AZ-304 – Question #121


Question #121

You are designing a microservices architecture that will use Azure Kubernetes Service (AKS) to host pods that run containers. Each pod deployment will host a separate API. Each API will be implemented as a separate service.
You need to recommend a solution to make the APIs available to external users from Azure API Management. The solution must meet the following requirements:
✑ Control access to the APIs by using mutual TLS authentication between API Management and the AKS-based APIs.
✑ Provide access to the APIs by using a single IP address.
What should you recommend to provide access to the APIs?

A. the LoadBalancer service in AKS
B. custom network security groups (NSGs)
C. the Ingress Controller in AKS

Correct Answer: C
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services. Kubernetes ingress resources are used to configure the ingress rules and routes for individual Kubernetes services. Using an ingress controller and ingress rules, a single IP address can be used to route traffic to multiple services in a Kubernetes cluster.