B) Azure container networking plugin

A) Kubenet

C) Service Endpoints

D) Network security groups Azure container networking plugin : Correct Choice With the Azure container networking plugin , every pod gets an IP address allocated. With Azure CNI, every pod gets an IP address from the subnet and can be accessed directly. These IP addresses must be unique across your network space, and must be planned in advance. Each node has a configuration parameter for the maximum number of pods that it supports. The equivalent number of IP addresses per node are then reserved up front for that node. This approach requires more planning, as can otherwise lead to IP address exhaustion or the need to rebuild clusters in a larger subnet as your application demands grow. Nodes use the Azure Container Networking Interface (CNI) Kubernetes plugin. Kubenet : Incorrect Choice Thekubenetnetworking option is the default configuration for AKS cluster creation. Withkubenet, nodes get an IP address from the Azure virtual network subnet. Pods receive an IP address from a logically different address space to the Azure virtual network subnet of the nodes. Service Endpoints: Incorrect Choice Capabilities like service endpoints or UDRs are supported with both kubenet and Azure CNI, the support policies for AKS define what changes you can make. For example: * If you manually create the virtual network resources for an AKS cluster, you're supported when configuring your own UDRs or service endpoints. * If the Azure platform automatically creates the virtual network resources for your AKS cluster, it isn't supported to manually change those AKS-managed resources to configure your own UDRs or service endpoints. Network security groups: Incorrect Choice A network security group filters traffic for VMs, such as the AKS nodes. As you create Services, such as a LoadBalancer, the Azure platform automatically configures any network security group rules that are needed.