This DNS provider allows you to create and manage DNS entries in private zones of Azure Private DNS. For public DNS zones, please see use the provider type azure-dns.
Follow the steps as described in the Azure documentation to create a service principal account and grant the service principal account 'Private DNS Zone Contributor' permissions to the resource group.
See also How to protect private DNS zones and records
Create a Secret
resource with the data fields AZURE_SUBSCRIPTION_ID
, AZURE_TENANT_ID
, AZURE_CLIENT_ID
, and AZURE_CLIENT_SECRET
.
The optional field AZURE_CLOUD
specifies the Azure Cloud. Allowed values are AzurePublic
(Azure Public Cloud), AzureChina
, and AzureGovernment
.
If not specified, the Azure Public Cloud is assumed.
The values need to be base64 encoded.
apiVersion: v1
kind: Secret
metadata:
name: azure-credentials
namespace: default
type: Opaque
data:
# replace '...' with values encoded as base64
# see https://docs.microsoft.com/en-us/azure/dns/dns-sdk#create-a-service-principal-account
AZURE_SUBSCRIPTION_ID: ...
AZURE_TENANT_ID: ...
AZURE_CLIENT_ID: ...
AZURE_CLIENT_SECRET: ...
# optional AZURE_CLOUD value specifies the Azure cloud: `AzurePublic`, `AzureChina`, `AzureGovernment`
#AZURE_CLOUD: ...
# Alternatively use Gardener cloud provider credentials convention
#tenantID: ...
#subscriptionID: ...
#clientID: ...
#clientSecret: ...