Merge pull request #177682 from miwithro/patch-85

ShannonLeavitt · web-flow · commit b7b35c68eb3b · 2021-10-26T13:59:09.000-07:00
Update private-clusters.md
diff --git a/articles/aks/private-clusters.md b/articles/aks/private-clusters.md
@@ -77,14 +77,61 @@ The following parameters can be leveraged to configure Private DNS Zone.
 ```azurecli-interactive
 az aks create -n <private-cluster-name> -g <private-cluster-resource-group> --load-balancer-sku standard --enable-private-cluster --enable-managed-identity --assign-identity <ResourceId> --private-dns-zone [system|none]
 ```
+### Create a private AKS cluster with a BYO Private DNS SubZone (Preview)
 
-### Create a private AKS cluster with a Custom Private DNS Zone
+Prerequisites:
+
+* Azure CLI >= 2.29.0 or Azure CLI with aks-preview extension 0.5.34 or later.
+
+### Register the `EnablePrivateClusterSubZone` preview feature
+
+[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
+
+To create an AKS cluster that can use the Secrets Store CSI Driver, you must enable the `EnablePrivateClusterSubZone` feature flag on your subscription.
+
+Register the `EnablePrivateClusterSubZone` feature flag by using the [az feature register][az-feature-register] command, as shown in the following example:
+
+```azurecli-interactive
+az feature register --namespace "Microsoft.ContainerService" --name "EnablePrivateClusterSubZone"
+```
+
+It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [az feature list][az-feature-list] command:
+
+```azurecli-interactive
+az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/EnablePrivateClusterSubZone')].{Name:name,State:properties.state}"
+```
+
+When ready, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command:
+
+```azurecli-interactive
+az provider register --namespace Microsoft.ContainerService
+```
+
+### Install the aks-preview CLI extension
+
+You also need the *aks-preview* Azure CLI extension version 0.5.34 or later. Install the *aks-preview* Azure CLI extension by using the [az extension add][az-extension-add] command. If you already have the extension installed, update to the latest available version by using the [az extension update][az-extension-update] command.
+
+```azurecli-interactive
+# Install the aks-preview extension
+az extension add --name aks-preview
+
+# Update the extension to make sure you have the latest version installed
+az extension update --name aks-preview
+```
+
+### Private AKS cluster with BYO Private DNS SubZone
+
+```azurecli-interactive
+az aks create -n <private-cluster-name> -g <private-cluster-resource-group> --load-balancer-sku standard --enable-private-cluster --enable-managed-identity --assign-identity <ResourceId> --private-dns-zone <BYO private dns zone ResourceId>
+```
+
+### Create a private AKS cluster with Custom Private DNS SubZone
 
 ```azurecli-interactive
 az aks create -n <private-cluster-name> -g <private-cluster-resource-group> --load-balancer-sku standard --enable-private-cluster --enable-managed-identity --assign-identity <ResourceId> --private-dns-zone <custom private dns zone ResourceId> --fqdn-subdomain <subdomain-name>
 ```
 
-## Create a private AKS cluster with a Public FQDN
+### Create a private AKS cluster with a Public FQDN
 
 Prerequisites:
 
