Skip to main content

Azure | Connect to BigAnimal private cluster with Azure Private Link Service in a different account

shanshan zhao
  • Updated

Background

Private Link Services will be created automatically for BigAnimal Clusters using Private network in Azure.

We have documentation Connecting from Azure which gives an example of how to create Azure Private Endpoint in the same Azure tenant.

This article introduces how to connect to the cluster with Azure Private Endpoint in a different Azure account.

 

Example

Cluster

Account: Tenant 1
Cluster ID: p-7m89c7fmwl
Org ID: KJS1ac8Czj9EBUwb
Project ID: KJS1ac8Czj9EBUwb
Region: West US2
Linux client VM called vm-client:
Account: Tenant 2
Resource group: rg-client
Virtual network: vnet-client
Virtual network subnet: snet-client

BigAnimal Cluster p-7m89c7fmwl with 1 replica and read-only is enabled. So you will get 2 private link services as below.

We need to create Azure Private Endpoint for each private link service, but below I only give the example for p-7m89c7fmwl-rw-internal-lb and the steps are the same.
1. p-7m89c7fmwl-rw-internal-lb
2. p-7m89c7fmwl-ro-internal-lb

 

Step 1 Get Alias of the Private Link Service

1. Go to Tenant 1's Azure Portal -> Private Link Center -> Private Link Services, and search for p-7m89c7fmwl. mceclip0.png

2. Click Private Link Service p-7m89c7fmwl-rw-internal-lb and get the alias (we will use it later) mceclip1.png

We can also get it from Azure CLI 

❯ az network private-link-service list --query "[?name=='p-7m89c7fmwl-rw-internal-lb'].alias" -o tsv
p-7m89c7fmwl-rw-internal-lb.732bfe3c-1e39-4eaf-9104-cd58f7e1b104.westus2.azure.privatelinkservice

 

Step 2 Create a Private Endpoint in a different account

1. Go to Tenant 2's Azure portal, go to Private Link Center and create a Private Endpoint

2. In 'Basics' tab, choose the resource group of the VM and define the name of the Private Endpoint  mceclip0.png

3. In 'Resources' tab, you need to choose 'Connect to an Azure resource by resource ID or alias.'
mceclip1.png

4. In 'Virtual Network' tab, choose the vnet used by your VM 
mceclip2.png

5. For the other tabs, there is no restriction and you can leave with the default setting.

6. Create the Private Endpoint.

 

Step 3 Approve the connection at Private Link Service side

1. Login to Tenant 1's portal again and find the private link service we used before

2. Go to Private Endpoint Connections and approve the connection for the private endpoint. mceclip3.png

 

Step 4 same as Create an Azure Private DNS Zone for the private endpoint

Step 5 Same as Accessing the cluster 

Please remove the connections at Private Link Service before you want to delete the cluster or switch the network to Public. You can also delete the private endpoint directly.