What it is
An AKS cluster whose Kubernetes API server has a public endpoint and no authorized IP ranges. The API server is the cluster's control plane: it can read every Secret, create workloads in every namespace, and exec into any pod. On a default AKS deployment that endpoint resolves publicly and accepts connections from any address on the internet, so authentication is the only thing between the world and cluster control.
Why it happens
Public is the AKS default. az aks create with no extra flags, the portal's standard path, and most quickstart templates all produce a cluster where apiServerAccessProfile is neither a private cluster nor restricted to known IP ranges. Everything works immediately, kubectl connects from anywhere, CI pipelines just work, which is exactly why nobody revisits it.
The private alternative has friction that keeps teams on the default: a private cluster changes how you reach the API (jump box, VPN, or peered network), and it is a creation-time decision, converting an existing public cluster to a private one means rebuilding it. The lighter control, authorizedIPRanges, can be applied to a running cluster at any time, but since the public endpoint works fine without it, it tends to stay empty.
What it costs / blast radius
The blast radius is control of the cluster and everything in it. An attacker who reaches the API server with any working credential (a leaked kubeconfig, a stolen service account token, a compromised CI secret) gets whatever that credential allows, up to full cluster admin: every Secret, every ConfigMap, exec into every pod, and a scheduling platform for whatever they want to run next. A public endpoint also means the API server itself is exposed to credential stuffing and to any future authentication or API-server CVE, from every address on the internet rather than from a short allow-list. (This is an exposure assessment of Azure's default behavior, not a measured breach statistic; your authentication and Kubernetes RBAC still stand in the way.)
See it
resource aks 'Microsoft.ContainerService/managedClusters@2024-05-01' = {
name: 'prod-aks'
location: location
// ...identity and agentPoolProfiles omitted for brevity
properties: {
dnsPrefix: 'prod-aks'
// apiServerAccessProfile left at its defaults:
// not a private cluster, no authorizedIPRanges.
// The control plane answers to the whole internet.
}
}resource aks 'Microsoft.ContainerService/managedClusters@2024-05-01' = {
name: 'prod-aks'
location: location
// ...identity and agentPoolProfiles omitted for brevity
properties: {
dnsPrefix: 'prod-aks'
apiServerAccessProfile: {
enablePrivateCluster: true // creation-time only; existing clusters need a rebuild
}
// Lighter fix for an existing cluster (applies in place):
// apiServerAccessProfile: {
// authorizedIPRanges: ['203.0.113.0/24'] // office / VPN / CI egress only
// }
}
}How StratoLens helps
StratoLens flags every AKS cluster whose API server is publicly reachable with no IP restrictions, automatically and continuously, across every subscription in your tenant. You see which clusters expose their control plane today and when that changed, instead of finding out during an incident.