|
1 | 1 | --- |
2 | 2 | title: Private connectivity for Arc enabled Kubernetes clusters using private link (preview) |
3 | | -ms.date: 04/08/2021 |
| 3 | +ms.date: 08/28/2021 |
4 | 4 | ms.topic: article |
5 | 5 | description: With Azure Arc, you can use a Private Link Scope model to allow multiple Kubernetes clusters to use a single private endpoint. |
6 | 6 | ms.custom: references_regions |
@@ -72,7 +72,7 @@ Azure Arc-enabled Kubernetes integrates with several Azure services to bring clo |
72 | 72 |
|
73 | 73 | There are two ways you can achieve this: |
74 | 74 |
|
75 | | -* If your network is configured to route all internet-bound traffic through the Azure VPN or ExpressRoute circuit, you can configure the network security group (NSG) associated with your subnet in Azure to allow outbound TCP 443 (HTTPS) access to Azure AD, Azure Resource Manager, Azure Frontdoor and Microsoft Container Registry using [service tags] (/azure/virtual-network/service-tags-overview). The NSG rules should look like the following: |
| 75 | +* If your network is configured to route all internet-bound traffic through the Azure VPN or ExpressRoute circuit, you can configure the network security group (NSG) associated with your subnet in Azure to allow outbound TCP 443 (HTTPS) access to Azure AD, Azure Resource Manager, Azure FrontDoor and Microsoft Container Registry using [service tags] (/azure/virtual-network/service-tags-overview). The NSG rules should look like the following: |
76 | 76 |
|
77 | 77 | | Setting | Azure AD rule | Azure Resource Manager rule | AzureFrontDoorFirstParty rule | Microsoft Container Registry rule | |
78 | 78 | |-------------------------|---------------------------------------------------------------|---------------------------------------------------------------|---------------------------------------------------------------|--------------------------------------------------------------- |
@@ -123,15 +123,15 @@ The Private Endpoint on your virtual network allows it to reach Azure Arc-enable |
123 | 123 | 1. On the **Configuration** page, perform the following: |
124 | 124 | 1. Choose the virtual network and subnet from which you want to connect to Azure Arc-enabled Kubernetes clusters. |
125 | 125 | 1. For **Integrate with private DNS zone**, select **Yes**. A new Private DNS Zone will be created. The actual DNS zones may be different from what is shown in the screenshot below. |
126 | | - |
| 126 | + |
127 | 127 | :::image type="content" source="media/private-link/create-private-endpoint-2.png" alt-text="Screenshot of the Configuration step to create a private endpoint in the Azure portal."::: |
128 | 128 |
|
129 | 129 | > [!NOTE] |
130 | 130 | > If you choose **No** and prefer to manage DNS records manually, first complete setting up your Private Link, including this private endpoint and the Private Scope configuration. Next, configure your DNS according to the instructions in [Azure Private Endpoint DNS configuration](/azure/private-link/private-endpoint-dns). Make sure not to create empty records as preparation for your Private Link setup. The DNS records you create can override existing settings and impact your connectivity with Arc-enabled Kubernetes clusters. |
131 | 131 | 1. Select **Review + create**. |
132 | 132 | 1. Let validation pass. |
133 | 133 | 1. Select **Create**. |
134 | | - |
| 134 | + |
135 | 135 | :::image type="content" source="media/private-link/create-private-endpoint-2.png" alt-text="Screenshot of the Configuration step to create a private endpoint in the Azure portal."::: |
136 | 136 |
|
137 | 137 | > [!NOTE] |
|
0 commit comments