This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 18%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hello everyone... is there any way to create an internal connection between the pods of my AKS cluster and the DB? In the single server version I seem to remember that there was a private endpoint.
At this moment I am reading something from "Private Link", will it be the alternative for this BD version? It can be configured if my DB was created as "Public Access"
Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 4%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Hello, @Sebastian Pacheco !
If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!
Hi Sebastian,
Yes to keep the communication internal between your Cluster and the DB you will need to use Private Link. Just to clarify this two concepts are highly couple, Azure Private Link is the broad service that enables secure and private connectivity to Azure services. The Private Endpoint is a component of Private Link that provides the actual connection to the service from your virtual network.
So here an example of mechanism that you can use to keep your communication internal:
Some additional references:
If the information helped address your question, please Accept the answer.
Luis
hi @Luis Arias
I think that if my database was created as "Public Access" it can no longer be changed to "Private Access".
I created another test DB (PostgreSQL flexible server) and in the same way I left it "Public Access" but this time in the creation I indicated a "Private Endpoint" and this generated a new "Virtual Network", "Private Endpoint" ", "Network Interfaces", "Private DNS zone" and my database.
If I go to the configuration and look for my private endpoint:
test-bd.privatelink.postgres.database.azure.com
I ping it from the internet (my notebook) it responds without a problem... shouldn't it be a private URL?
Being able to ping it from outside or from any internal resource left me wondering if this should work like this or if I was missing something.
I created a new test DB (Public access) with the Private endpoint feature enabled, I also had to create a network and subnet and put the DB there.
Once everything was configured in the Networks option, the DB had the Private endpoint approved... now I have 2 links:
demodb-flex.postgres.database.azure.com
demodb-flex.privatelink.postgres.database.azure.com
Questions:
1.- I have these 2 connection options now?
2.- Can the url "demodb-flex.privatelink.postgres.database.azure.com" also be accessible from outside? I thought that link was only internal.
If I deactivate the "Public access" option then I can no longer connect to the DB in any way :<
To have access (to both urls) I must enable the "Public access" option and add my IP to the "Firewall rule name" and to have access from within my cluster I must also enable the "Allow public access from any Azure service within Azure" option to this server"