Blackhole Cluster - do I need Service Entry for hitting Azure Container Registry IP Address?

Hi all!

I am trying to lock down network security on an AKS cluster and want to turn the cluster into a Blackhole Cluster. I understand external service hostnames need to be whitelisted using Service Entries, but how about external services without hostnames? For example, we have an Azure Container Registry that cluster resources need to access, but there is no hostname attached to it. Also, Postgres servers need to be accessed that have static IP addresses, but no hostname.

Are static IP addresses accessible in a Blackhole Cluster? How do I allow static IP’s to be accessed as an external service without a hostname?


I figured it out. I just need to set the VIP to be the IP address, then set the Resolution of the Service Entry to be NONE