cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Databricks App in Azure Databricks with private link cluster (no Public IP)

Behwar
New Contributor III

โ€Ž01-17-2025 04:01 AM

Hello,
I've deployed Azure Databricks with a standard Private Link setup (no public IP). Everything works as expectedโ€”I can log in via the private/internal network, create clusters, and manage workloads without any issues.

When I create a Databricks App, it generates a URL like: <name>.azure.databricksapps.com

Since I didnโ€™t initially have a Private DNS Zone for azure.databricksapps.com, my system resolved this address to a public IP. To fix this, I:

  • Created a Private DNS Zone for azure.databricksapps.com.
  • Added an A record pointing <name>.azure.databricksapps.com to my Databricks workspace private IP endpoint (same as used in privatelink.azuredatabricks.net for this workspace).

Behavior Before Adding the Private DNS Zone:
nslookup <app-name>.azure.databricksapps.com โ†’ Resolved to a public IP.
curl or accessing via a browser resulted in:
{"X-Databricks-Reason-Phrase":"Public access is not allowed for workspace: xyz"}

Behavior After Adding the Private DNS Zone:
nslookup <app-name>.azure.databricksapps.com โ†’ Now resolves to the private IP (as expected).
However, curl and browser requests still go through the public IP and return the same error:
{"X-Databricks-Reason-Phrase":"Public access is not allowed for workspace: xyz"}

Is additional configuration needed to ensure Databricks Apps work over Private Link?
Does this feature require a Public IP, or should it work fully within a private network?

4 REPLIES 4

Alberto_Umana
Databricks Employee
Databricks Employee

โ€Ž01-17-2025 04:40 AM

Hello @Behwar,

Did you make sure that your internal DNS is configured to map the web application workspace URL to your front-end VPC endpoint. This involves creating an A-record in your internal DNS that maps the workspace URL directly to the front-end (workspace) VPC endpoint private IP

0 Kudos

Behwar
New Contributor III
In response to Alberto_Umana

โ€Ž01-17-2025 05:12 AM

I'm using Azure, so instead of a VPC endpoint, I'm working with Azure Private Link. Here's what I checked and did:

  • Verified my Databricks workspace private endpoint under privatelink.azuredatabricks.net.
  • Created a Private DNS Zone for azure.databricksapps.com and mapped <app-name> to the same private IP as my Databricks workspace.
  • Linked my VNet to the Private DNS Zone so all internal resources resolve it correctly.
  • Confirmed that nslookup now returns the private IP, but browser and curl still attempt to route via the public IP.
0 Kudos

sparkplug
New Contributor III

โ€Ž02-20-2025 12:38 AM

I am also facing the same issue. Is the recommendation to create one A-record for each app, which sounds a bit cumbersome.

 

0 Kudos

MariuszK
Contributor III

โ€Ž02-21-2025 11:10 AM

Do you have a private endpoint for databricks_ui_api ? You need to establish a private endpoint for users to access web app.

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements
Top