Using CDP-managed private DNS
Review this documentation if you are planning to use a private setup for Azure Postgres with a CDP-managed DNS.
Requirements and limitations
The following limitations apply when using a CDP-managed private DNS:
-
Only Azure’s Private DNS Zone is supported. Using an on-premise DNS is not supported.
-
The Private DNS Zone will be residing in the single existing resource group, even if the VNet is located elsewhere.
-
Only one resource group can have private setup with a given VNet. This is because:
-
Only one DNS zone with a given name can be linked to a VNet.
-
That DNS zone is deployed in the single resource group where all the resources are located.
-
-
The private DNS zone and virtual network links are shared within the single resource group. The first environment ever created in that resource group will create them. They will never be deleted by CDP.
Prerequisites
In order to use a CDP-managed private DNS, you should meet the following prerequisites:
Review DNS zones existing in your resource group
If you would like CDP to create and manage the Private DNS Zone, review the DNS zones that exist in the resource group that you are planning to use for CDP and make sure that one of the following is true:
-
No Private DNS Zone named
privatelink.postgres.database.azure.com
orflexible.postgres.database.azure.com
(for Flexible Server with Private Link or Flexible Server with delegated subnet respectively) is connected to the VNnet. -
If there is a Private DNS Zone named
privatelink.postgres.database.azure.com
orflexible.postgres.database.azure.com
(for Flexible Server with Private Link or Flexible Server with delegated subnet respectively) connected to the VNet, verify that the zone is located in the existing resource group that you are planning to use for CDP. If the Private DNS Zone is already used for one environment, CDP can reuse it for another environment.
Ensure that CDP has adequate permissions
Ensure that the role that you are using for the Azure credential has the permissions mentioned in Role definition 2: Allows CDP to use only a single existing resource group create private endpoints.