Skip to content

Commit 0c53143

Browse files
markcunninghamukmarkcunninghamuk
authored
Update private-clusters.md
1 parent f96b084 commit 0c53143

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/aks/private-clusters.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ As mentioned, virtual network peering is one way to access your private cluster.
151151

152152
2. The private DNS zone is linked only to the VNet that the cluster nodes are attached to (3). This means that the private endpoint can only be resolved by hosts in that linked VNet. In scenarios where no custom DNS is configured on the VNet (default), this works without issue as hosts point at 168.63.129.16 for DNS that can resolve records in the private DNS zone because of the link.
153153

154-
3. In scenarios where the VNet containing your cluster has custom DNS settings (4), cluster deployment fails unless the private DNS zone is linked to the VNet that contains the custom DNS resolvers (5). This link can be created manually after the private zone is created during cluster provisioning or via automation upon detection of creation of the zone using event-based deployment mechanisms (for example, Azure Event Grid and Azure Functions). Additionally to avoid the cluster failure on first time deployment the aks cluster can be deployed with privateDNSZone set to 'none' and an additional private dns zone can be created outside of the managed resource group using powershell or the azure cli where virtual network links and dns A records can be created.
154+
3. In scenarios where the VNet containing your cluster has custom DNS settings (4), cluster deployment fails unless the private DNS zone is linked to the VNet that contains the custom DNS resolvers (5). This link can be created manually after the private zone is created during cluster provisioning or via automation upon detection of creation of the zone using event-based deployment mechanisms (for example, Azure Event Grid and Azure Functions). Additionally to avoid the cluster failure on first time deployment the aks cluster can be deployed with the private DNS Zone resource Id. This only works from API version Microsoft.ContainerService/managedClusters@2022-07-01. Using a version older than this in bicep or arm templates leads to an invalid template.
155155

156156
> [!NOTE]
157157
> Conditional Forwarding doesn't support subdomains.

0 commit comments

Comments
 (0)