Using Cloudera-managed private DNS

Review this documentation if you are planning to use a private setup for Azure Postgres with a Cloudera-managed DNS.

Requirements and limitations

The following limitations apply when using a Cloudera-managed private DNS:

  • Only Azure’s Private DNS Zone is supported. Using an on-premise DNS is not supported.

  • The Private DNS Zone will be residing in the single existing resource group, even if the VNet is located elsewhere.

  • Only one resource group can have private setup with a given VNet. This is because:

    • Only one DNS zone with a given name can be linked to a VNet.

    • That DNS zone is deployed in the single resource group where all the resources are located.

  • The private DNS zone and virtual network links are shared within the single resource group. The first environment ever created in that resource group will create them. They will never be deleted by Cloudera.

Prerequisites

In order to use a Cloudera-managed private DNS, you should meet the following prerequisites:

Review DNS zones existing in your resource group

If you would like Cloudera to create and manage the Private DNS Zone, review the DNS zones that exist in the resource group that you are planning to use for Cloudera and make sure that one of the following is true:

  • No Private DNS Zone named privatelink.postgres.database.azure.com or flexible.postgres.database.azure.com (for Flexible Server with Private Link or Flexible Server with delegated subnet respectively) is connected to the VNnet.

  • If there is a Private DNS Zone named privatelink.postgres.database.azure.com or flexible.postgres.database.azure.com (for Flexible Server with Private Link or Flexible Server with delegated subnet respectively) connected to the VNet, verify that the zone is located in the existing resource group that you are planning to use for Cloudera. If the Private DNS Zone is already used for one environment, Cloudera can reuse it for another environment.

Ensure that Cloudera has adequate permissions

Ensure that the role that you are using for the Azure credential has the permissions mentioned in Role definition 2: Allows Cloudera to use only a single existing resource group create private endpoints.