Manage SQL Server Big Data Clusters in AKS private cluster
Important
The Microsoft SQL Server 2019 Big Data Clusters add-on will be retired. Support for SQL Server 2019 Big Data Clusters will end on February 28, 2025. All existing users of SQL Server 2019 with Software Assurance will be fully supported on the platform and the software will continue to be maintained through SQL Server cumulative updates until that time. For more information, see the announcement blog post and Big data options on the Microsoft SQL Server platform.
This article explains how to manage an Azure Kubernetes Service (AKS) private cluster with big data clusters deployed in Azure.
As described in Create a private cluster, the AKS private cluster API server endpoint has no public IP address. To manage, the API server, use a VM that has access to the AKS clusters's Azure Virtual Network (VNet).
Azure VM - same VNet
The simplest method is to deploy an Azure VM in the same VNet as the AKS cluster.
- Deploy an Azure VM in the same VNET with your AKS cluster. This is sometimes called a jumpbox.
- Connect to that VM and Install SQL Server 2019 Big Data tools.
For security purpose, you can use AKS features for the API server authorized IP ranges to limit access to the API server (on AKS Control Plane). The limited access allows specific IP addresses - such as a jumpbox VM or management VM, or an IP address range for a group of developers, and the firewall public frontend IP address.
Other options
Alternatives to using a jumpbox include:
Use a VM in a separate network and setup Virtual network peering to the VNet.
Azure ExpressRoute or VPN Gateway connection.
Options for connecting to the private cluster discusses each of these methods above.
If your service runs behind an Azure Standard Load balancer it can be enabled for Azure Private Link. With Azure Private Link, you can enable private access from other Azure VNets.
In hybrid scenario, you can also set up Azure ExpressRoute or VPN Gateway connection.