoint you can ensure network traffic between your API server and your node pools remains on the private network only. Which is great for security. But it also means your k8s API is only accessible from resources on your vNet or a vNet that is peered to the vNet that your AKS has been deployed to. If you try to see the namespaces for example in the Azure portal using a machine that isn’t part of the vNet it will show an error.
The quickest way to connect, if you don’t have Azure Bastion setup is to create a VM that is connected to the same vNet that the AKS is connected to or a vNet that is peered to it.
Once you have a VM created in the vnet (it can be in any subnet of the vNet) you can open a browser and go to Azure.portal.com, click on the AKS, Namespace and you will have access.
If you want to connect via the a terminal, then using the az-cli you can login to azure az login. Once logged in to azure, you can then get the credentials to the AKS az aks get-credentials --name aks-comp-01 --resource-group sandbox. This adds the cluster context to the ./kube/config file in your users home directory. Next when you try to get the nodes kubectl get nodes, it will prompt you to login via a browser. Once this is done you can crack on with accessing your k8s.
