Use az cli to get private aks info and modify local hosts file to reach its private IP (through VPN for ex)

private-aks-hosts.sh

#!/usr/bin/env bash

# Use azure cli to check if the given AKS is private and add its private IP and host to hosts file

# Use the command below to download and run this script directly from this gist:
#   $ curl -sL <raw gist url> | bash -s /subscriptions/<subscription>/resourceGroups/<resource group>/providers/Microsoft.ContainerService/managedClusters/<AKS name>
# Use sudo to run it as superuser and let the script edit /etc/hosts file directly:
#   $ curl -sL <raw gist url> | sudo bash -s /subscriptions/<subscription>/resourceGroups/<resource group>/providers/Microsoft.ContainerService/managedClusters/<AKS name>
# The <raw gist url> is the url provided by the GitHub Gist raw button.
# Once you checked the code, its safe to run it with sudo since the script cannot be modified for that version's raw gist url

# Check if the required commands are available
for command in az jq grep sed; do
    if ! command -v $command &>/dev/null; then
        printf "$command command could not be found!\n"
        missingCommands="true"
    fi
done
if [ "$missingCommands" = "true" ]; then
    exit 1
fi

# Trigger interactive local login if not logged in
az account show &>/dev/null || az login

# Check if argument provided seems to be a vaild aks resource id
echo $1 | grep -oPq '^\/subscriptions\/.*\/resourceGroups\/.*\/providers\/Microsoft.ContainerService\/managedClusters\/.*$'
if [ $? -ne 0 ]; then
    printf "Please provide as a single argument a valid AKS resource id.\n"
    printf "\nFormat: /subscriptions/[subscription ID]/resourceGroups/[resource group]/providers/Microsoft.ContainerService/managedClusters/[aks name]\n"
    exit 2
fi

# Query AKS
subscription=$(echo $1 | grep -oP '(?<=\/subscriptions\/).*?(?=\/)')
resourcegroup=$(echo $1 | grep -oP '(?<=\/resourceGroups\/).*?(?=\/)')
name=$(echo $1 | grep -oP '(?<=\/providers\/Microsoft.ContainerService\/managedClusters\/).*')
aks=$(az aks show --name $name --resource-group $resourcegroup --subscription $subscription --output json)
if [ $? -ne 0 ]; then
    printf "\nSeems that AKS $1 does not exists or cannot be reached.\n"
    exit 3
fi

# Check if AKS is private and not public accesible
isPrivate=$(echo $aks | jq --raw-output .apiServerAccessProfile.enablePrivateCluster)
if [ $isPrivate != "true" ]; then
    printf "The provided AKS IS NOT private\n"
    exit 4
fi
isPublic=$(echo $aks | jq --raw-output .apiServerAccessProfile.enablePrivateClusterPublicFqdn)
if [ $isPublic == "true" ]; then
    printf "WARNING: The provided AKS IS public accesible, therefore accesing it through private IP might not be neccesary\n"
fi

# Save required AKS info
nodeResourceGroup=$(echo $aks | jq --raw-output .nodeResourceGroup)
privateFqdn=$(echo $aks | jq --raw-output .privateFqdn)
record=$(echo -n $privateFqdn | grep -oP '^[^\.]*')
zone=$(echo -n $privateFqdn | grep -oP '(?<=\.).*')
ipv4=$(az network private-dns record-set a show --zone-name $zone --name $record --resource-group $nodeResourceGroup --subscription $subscription --query 'aRecords[*].ipv4Address' --output tsv)

# Modify /etc/hosts to add or edit private AKS hosts
# Return custom line if hosts file is not writable
file='/etc/hosts'
fileline="$ipv4     $privateFqdn"
if [ ! -w "$file" ]; then
    printf "\nTo access this private AKS cluster through VPN add this to your hosts file ($file):\n"
    printf "\n$fileline\n"
    printf "\nRun this script as root allow it to modify $file for you.\n"
else
    grep -q $privateFqdn $file
    if [ $? -eq 0 ]; then
        sed -i "/$privateFqdn/c\\$fileline" $file
    else
        echo "$fileline" >>$file
    fi
    printf "Succesfully added to $file:\n"
    printf "\n$fileline\n"
fi