Cloudera Docs

Adding an AKS deployed in a private DNS zone

At the CDP-level, when you provision the environment, you can use an Azure Kubernetes Service (AKS) created in an existing Azure Private DNS zone. Alternatively, if you do not have an existing private DNS zone configured, the system can create a new private DNS zone for the AKS.

If all the following statements are true, the system uses the private DNS zone that you specify in the aksPrivateDnsZoneId parameter and provisions an AKS:

  • The private network is enabled (the privateNetwork.enabled parameter is set to true, or the Enable Private Network option is selected on the UI)
  • While provisioning the environment using CLI, the aksPrivateDnsZoneId parameter is configured
  • The LIFTIE_AKS_DISABLE_PRIVATE_DNS_ZONE parameter is set to false (default)

If all the following statements are true, the system creates and enables a new private DNS zone and provisions an AKS:

  • The private network is enabled (the privateNetwork.enabled parameter is set to true, or the Enable Private Network option is selected on the UI)
  • The aksPrivateDnsZoneId parameter is not set
  • The LIFTIE_AKS_DISABLE_PRIVATE_DNS_ZONE parameter is set to false (default)

To provision the AKS in a private DNS zone, you need the full resource ID of the private DNS zone. To obtain the full resource ID, use the JSON view option in Azure > Private DNS Zones. Example for the full resource ID of a private DNS zone for an AKS:

/subscriptions/[***SUBSCRIPTIONID***]/resourceGroups/[***RESOURCEGROUP***]/providers/Microsoft.Network/privateDnsZones/privatelink.[***REGION***].azmk8s.io
For information on how to create the environment for CDE, see Register an Azure environment from CDP CLI and Obtain CLI commands for registering an environment.
  1. Open the CDP CLI.
  2. To provision the AKS in a private DNS zone, you must create an Azure environment using the CDP CLI. While creating the environment, specify the resource ID in aksPrivateDnsZoneId in the following CLI option: 
    --existing-network-params (object)
          Request object for creating an Azure environment using existing VNet
          and subnets.

          networkId -> (string)
             The id of the Azure VNet.

          resourceGroupName -> (string)
             The name of the resource group associated with the VNet.

          subnetIds -> (array)
             One or more subnet ids within the VNet.

          aksPrivateDnsZoneId -> (string)
             The full Azure resource ID of an existing Private DNS zone used
             for the AKS.

       Shorthand Syntax:

          networkId=string,resourceGroupName=string,subnetIds=string,aksPrivateDnsZoneId=string

       JSON Syntax:

          {
            "networkId": "string",
            "resourceGroupName": "string",
            "subnetIds": ["string", ...],
            "aksPrivateDnsZoneId": "string"
          }
You can use the AKS provisioned in the private DNS zone in a CDE service.