Many a times while we see the external IP for a service as type LoadBalancer in PENDING state. If we look at the events of the service we could see messages similar to this :point_down:
This is because the cluster identity or the service principal for the AKS cluster does not have access to the resources which it is trying to look for in the resource group.In this case the service principal for the subjected cluster does not have access to read the vnet resources (subnet) under the resource group virtualnetworks Your VNET/subnets/SUBNETNAME.
To validate, follow the below steps ->
Go to the Azure Portal -> Kubernetes Services Click on its Resource Group. Click on its Managed Identity. Check Azure Role Assignments.
The managed identity should have the Contributor role over the Virtual Network resource type.
Refer: Configure Azure CNI networking in Azure Kubernetes Service