How to connect a AKS cluster to to an Azure hosted postgresql w/o routing over the internet

Question

I created a Azure hosted Postgresql instance and got the public name to access it. After configuring the security settings I am able to access it from every location I want.

If I configure the services in my AKS cluster with that name, then the IP of postgresql is resolved in the cluster internally also to the global IP address of postgresql, as in the case when I access it from my local machine. So it seems to me that the packages for the database will be routed over the internet.

Since I am with my AKS already the Azure intern network, I wonder if there is a way to connect the Azure intern Postgresql through the internal Azure network to my AKS cluster. The global Postgresql name seems here the wrong approach.

Answer 1

Ok so you have a couple of things to assure in your config:

1. Postgres PaaS is correctly configured with a private endpoint
2. Your AKS is either in the same or peered vnet that your Postgres's private endpoint (in essence just make sure you have network connectivity between both over private network)
3. You have a private DNS zone (privatelink.postgres.database.azure.com) for Postgres linked to your vnet(s). You can either add an a-record manually (Postgres name -> Postgres IP on the private network) or integrate this private DNS zone with the private endpoint of Postgres at which point the a-record will be kept up to date automatically.
4. Make sure your AKS vnet is using default Azure DNS servers (if you are using custom DNS servers then the setup might be a bit different)

Looking at your problem statement I would guess you are missing point 3 from the above list.

Answer 2

You can use Virtual Network service endpoints or Private-Link to stay inside the Microsoft Backbone Network.

Just note that with private-link you do not have public connectivity to your PaaS resources.