Skip to content

Commit 88817d6

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #225164 from amjadaljunaidi/patch-9
Update private-clusters.md
2 parents 7dc1c0e + 7df0ac6 commit 88817d6

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

articles/aks/private-clusters.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,8 @@ The following parameters can be used to configure private DNS zone.
104104
- **none** - the default is public DNS. AKS won't create a private DNS zone.
105105
- **CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID**, requires you to create a private DNS zone only in the following format for Azure global cloud: `privatelink.<region>.azmk8s.io` or `<subzone>.privatelink.<region>.azmk8s.io`. You'll need the Resource ID of that private DNS zone going forward. Additionally, you need a user assigned identity or service principal with at least the [Private DNS Zone Contributor][private-dns-zone-contributor-role] and [Network Contributor][network-contributor-role] roles. When deploying using API server VNet integration, a private DNS zone additionally supports the naming format of `private.<region>.azmk8s.io` or `<subzone>.private.<region>.azmk8s.io`.
106106
- If the private DNS zone is in a different subscription than the AKS cluster, you need to register the Azure provider **Microsoft.ContainerServices** in both subscriptions.
107-
- "fqdn-subdomain" can be utilized with "CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID" only to provide subdomain capabilities to `privatelink.<region>.azmk8s.io`
107+
- "fqdn-subdomain" can be utilized with "CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID" only to provide subdomain capabilities to `privatelink.<region>.azmk8s.io`.
108+
- if AKS has SPN configured, AKS does not allow to use system-assigned managed identity with custom private DNS zone.
108109

109110
### Create a private AKS cluster with private DNS zone
110111

@@ -275,4 +276,4 @@ For associated best practices, see [Best practices for network connectivity and
275276
[operator-best-practices-network]: operator-best-practices-network.md
276277
[install-azure-cli]: /cli/azure/install-azure-cli
277278
[private-dns-zone-contributor-role]: ../role-based-access-control/built-in-roles.md#dns-zone-contributor
278-
[network-contributor-role]: ../role-based-access-control/built-in-roles.md#network-contributor
279+
[network-contributor-role]: ../role-based-access-control/built-in-roles.md#network-contributor

0 commit comments

Comments
 (0)