Designing Azure Infrastructure Solutions — Question 82

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) instance named AKS1. AKS1 hosts microservice-based APIs that are configured to listen on non-default HTTP ports.

You plan to deploy a Standard tier Azure API Management instance named APIM1 that will make the APIs available to external users.

You need to ensure that the AKS1 APIs are accessible to APIM1. The solution must meet the following requirements:

• Implement MTLS authentication between APIM1 and AKS1.
• Minimize development effort.
• Minimize costs.

What should you do?

Answer options

• A. Implement an external load balancer on AKS1.
• B. Redeploy APIM1 to the virtual network that contains AKS1.
• C. Implement an ExternalName service on AKS1.
• D. Deploy an ingress controller to AKS1.

Correct answer: D

Explanation

The correct answer is D because deploying an ingress controller to AKS1 allows for proper routing of external traffic to the microservices, while also supporting MTLS authentication. The other options may not provide the necessary functionality or could incur higher costs and complexity, such as setting up an external load balancer or moving APIM1 to the same virtual network.