Configuration options for a private CDW deployment
The list of properties and explanations of how to use them, followed by an example, prepares you to configure a private CDW deployment.
To customize the CDW deployment, you can use the following properties and values after the --azure-options parameter:
- outboundType
- You can customize an AKS cluster with a unique outboundType depending on your network configuration for egress traffic.
- enablePrivateSQL=true/false
- If you set this option to true, CDW creates an Azure Database for PostgreSQL - Flexible Server with Private access (virtual network integration) enabled to bring the server inside your Virtual Network (VNET).
- privateSQLSubnetName
- You can specify the delegated subnet for Azure Database for PostgreSQL - Flexible Server.
- privateDNSZoneSQL
- You can specify the private DNS zone for Azure Database for PostgreSQL - Flexible Server.
- enablePrivateAks=true/false
- By using a private cluster, you can ensure network traffic between your API server and your node pools remains on the private network. Enabling this option instructs CDW services to create an AKS cluster with a private API.
The --create-cluster options are:
- --use-private-load-balancer
- --no-use-private-load-balancer
An internal load balancer makes a Kubernetes service accessible only to applications running in the same virtual network as the Kubernetes cluster.
The following example shows how to configure a DNS zone for AKS:
cdp dw create-cluster --environment-crn --use-private-load-balancer \
--azure-options userAssignedManagedIdentity={managed-identity},subnetId={subnet-id},enablePrivateSQL=true,\
enablePrivateAks=true, \
privateDNSZoneAKS=/subscriptions/subid/resourceGroups/rgname/providers/Microsoft.Network/privateDnsZones/privatelink.{region}.azmk8s.io