Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Configuring Private Link for Lakebase Autoscaling keeps all traffic off the public internet. The endpoints you need depend on how your applications connect to Lakebase:
- Inbound Private Link is required. It covers Azure Databricks REST API calls and workspace traffic.
- Inbound Private Link for performance-intensive services (Service Direct Private Link, port 5432) is required when your applications connect to Lakebase from outside the Azure Databricks workspace using a Postgres client (such as psql, a Postgres driver, or an ORM) and a regional connection string. Connection strings without a region, such as those from Lakebase Provisioned instances, don't require this endpoint and remain accessible over the standard inbound Private Link. Applications connecting from within the Azure Databricks workspace, such as Azure Databricks Apps or Feature Store connectors, don't require this endpoint. In-product UI pages (the SQL Editor, Tables editor, Query Stats, and Active queries) work over the existing front-end Private Link and don't require this endpoint. If your applications connect only through the Data API, you don't need this endpoint.
Lakebase Autoscaling routes these two traffic types through separate network paths, each with its own endpoint. Postgres client connections use a dedicated high-performance regional ingress with a hostname in the form *.database.<region>.cloud.databricks.com.
Private Link endpoints
| Endpoint | Traffic type | Port | Notes |
|---|---|---|---|
| Inbound Private Link | Azure Databricks REST API and workspace connectivity | 443 | Standard Azure Databricks workspace-level Private Link. |
| Inbound Private Link for performance-intensive services | Postgres database connections | 5432 | Covers the high-performance regional ingress used by Lakebase Autoscaling. Required for Postgres clients, drivers, and tools connecting to the database from outside the Azure Databricks workspace using a regional connection string. |
Troubleshoot Private Link connectivity
If the Tables editor or SQL Editor in the Lakebase App displays a "Failed to fetch" or "Unknown error" message and your workspace uses Private Link, confirm that inbound Private Link (workspace-level, port 443) is correctly configured. The in-product UI pages work over the existing front-end Private Link and do not require inbound Private Link for performance-intensive services.
If Postgres clients connecting from outside the workspace fail to connect, confirm that inbound Private Link for performance-intensive services is configured. See Configure inbound Private Link for performance-intensive services.