private
Parameters
value
Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.
Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributorrole and access to this Private DNS Zone. IfUserAssignedidentity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example",
location: "West Europe",
});
const exampleZone = new azure.privatedns.Zone("example", {
name: "privatelink.eastus2.azmk8s.io",
resourceGroupName: example.name,
});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
name: "aks-example-identity",
resourceGroupName: example.name,
location: example.location,
});
const exampleAssignment = new azure.authorization.Assignment("example", {
scope: exampleZone.id,
roleDefinitionName: "Private DNS Zone Contributor",
principalId: exampleUserAssignedIdentity.principalId,
});
const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", {
name: "aksexamplewithprivatednszone1",
location: example.location,
resourceGroupName: example.name,
dnsPrefix: "aksexamplednsprefix1",
privateClusterEnabled: true,
privateDnsZoneId: exampleZone.id,
}, {
dependsOn: [exampleAssignment],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example",
location="West Europe")
example_zone = azure.privatedns.Zone("example",
name="privatelink.eastus2.azmk8s.io",
resource_group_name=example.name)
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
name="aks-example-identity",
resource_group_name=example.name,
location=example.location)
example_assignment = azure.authorization.Assignment("example",
scope=example_zone.id,
role_definition_name="Private DNS Zone Contributor",
principal_id=example_user_assigned_identity.principal_id)
example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example",
name="aksexamplewithprivatednszone1",
location=example.location,
resource_group_name=example.name,
dns_prefix="aksexamplednsprefix1",
private_cluster_enabled=True,
private_dns_zone_id=example_zone.id,
opts = pulumi.ResourceOptions(depends_on=[example_assignment]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example",
Location = "West Europe",
});
var exampleZone = new Azure.PrivateDns.Zone("example", new()
{
Name = "privatelink.eastus2.azmk8s.io",
ResourceGroupName = example.Name,
});
var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
{
Name = "aks-example-identity",
ResourceGroupName = example.Name,
Location = example.Location,
});
var exampleAssignment = new Azure.Authorization.Assignment("example", new()
{
Scope = exampleZone.Id,
RoleDefinitionName = "Private DNS Zone Contributor",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new()
{
Name = "aksexamplewithprivatednszone1",
Location = example.Location,
ResourceGroupName = example.Name,
DnsPrefix = "aksexamplednsprefix1",
PrivateClusterEnabled = true,
PrivateDnsZoneId = exampleZone.Id,
}, new CustomResourceOptions
{
DependsOn =
{
exampleAssignment,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{
Name: pulumi.String("privatelink.eastus2.azmk8s.io"),
ResourceGroupName: example.Name,
})
if err != nil {
return err
}
exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
Name: pulumi.String("aks-example-identity"),
ResourceGroupName: example.Name,
Location: example.Location,
})
if err != nil {
return err
}
exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
Scope: exampleZone.ID(),
RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
_, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{
Name: pulumi.String("aksexamplewithprivatednszone1"),
Location: example.Location,
ResourceGroupName: example.Name,
DnsPrefix: pulumi.String("aksexamplednsprefix1"),
PrivateClusterEnabled: pulumi.Bool(true),
PrivateDnsZoneId: exampleZone.ID(),
}, pulumi.DependsOn([]pulumi.Resource{
exampleAssignment,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.privatedns.Zone;
import com.pulumi.azure.privatedns.ZoneArgs;
import com.pulumi.azure.authorization.UserAssignedIdentity;
import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.containerservice.KubernetesCluster;
import com.pulumi.azure.containerservice.KubernetesClusterArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example")
.location("West Europe")
.build());
var exampleZone = new Zone("exampleZone", ZoneArgs.builder()
.name("privatelink.eastus2.azmk8s.io")
.resourceGroupName(example.name())
.build());
var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
.name("aks-example-identity")
.resourceGroupName(example.name())
.location(example.location())
.build());
var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
.scope(exampleZone.id())
.roleDefinitionName("Private DNS Zone Contributor")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder()
.name("aksexamplewithprivatednszone1")
.location(example.location())
.resourceGroupName(example.name())
.dnsPrefix("aksexamplednsprefix1")
.privateClusterEnabled(true)
.privateDnsZoneId(exampleZone.id())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleAssignment)
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example
location: West Europe
exampleZone:
type: azure:privatedns:Zone
name: example
properties:
name: privatelink.eastus2.azmk8s.io
resourceGroupName: ${example.name}
exampleUserAssignedIdentity:
type: azure:authorization:UserAssignedIdentity
name: example
properties:
name: aks-example-identity
resourceGroupName: ${example.name}
location: ${example.location}
exampleAssignment:
type: azure:authorization:Assignment
name: example
properties:
scope: ${exampleZone.id}
roleDefinitionName: Private DNS Zone Contributor
principalId: ${exampleUserAssignedIdentity.principalId}
exampleKubernetesCluster:
type: azure:containerservice:KubernetesCluster
name: example
properties:
name: aksexamplewithprivatednszone1
location: ${example.location}
resourceGroupName: ${example.name}
dnsPrefix: aksexamplednsprefix1
privateClusterEnabled: true
privateDnsZoneId: ${exampleZone.id}
options:
dependsOn:
- ${exampleAssignment}Content copied to clipboard