Product Documentation

Appearance

EE: Azure cloud

Azure Terraform - Private DNS Zone Configuration

This page outlines the configuration of Private DNS Zones in Azure using Terraform. These zones are crucial for managing DNS resolution for private endpoints, ensuring that traffic between resources within the virtual network is securely routed.

The reference includes:

  • Creating Private DNS Zones for Azure Container Registry (ACR), Azure Kubernetes Service (AKS), and Blob Storage.
  • Linking each DNS zone to the Virtual Network (VNet).
  • A custom private DNS zone for ingress traffic routing.

This configuration ensures that key Azure services are privately accessible within the VNet, improving security and performance.

resource "azurerm_private_dns_zone" "privatelink_acr" {
  name                = "privatelink.azurecr.io"
  resource_group_name = local.azure_resource_group

  tags = local.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_acr" {
  name                  = "privatelink_acr"
  resource_group_name   = local.azure_resource_group
  private_dns_zone_name = azurerm_private_dns_zone.privatelink_acr.name
  virtual_network_id    = azurerm_virtual_network.this.id

  tags = local.tags
}

resource "azurerm_private_dns_zone" "privatelink_aks" {
  name                = "privatelink.${var.azure_location}.azmk8s.io"
  resource_group_name = local.azure_resource_group

  tags = local.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_aks" {
  name                  = "privatelink_aks"
  resource_group_name   = local.azure_resource_group
  private_dns_zone_name = azurerm_private_dns_zone.privatelink_aks.name
  virtual_network_id    = azurerm_virtual_network.this.id

  tags = local.tags
}

resource "azurerm_private_dns_zone" "privatelink_blob" {
  name                = "privatelink.blob.core.windows.net"
  resource_group_name = local.azure_resource_group

  tags = local.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_blob" {
  name                  = "privatelink_blob"
  resource_group_name   = local.azure_resource_group
  private_dns_zone_name = azurerm_private_dns_zone.privatelink_blob.name
  virtual_network_id    = azurerm_virtual_network.this.id

  tags = local.tags
}

resource "azurerm_private_dns_zone" "ingress" {
  name                = "${local.fingerprint}.private"
  resource_group_name = local.azure_resource_group

  tags = local.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "ingress" {
  name                  = "ingress_hub"
  resource_group_name   = local.azure_resource_group
  private_dns_zone_name = azurerm_private_dns_zone.ingress.name
  virtual_network_id    = azurerm_virtual_network.this.id

  tags = local.tags
}