There are two sides to this equation.  The first is the one that you mentioned, that is the Network Security Group that surrounds your AKS Cluster as well as all the other resources. This controls things like client access to your cluster with a kubeconfig or ssh into a bastion/jump server.  The other is the ingress nginix load balancer source range that controls the web traffic into the application. This would be modified on the nginx controller (or in the viya4-deployment https://github.com/sassoftware/viya4-deployment/blob/main/docs/CONFIG-VARS.md#base). To change this in the poral you would go to the AKS cluster and look under 'Services and ingresses' and find ingress-nginx-controller.  An example for what you are looking at can be found here: https://learn.microsoft.com/en-us/azure/aks/load-balancer-standard#restrict-inbound-traffic-to-speci...

Hopefully that helps! 

Hi @Conor_H 

I will check, thanks! In the meantime I have a question... If I add the new IP address to the viya4-deployment https://github.com/sassoftware/viya4-deployment/blob/main/docs/CONFIG-VARS.md#base as you suggested (I assume you mean to the 

parameter) then can I just re-run the viya4-deployment Ansible again so it will just update the Ingress Controller with the additional IP address and do nothing more (since I modified just that one parameter) or will it delete/recreate my AKS cluster or do other things in addition to adding the IP address?

Thanks!

You can execute the 'baseline' tasks independently using the "baseline" tag. This won't touch any of your Viya components.  Something like this: 

ansible-playbook \
-e CONFIG=$HOME/ansible-vars.yaml \
-e TFSTATE=$HOME/viya4-iac-aws/terraform.tfstate \
viya4-deployment --tags "baseline" -vvv

https://github.com/sassoftware/viya4-deployment/tree/main/roles/baseline/tasks