Firewall rules for the outbound internet access
If you want to restrict outbound access, configure the required firewall rules
Read time 1 minuteLast updated 12 days ago
If you want to restrict outbound access, implement these firewall rules:
- Generic outbound configuration for the Azure Kubernetes Service (AKS) cluster, to lock down the traffic that leaves the AKS subnet. Refer to the required outbound network rules and fully qualified domain names (FQDNs) in the Microsoft documentation.
-
Access from the AKS cluster to the Azure Container Registry (ACR) that contains the container images of Virtual Private Cloud:
-
Login server:
https://uccmpprivatecloud.azurecr.io -
Data endpoints:
https://uccmpprivatecloud.eastus.data.azurecr.iohttps://uccmpprivatecloud.northeurope.data.azurecr.io
-
Login server:
-
Access from the AKS cluster, for AKS extension agents such as GitOps:
https://*.dp.kubernetesconfiguration.azure.com - Access from the AKS cluster to the MongoDB server. The specific configuration depends on the MongoDB setup.
- Access from the PostgreSQL servers to Entra ID, for traffic that leaves the PostgreSQL subnet: All traffic to the AzureActiveDirectory service tag. Refer to the description of private access networking for Azure Database for PostgreSQL flexible server in the Microsoft documentation.