The idea is to deploy and ingress controller with an internal load balancer ip and have it use an internal ip from the ingress subnet (using these annotations: https://docs.microsoft.com/en-us/azure/aks/internal-lb). This will allow you to lock down the access to the worker nodes by a NSG so that internal peered traffic cannot reach the hosts or pods, but only the explicitly exposed internal load balancer ips from the ingress subnet.