Restarting Nodes or Scaling Shouldn't Reset Network Security Group Inbound Rules to Default
Similar to GKE, restarting a node or scaling should not overwrite any user changes to network security group rules. This would allow users to easily lock down externally facing services to a range of IP addresses.
Jack Quincy commented
These are k8s managed rules. It is going to reset it. But you can tell K8s to enfore the rule to be what you want. If you add this https://github.com/kubernetes/kubernetes/blob/b6f75ac30e863531ac73cfd02a0edd57983cc5c0/pkg/apis/core/annotation_key_constants.go#L84 annotation to your service object it will enfore the source ip range specified.