Skip to content

Commit 0d0cf79

Browse files
Merge pull request #225179 from MGoedtel/ghp225164
fixed sentence added in PR 225164
2 parents 55fda21 + 4dfed31 commit 0d0cf79

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/aks/private-clusters.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ The following parameters can be used to configure private DNS zone.
105105
- **CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID**, requires you to create a private DNS zone only in the following format for Azure global cloud: `privatelink.<region>.azmk8s.io` or `<subzone>.privatelink.<region>.azmk8s.io`. You'll need the Resource ID of that private DNS zone going forward. Additionally, you need a user assigned identity or service principal with at least the [Private DNS Zone Contributor][private-dns-zone-contributor-role] and [Network Contributor][network-contributor-role] roles. When deploying using API server VNet integration, a private DNS zone additionally supports the naming format of `private.<region>.azmk8s.io` or `<subzone>.private.<region>.azmk8s.io`.
106106
- If the private DNS zone is in a different subscription than the AKS cluster, you need to register the Azure provider **Microsoft.ContainerServices** in both subscriptions.
107107
- "fqdn-subdomain" can be utilized with "CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID" only to provide subdomain capabilities to `privatelink.<region>.azmk8s.io`.
108-
- if AKS has SPN configured, AKS does not allow to use system-assigned managed identity with custom private DNS zone.
108+
- If your AKS cluster is configured with an Active Directory service principal, AKS does not support using a system-assigned managed identity with custom private DNS zone.
109109

110110
### Create a private AKS cluster with private DNS zone
111111

0 commit comments

Comments
 (0)