CDP workloads can be configured to access the Azure resources over a private IP (which is called a private endpoint) or over a public IP (which is called a service endpoint).
The private endpoint setup requires a private DNS zone which the VNet is linked to
and resolves the Azure resources to private IP addresses. CDP supports a private endpoint
configuration for Azure postgres only. CDP admin can choose to either create the private DNS zone
and link it to the VNet as described in
Bringing your own private DNS, or let the CDP
create them when provided with necessary configuration described in
Using CDP-managed private
CDP supports only service endpoint configuration for other Azure resources(such as
Microsoft Storage). The subnets need to be enabled to support the service endpoints. See
Service endpoint for Azure Postgres for detailed steps.