How to open port 22 on azure Kubernetes service for the Loopback Ip 127.0.0.1

Question

How we should open port 22 on aks loopback IP.

We are trying to do telnet on loopback IP using port 22 which is working fine on any Linux VM but on AKS we are getting the error Connection closed.

Answer 1

• Note that AKS clusters have unrestricted outbound (egress) internet access. This level of network access allows nodes and services you run to access external resources as needed. If you wish to restrict egress traffic, a limited number of ports and addresses must be accessible to maintain healthy cluster maintenance tasks. The simplest solution to securing outbound addresses lies in the use of a firewall device that can control outbound traffic based on domain names If you wish to restrict egress traffic, a limited number of ports and addresses must be accessible to maintain healthy cluster maintenance tasks. The simplest solution to securing outbound addresses lies in the use of a firewall device that can control outbound traffic based on domain names . Azure Firewall, for example, can restrict outbound HTTP and HTTPS traffic based on the FQDN of the destination. You can also configure your preferred firewall and security rules to allow these required ports and addresses.

Thus, you can configure an inbound rule and an outbound rule to allow traffic on port 22, ie, SSH for destination IP address as 127.0.0.1 (Loopback IP address) . To do so, kindly refer to the documentation link below: -

https://docs.microsoft.com/en-us/azure/aks/limit-egress-traffic#adding-firewall-rules

According to the above link, you must deploy a firewall and create a UDR hop to Azure firewall and associate it to AKS . Thus, in this way, if you configure the Azure firewall with the AKS cluster, you will be able to control the ingress and egress port traffic.