Cloudera Docs

Configuring an existing private DNS Zone for an AKS

At the CDP-level, when you provision the environment, you can configure an existing Azure Private DNS zone for an Azure Kubernetes Service (AKS). Alternatively, if you do not have an existing private DNS zone configured, the system can create a new private DNS zone for the AKS.

If all the following statements are true, the system uses the private DNS zone that you specify in the aksPrivateDnsZoneId parameter while provisioning the environment for the AKS:

  • The private network is enabled (the privateNetwork.enabled parameter is set to true)
  • While provisioning the environment using CLI, the aksPrivateDnsZoneId parameter is configured
  • The LIFTIE_AKS_DISABLE_PRIVATE_DNS_ZONE parameter is set to false (default)

If all the following statements are true, the system creates and enables a new private DNS zone for the AKS:

  • The private network is enabled (the privateNetwork.enabled parameter is set to true)
  • The aksPrivateDnsZoneId parameter is not set
  • The LIFTIE_AKS_DISABLE_PRIVATE_DNS_ZONE parameter is set to false (default)

To configure an existing Azure Private DNS zone for an AKS, you need the full resource ID of the private DNS zone. To obtain the full resource ID, use the JSON view option in Azure > Private DNS Zones. Example for the full resource ID of a private DNS zone for an AKS:

/subscriptions/[***SUBSCRIPTIONID***]/resourceGroups/[***RESOURCEGROUP***]/providers/Microsoft.Network/privateDnsZones/privatelink.[***REGION***].azmk8s.io
For information on how to create the environment for CDE, see Register an Azure environment from CDP CLI and Obtain CLI commands for registering an environment.
  1. Open the CDP CLI.
  2. To configure an existing private DNS zone for AKS, you must create an Azure environment using the CDP CLI. While creating the environment, specify the resource ID in aksPrivateDnsZoneId in the following CLI option: 
    --existing-network-params (object)
          Request object for creating an Azure environment using existing VNet
          and subnets.

          networkId -> (string)
             The id of the Azure VNet.

          resourceGroupName -> (string)
             The name of the resource group associated with the VNet.

          subnetIds -> (array)
             One or more subnet ids within the VNet.

          aksPrivateDnsZoneId -> (string)
             The full Azure resource ID of an existing Private DNS zone used
             for the AKS.

       Shorthand Syntax:

          networkId=string,resourceGroupName=string,subnetIds=string,aksPrivateDnsZoneId=string

       JSON Syntax:

          {
            "networkId": "string",
            "resourceGroupName": "string",
            "subnetIds": ["string", ...],
            "aksPrivateDnsZoneId": "string"
          }
You can use the AKS configured in the provided private DNS zone in a CDE service.