Configuring a custom private DNS zone

You learn the requirements for configuring a DNS zone for AKS. From the syntax information, you see how to construct a CDP CLI command that configures the DNS zone.

When you set up the environment for private cluster deployment, you configure custom DNS on the VNET to resolve Azure Private DNS zones. If this default AKS Private DNS zone creation behavior is not suitable for your needs, you can use the CDP CLI to further customize the zones. Activating CDW clusters with the private CDW option enables multiple different AKS features at once to support private CDW deployments.

  • Create the DNS zone privatelink.<region>.azmk8s.io.
  • Grant at least the private dns zone contributor and vnet contributor roles to the service principal (Azure Enterprise Application) used for environment creation.
  • If the Private DNS Zone is in a different subscription than the AKS cluster, you need to register Microsoft.ContainerServices in both the subscriptions.
Configure a DNS zone for AKS using the CDP CLI.
Use the following syntax:
cdp dw create-cluster --<create_cluster_options> \
--environment-crn <CLOUDERA_RESOURCE_NAME_OF_ENVIRONMENT> --use-private-load-balancer \
--azure-options <property>=<value>,<property>=<value> ... ,\
enablePrivateAks=true,\
privateDNSZoneAKS=<PRIVATE_DNS_ZONE_RESOURCE_ID>
where: Azure options might be userAssignedManagedIdentity={managed- identity},subnetId={subnet-id},outboundType=UserDefinedRouting,enablePrivateSQL=true, and the PRIVATE_DNS_ZONE_RESOURCE_ID looks something like this:
privateDNSZoneAKS=/subscriptions/{sub-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.{region}.azmk8s.io
If you specify none for the privateDNSZoneAKS parameter, Azure defaults to public DNS which means AKS does not create a Private DNS Zone.