Support setting Network access settings on Karpenter managed disks

[jonasz-lasut]

Tell us about your request

Currently when Karpenter/NAP creates a NodeClaim and corresponding VM+Disk it always creates the disk with fully public network access settings as visible on the screenshot

If there's no limitation from the Karpenter side, I'd like to request to add a capability to AKSNodeClass to define the network access policy of the created OS disk

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?

While working in highly regulated environment such as insurance or banking there's a need to restrict public network access to cloud resources to a minimum. I'm trying to solve our security system flagging Karpenter-provisioned nodes as non-compliant

Are you currently working around this issue?

I'm using Azure policies to mutate the disks to set network access to Disable public and private access

Additional Context

No response

Attachments

No response

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment