Deploy a web service to AKS without a public endpoint
It seems like the Machine Learning service currently always uses a public load balancer with a public IP when deploying a web service to AKS.
We do not want to expose our web services to the public as that is a security risk - even with the Authorization keys. Also, even if we had to expose it, we'd prefer to use our own centralized ingress system to control the traffic coming into the cluster (e.g. via Azure Application Gateway v2).
We therefore would like to be able to choose one of the following additional methods when connecting to AKS/when deploying a web service:
- Deploy using an INTERNAL load balancer: This would allow us to limit exposure of the web service to our VNET.
- Deploy WITHOUT a load balancer. This would allow us to only expose the service within the cluster via its service discovery OR via our own ingress strategy like Azure Application Gateway v2.
This scenario is supported now:
Salil Bapat commented
Thanks for the feedback! This is on the roadmap for Azure ML service.