Create Confluent Cloud Network on Azure¶
Each Confluent Cloud network is a virtual network that is provisioned in your Confluent Cloud Azure account.
You can create multiple Dedicated Kafka clusters within each Confluent Cloud network.
For details on default service quotas, see Network service quotas.
Prerequisites¶
Before you create a Confluent Cloud network, you need the following information.
Name your Confluent Cloud network¶
The name you choose is used to identify your network in the Confluent Cloud Console and
when using the Confluent CLI. Choose a meaningful name, but consider including
the connection type in the name (for example,
azure-australia-east-private-link).
Select Region and Availability Zones¶
Dedicated clusters you create in your Confluent Cloud network inherit the selected Region and Availability Zones.
Select CIDR blocks (for VNet Peering only)¶
This prerequisite only applies to networks of type VNet Peering.
Private Link networks allocate addresses from existing VNet subnets and do not require an additional CIDR block.
Select /16 CIDR blocks for your Confluent Cloud network for use with your
VNet Peering on Azure.
Review the following requirements for CIDR block selections:
The CIDR block must be in one of the following private networks, as mentioned in RFC 1918.
10.0.0.0/8100.64.0.0/10172.16.0.0/12192.168.0.0/16198.18.0.0/15
The CIDR block cannot be any of the following:
10.253.0.0/1610.254.0.0/16172.17.0.0/16172.30.0.0/16172.31.0.0/16
CIDRs for your VNet cannot overlap with the above CIDR blocks due to routing conflicts with Confluent services. More specifically, you cannot peer the Confluent Cloud network with your VNet using any of the above CIDRs.
Additional notes when selecting your CIDR block:
- The RFC 6598 shared address space is supported on Azure.
- Must be a
/16CIDR block. - Cannot be modified after the Confluent Cloud network is provisioned.
- Must not overlap with an existing Confluent Cloud network CIDR block.
Create a Confluent Cloud network¶
Follow the procedure below to create a Confluent Cloud network on Azure.
You can host multiple clusters within one Confluent Cloud network`. For details on service quotas, see Networks.
In the Confluent Cloud Console, go to the Network management page for your environment.
Click Create your first network if this is the first network in your environment, or click + Add Network if your environment has existing networks.
Select Azure as the Cloud Provider and the desired geographic region.
Select the connectivity type: Private Link or VNet Peering. Depending on the option selected, different Zone Placement options and CIDR for Confluent Cloud Network fields will appear.
- Private Link: Cluster is accessible using Private Link connections.
- VNet Peering: Cluster is accessible using VNet Peering.
Complete the steps for the connectivity type you selected and then click Continue.
Important
After provisioning your new Confluent Cloud network, you cannot change your selected Availability Zone (AZ) IDs or CIDR block size. Make sure to deploy a network based on your zonal requirements.
Under DNS configuration, select the DNS resolution method.
Select Private DNS Resolution to resolve the private DNS name of the Confluent Cloud cluster to the private IP address of the cluster.
If Private DNS Resolution is not selected, the private DNS name of the Confluent Cloud cluster requires public DNS Resolution to resolve the private IP address of the cluster.
Before you select a DNS resolution option, review the details about DNS resolution in Azure Private Link in DNS resolution options.
Under CIDR for Confluent Cloud Network, enter a
/16CIDR block. For more information, see Select CIDR blocks (for VNet Peering only) above.Important
After your network is provisioned, you cannot change the CIDR block.
Under Create Network, specify a Network Name, review your configuration, and click Create Network.
Here is an example REST API request:
HTTP POST request
POST https://api.confluent.cloud/networking/v1/networks
Authentication
See Authentication.
Request specification
Your REST request body specification should include the following:
display_name(optional) A meaningful name for your Confluent Cloud network.environmentid– The identifier (ID) of your Confluent Cloud environment.cloud– cloud service provider (AZURE)region– The Region where the network is located.connection_types–PEERINGorPRIVATELINKzones– An array listing the three selected Availability Zone IDs in the same Region.cidr– The CIDR block.dns_config- SetresolutiontoPRIVATEorCHASED_PRIVATE. The default value isCHASED_PRIVATE.- When
resolutionisCHASED_PRIVATE, clusters in this network require both public and private DNS to resolve cluster endpoints. - When
resolutionisPRIVATE, clusters in this network only require private DNS to resolve cluster endpoints.
Before you select a DNS resolution option, review the details about DNS resolution in Azure Private Link in DNS resolution options.
- When
Here are REST specification examples in JSON format. You can use these as templates for your own specification, replacing your unique values.
{
"spec": {
"display_name": "My-NW1",
"cloud": "AZURE",
"region": "centralus",
"connection_types": [
"PEERING"
],
"cidr": "10.0.0.0/16",
"zones": [
"1",
"2",
"3"
],
"environment":{
"id":"env-abc123"
}
}
}
In the request specification, include values for cloud, region, environment, connection type, and, optionally, add the display name, CIDR, and zones for the Confluent Cloud network. Update the attributes below with the correct values.
{
"spec":{
"display_name":"Azure-PL-CCN-1",
"cloud":"AZURE",
"region":"centralus",
"connection_types":[
"PRIVATELINK"
],
"zones":[
"1",
"2",
"3"
],
"dns_config": {
"resolution": "PRIVATE"
},
"environment":{
"id":"env-abc123"
}
}
}
Use the confluent network create Confluent CLI command to create a Confluent Cloud network:
confluent network create <network-name> <flags>
The following command-specific flags are suppored:
--cloud: Required. Set toazure.--region: Required. Cloud region ID for this network.--connection-types: Required. The network acces type. Specify one ofprivatelink,peering, ortransitgateway.--cidr: A /16 IPv4 CIDR block. Required for networks of connection typepeeringandtransitgateway.--zones: A comma-separated list of availability zones for this network.--zone-info: A comma-separated list ofzone=cidrpairs or CIDR blocks. Each CIDR must be a /27 IPv4 CIDR block.--dns-resolution: Specify the DNS resolution asprivateorchased-private. The default value ischased-private.- When
resolutionischased-private, clusters in this network require both public and private DNS to resolve cluster endpoints. - When
resolutionisprivate, clusters in this network only require private DNS to resolve cluster endpoints.
Before you select a DNS resolution option, review the details about DNS resolution in Azure PrivateLink in DNS resolution options.
- When
You can specify additional optional CLI flags described in the Confluent
CLI command reference,
such as --environment.
The following are example Confluent CLI commands:
confluent network create my_azure_peering --cloud azure \
--region eastus2 \
--connection-types peering \
--cidr 10.1.0.0/16
confluent network create my_azure_pl --cloud azure \
--region eastus2 \
--connection-types privatelink \
--dns-resolution chased_private
Typically, it takes up to 15 to 20 minutes to create a Confluent Cloud network. Note the Confluent Cloud network ID from the response to specify it in the following commands.
Next steps¶
After successfully provisioning the Confluent Cloud network on Azure, you can add Dedicated Kafka clusters within your Confluent Cloud network by using the following options:
- Confluent Cloud Console: Manage Kafka Clusters on Confluent Cloud
- Cluster Management API: Create Kafka clusters