I have an Azure external loadbalancer with a backend pool that contains 1 kubernetes master server and has a load balancing rule on port 443.
I added a rule with priority 500 to deny all traffic coming from the internet on port 443 to the kubernetes master server. Works fine
I added a rule with priority 400 to accept traffic coming from a certain public ip because I only want to be able to connect from that ip. I expected that I should be able to connect but I can't.
If I change the rule that accepts traffic from the source ip to internet then it works fine. What am I missing?
Kind Regards
Things that you might have missed:
Create a separate rule to allow this IP as this is a MSFT IP you should have no issues allowing this.** Before deny all (Priority <500)
That should fix your issue for sure !!
Diagnosis & RCA:
Why this is happening, the Azure Load balancer Probe IP is being blocked and hence the backend server is being marked as unhealthy by the load balancer.