3.3.2. Private Link Services

💡 First Principle: Private Link services allow you to expose your own services (behind a Standard Load Balancer) to consumers via Private Endpoint. Consumers access your service using a private IP in their VNet.

Scenario: You operate an AKS cluster with an internal load balancer. External teams in different VNets need to access your service without IP address conflicts.

Private Link Service Flow

1. Create a service behind Standard Load Balancer
2. Create Private Link Service pointing to the Load Balancer
3. Consumers create Private Endpoint to your Private Link Service
4. NAT provides isolation (no IP conflicts)

⚠️ Exam Trap: Confusing Private Endpoint with Private Link Service. Private Endpoint is the consumer side (you're connecting to a service). Private Link Service is the provider side (you're offering a service).