Skip to main content

Create or update a cluster plan with the private link properties enabled

< cloud access | create a cluster plan for azure private links

Overview

After configuring cloud access for Azure Private Links, your cluster plans can reference this functionality. By enabling Private Cluster and Manage private endpoint connectivity in your cluster plan, any clusters provisioned with this plan will take advantage of Azure Private Links.

You can follow the standard steps for creating a cluster plan. If you're new to this process, refer to the Create Cluster Plan section for an overview.

This section details the specific steps required to ensure that your cluster plan uses Azure Private Links.


When configuring your cluster plan to use Azure Private Links, you'll need to ensure the 'Enable private cluster' and the 'Manage private endpoint connectivity' settings are enabled in the Networking section of your plan.


Create Cluster Plan - Networking Section


Enable Private Cluster

Enabling this option restricts access to the cluster's nodes to only be accessible from within a private network. This means that the nodes won't have public IP addresses and can only be reached through private IP addresses.


Enable Manage private endpoint connectivity

Enabling this option allows Wayfinder to automatically create and manage the necessary networking components for each AKS cluster. Specifically, Wayfinder will:

  • Create Local Private Endpoints:
    Wayfinder sets up private endpoints within your network that connect directly to the remote AKS Kubernetes API, ensuring secure communication between your resources and the AKS API.
  • Set Up Required Local DNS Zones:
    Wayfinder configures local DNS zones in each region where your clusters are deployed. These zones are used for resolving the private endpoints' addresses within your network.
  • Configure DNS Zone Records:
    Wayfinder creates DNS records that map the private endpoints to the remote AKS Kubernetes API. This ensures that all communication between your services and the AKS API remains within your private network.

YAML

These configurations will be reflected in the YAML as follows:

spec:
cluster:
enablePrivateCluster: true
providerDetails:
aks:
privateEndpointLinkManagement: true



What comes next?