Reach an Azure VMs from a pod in Azure K8s cluster located in a different VNet
I've a pod running an application that needs to connect to another Vm to download some files. The Vm and the Aks are on different VNets. I've already peered those VNets and the link seems connected. However, the communication still does not happen. Is there something else I should consider?
Additional Info:
- The network plugin is Azure CNI
- The cluster is not private for test purpose
- The NSGs have the default rules
When VMs and AKS cluster are in different VNets, Vnet peering is required, and you've already set up VNet peering.
Check the NSG rules applied to both the AKS subnet and the VM's subnet. Although you're using the default rules, ensure the NSG associated with the VM's subnet allows inbound ICMP traffic. By default, NSGs allow outbound ICMP but may block inbound ICMP. You'll need to add an inbound security rule to allow ICMP (protocol number 1) from the AKS subnet.
But I have a strong feeling your VM's firewall is the main root cause for connection failure. Check the firewall settings within the VM to ensure that it is turned off.
Here, I deployed a storefront app on my aks and as you can see pods are up
and the app is accessible.
So, if your AKS cluster is in one VNet (let's call it VNet A), and your VM is in another VNet (VNet B), they will not be able to communicate by default, because these are separate network segments within Azure.
To enable communication between them, you would set up VNet peering between VNet A and VNet B.
This would allow resources, like your AKS pods and VM, to communicate across the VNets which I did as shown above and disabled the internal firewall inside the VM and now both pod and vm is able to communicate with each other as you can see below-
So three things-
- vnet peering
- check nsg rules allowed or not
- disable firewall inside vm
Reference-
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday