So what comes to mind from what you’ve mentioned so far is NetworkPolicies
I wonder if AKS has any default policies in place. You can check with:
kubectl get networkpolicies -A
I also checked out the Azure CNI documentation. If you manually installed the CNI yourself and didn’t use any automation, they mention that you have to setup a masquerade rule. You can check the iptables rules on each node with:
iptables -n -L
While I’m happy to throw out some ideas here, I don’t have the availability to help out in a direct capacity over zoom. Please don’t let that discourage you from seeking further help.