K
Q

Azure Kubernetes Service, AKS with terraform, private dns link

6/11/2021

I am deploying private AKS Cluster with hub-spoke network topology. I also want to specify "private_dns_link" with terraform code. I want link AKS subnet to my hub network.

I added this resource to my .tf file. 

resource "azurerm_private_dns_zone_virtual_network_link" "link_to_hub_vnet" {
name = "link_to_hub_vnet"
private_dns_zone_name = join(".", slice(split(".", 
azurerm_kubernetes_cluster.dev.private_fqdn), 1, length(split(".", 
azurerm_kubernetes_cluster.dev.private_fqdn))))
resource_group_name   = azurerm_resource_group.k8srg.name
virtual_network_id    = azurerm_virtual_network.hubVnetAddress.id

depends_on = [azurerm_kubernetes_cluster.dev]
}

But when do "terraform apply" it gives me below error.

Error: creating/updating Virtual Network Link "link_to_hub_vnet" (Private DNS Zone "5ed135c0-266f-4350-b537-872c095f3696.privatelink.northeurope.azmk8s.io" / Resource Group "k8srg"): privatedns.VirtualNetworkLinksClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource '5ed135c0-266f-4350-b537-872c095f3696.privatelink.northeurope.azmk8s.io' not found."

As i understand it could not find dns name, but when i check the private dns zone in Azure Portal, i see that it is there.

Anybody maybe expierence it ?

-- Amir Damirov
azure
cloud
dns
kubernetes
terraform

Similar Questions

How do I get a file from a one-off process in Kubernetes?
Understanding Kubernetes Watch (kubernetes-client/java api)
Requests timing out when accesing a Kubernetes clusterIP service
hostAliases element in Kubernetes Replication Controller
execute MySQL init command using environment variables to create database

2 Answers

6/16/2021

The problem was "resource_group_name = azurerm_resource_group.k8srg.name"

When deploying AKS cluster in azure it creates seperate resource group for the NODE_POOL and other its services. So "Private Zone" also were in that seperate group.

-- Amir Damirov
Source: StackOverflow
6/13/2021

if you read through the for hub and spoke model , it says

By default, when a private cluster is provisioned, a private endpoint (1) and a private DNS zone (2) are created in the cluster-managed resource group. The cluster uses an A record in the private zone to resolve the IP of the private endpoint for communication to the API server.

https://docs.microsoft.com/en-us/azure/aks/private-clusters#hub-and-spoke-with-custom-dns

so I am doubtful if you can link external private dns to the cluster

but if you are looking to link the cluster private dns to vnet then you can create a null_resource and call the shell script which is there in the link below. 

resource "null_resource" "dns_zone_link" {
    
 provisionor "local-exec" { 
   interpreter = ["bash"]
   command = "./dns-zone-link.sh"

   environment {
      VNET = ""
   } 
 } 
}

https://github.com/Azure/terraform/blob/master/quickstart/301-aks-private-cluster/dns-zone-link.sh

-- shashi
Source: StackOverflow