Configuration options for a private CDW deployment

The list of properties and explanations of how to use them, followed by an example, prepares you to configure a private CDW deployment.

To customize the CDW deployment, you can use the following properties and values after the --azure-options parameter:

outboundType
You can customize an AKS cluster with a unique outboundType depending on your network configuration for egress traffic.
Possible values: LoadBalancer/UserDefinedRouting/UserAssignedNATGateway
enablePrivateSQL=true/false
If you set this option to true, CDW creates an Azure Database for PostgreSQL - Flexible Server with Private access (virtual network integration) enabled to bring the server inside your Virtual Network (VNET).
privateSQLSubnetName
You can specify the delegated subnet for Azure Database for PostgreSQL - Flexible Server.
privateDNSZoneSQL
You can specify the private DNS zone for Azure Database for PostgreSQL - Flexible Server.
enablePrivateAks=true/false
By using a private cluster, you can ensure network traffic between your API server and your node pools remains on the private network. Enabling this option instructs CDW services to create an AKS cluster with a private API.
The --create-cluster options are:
  • --use-private-load-balancer
  • --no-use-private-load-balancer

An internal load balancer makes a Kubernetes service accessible only to applications running in the same virtual network as the Kubernetes cluster.

The following example shows how to configure a DNS zone for AKS:

cdp dw create-cluster --environment-crn --use-private-load-balancer \
--azure-options userAssignedManagedIdentity={managed-identity},subnetId={subnet-id},enablePrivateSQL=true,\
enablePrivateAks=true, \
privateDNSZoneAKS=/subscriptions/subid/resourceGroups/rgname/providers/Microsoft.Network/privateDnsZones/privatelink.{region}.azmk8s.io