Skip to main content

Overview of Azure Private Links

azure private links

A private link ensures that all communication between Wayfinder's managed cluster (the cluster where Wayfinder is installed) and all private clusters created and managed by Wayfinder are secure and private. This is achieved by routing the traffic through Microsoft's backbone network, eliminating the need to expose any services to the public internet.


What is involved?

This process involves two main steps: first, configuring Wayfinder to enable Azure's private link feature using Wayfinder's installation Terraform module, and then use the functionality when provisioning self-service private clusters.

Each part is described in the sections below.


  1. Run Wayfinder's Installation Terraform Module: Use Wayfinder's installation Terraform module to enable Azure's private link feature. This informs Wayfinder about the Azure subnet used by its AKS clusters and optionally configures the resource group where the private cluster endpoints and private DNS entries will reside. Re-installing Wayfinder with this Terraform module will also upgrade existing Wayfinder installations.

  2. Verify Permissions: Ensure that Wayfinder's default Azure identity has the necessary permissions to create private endpoints and DNS entries within the resource group. Wayfinder's installation Terraform module will create a corresponding Cloud Access configuration that's accessible through Wayfinder's Web Interface and CLI. Use the Web Interface to verify these permissions.

  3. Update Permissions: Re-run Wayfinder's cloud access Terraform module for each Azure Cloud Access configuration of type Kubernetes Cluster Management. This updates Wayfinder's Kubernetes cluster management permissions to allow the creation and managment of private clusters using the Azure Private Link feature.


Part 2: Provision Self-Service Private Clusters

Using Wayfinder's Web Interface or CLI:

  1. Create/Update a Cluster Plan: Create or update a cluster plan to include the private link properties, making the Private Link feature available for provisioning self-service private clusters in workspaces.
  2. Provision a Self-Service Private Cluster: Use the cluster plan created in the previous step to provision a self-service private cluster that uses the Private Link feature.


What comes next?


Last updated