AKS ingress, Istio, and egress public IPs¶
This page lists the current public IPs used for inbound and outbound traffic in the AKS clusters for stage and prod.
Inbound values are based on the current LoadBalancer services for the ingress controllers and Istio gateways.
Outbound values are based on the AKS cluster effectiveOutboundIPs.
Last verified: 2026-03-18
Stage¶
Inbound¶
| Component | Kubernetes service | Namespace | Public IP |
|---|---|---|---|
| Backend ingress controller | minority-api-ingress-nginx-controller |
kube-system |
52.177.31.47 |
| Majority Istio gateway | majority-gateway-istio |
ingress |
20.7.232.208 |
| Minority Istio gateway | minority-gateway-istio |
ingress |
20.15.58.31 |
| Minority Istio TLS passthrough gateway | minority-gateway-tls-passthrough-istio |
ingress |
4.153.110.15 |
There is currently no separate web-nginx-ingress-nginx-controller LoadBalancer service in stage.
Outbound¶
| Component | Azure public IP resource | Public IP |
|---|---|---|
| AKS cluster egress | stage-bank01-use2-standard-pip |
52.242.99.161 |
Prod¶
Inbound¶
| Component | Kubernetes service | Namespace | Public IP |
|---|---|---|---|
| Backend ingress controller | minority-api-ingress-nginx-controller |
kube-system |
52.177.110.255 |
| Web ingress controller | web-nginx-ingress-nginx-controller |
web |
52.147.172.74 |
| Majority Istio gateway | majority-gateway-istio |
ingress |
20.97.130.146 |
| Minority Istio gateway | minority-gateway-istio |
ingress |
20.85.113.204 |
| Minority Istio TLS passthrough gateway | minority-gateway-tls-passthrough-istio |
ingress |
68.220.146.183 |
Outbound¶
| Component | Azure public IP resource | Public IP |
|---|---|---|
| AKS cluster egress | prod-bank01-use2-standard-pip |
52.177.54.158 |
How to verify¶
Run:
kubectl --context stage-bankV2-use2-aks get svc -A | egrep 'LoadBalancer|NAME'
kubectl --context prod-bankV2-use2-aks get svc -A | egrep 'LoadBalancer|NAME'
az aks show -g stage-bankAksV2-use2-rg -n stage-bankV2-use2-aks --query "networkProfile.loadBalancerProfile.effectiveOutboundIPs[].id" -o tsv
az aks show -g prod-bankAksV2-use2-rg -n prod-bankV2-use2-aks --query "networkProfile.loadBalancerProfile.effectiveOutboundIPs[].id" -o tsv
The inbound section only includes public-facing ingress controller and Istio gateway LoadBalancer services.