Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review and update private DNS zones for private endpoint #482

Closed
krowlandson opened this issue Oct 7, 2022 · 2 comments
Closed

Review and update private DNS zones for private endpoint #482

krowlandson opened this issue Oct 7, 2022 · 2 comments
Assignees
@krowlandson
Milestone
v2.5.0

Comments

@krowlandson
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Since the addition of private DNS zones for private endpoint support in the module, the list of services supporting private endpoint has grown.

There also appear to be a few changes in the documented zones required for services already included in the module.

Having done a quick review of the latest documented DNS zones, it appears we have some differences which need to be resolved as follows:

Private link resource type / Subresource Status
Azure Automation / (Microsoft.Automation/automationAccounts) / Webhook, DSCAndHybridWorker no changes identified
Azure SQL Database (Microsoft.Sql/servers) / sqlServer no changes identified
Azure SQL Managed Instance (Microsoft.Sql/managedInstances) needs testing to verify works with privatelink.{dnsPrefix}.database.windows.net format
Azure Synapse Analytics (Microsoft.Synapse/workspaces) / Sql no changes identified
Azure Synapse Analytics (Microsoft.Synapse/workspaces) / SqlOnDemand missing, but same zone name as Sql subresource
Azure Synapse Analytics (Microsoft.Synapse/workspaces) / Dev included in PR #481
Azure Synapse Studio (Microsoft.Synapse/privateLinkHubs) / Web included in PR #481
Storage account (Microsoft.Storage/storageAccounts) / Blob (blob, blob_secondary) no changes identified
Storage account (Microsoft.Storage/storageAccounts) / Table (table, table_secondary) no changes identified
Storage account (Microsoft.Storage/storageAccounts) / Queue (queue, queue_secondary) no changes identified
Storage account (Microsoft.Storage/storageAccounts) / File (file, file_secondary) no changes identified
Storage account (Microsoft.Storage/storageAccounts) / Web (web, web_secondary) no changes identified
Azure Data Lake File System Gen2 (Microsoft.Storage/storageAccounts) / Data Lake File System Gen2 (dfs, dfs_secondary) no changes identified
Azure Cosmos DB (Microsoft.AzureCosmosDB/databaseAccounts) / Sql no changes identified
Azure Cosmos DB (Microsoft.AzureCosmosDB/databaseAccounts) / MongoDB no changes identified
Azure Cosmos DB (Microsoft.AzureCosmosDB/databaseAccounts) / Cassandra no changes identified
Azure Cosmos DB (Microsoft.AzureCosmosDB/databaseAccounts) / Gremlin no changes identified
Azure Cosmos DB (Microsoft.AzureCosmosDB/databaseAccounts) / Table no changes identified
Azure Batch (Microsoft.Batch/batchAccounts) / batchAccount missing
Azure Batch (Microsoft.Batch/batchAccounts) / nodeManagement missing
Azure Database for PostgreSQL - Single server (Microsoft.DBforPostgreSQL/servers) / postgresqlServer no changes identified
Azure Database for MySQL (Microsoft.DBforMySQL/servers) / mysqlServer no changes identified
Azure Database for MariaDB (Microsoft.DBforMariaDB/servers) / mariadbServer no changes identified
Azure Key Vault (Microsoft.KeyVault/vaults) / vault no changes identified
Azure Key Vault (Microsoft.KeyVault/managedHSMs) / Managed HSMs missing
Azure Kubernetes Service - Kubernetes API (Microsoft.ContainerService/managedClusters) / management need to validate region format is correct and check requirements for {subzone}.privatelink.{region}.azmk8s.io zone
Azure Search (Microsoft.Search/searchServices) / searchService no changes identified
Azure Container Registry (Microsoft.ContainerRegistry/registries) / registry need to test whether regional zones work as expected for {region}.privatelink.azurecr.io
Azure App Configuration (Microsoft.AppConfiguration/configurationStores) / configurationStores no changes identified
Azure Backup (Microsoft.RecoveryServices/vaults) / AzureBackup no changes identified
Azure Site Recovery (Microsoft.RecoveryServices/vaults) / AzureSiteRecovery need to check as zone is now documented as being regional, i.e. privatelink.{region}.siterecovery.windowsazure.com
Azure Event Hubs (Microsoft.EventHub/namespaces) / namespace no changes identified
Azure Service Bus (Microsoft.ServiceBus/namespaces) / namespace no changes identified
Azure IoT Hub (Microsoft.Devices/IotHubs) / iotHub no changes identified
Azure Relay (Microsoft.Relay/namespaces) / namespace no changes identified
Azure Event Grid (Microsoft.EventGrid/topics) / topic no changes identified
Azure Event Grid (Microsoft.EventGrid/domains) / domain no changes identified
Azure Web Apps (Microsoft.Web/sites) / sites no changes identified
Azure Machine Learning (Microsoft.MachineLearningServices/workspaces) / amlworkspace no changes identified
SignalR (Microsoft.SignalRService/SignalR) / signalR no changes identified
Azure Monitor (Microsoft.Insights/privateLinkScopes) / azuremonitor missing privatelink.blob.core.windows.net zone
Cognitive Services (Microsoft.CognitiveServices/accounts) / account no changes identified
Azure File Sync (Microsoft.StorageSync/storageSyncServices) / afs need to check as zone is now documented as being regional, i.e. privatelink.{region}.afs.azure.net
Azure Data Factory (Microsoft.DataFactory/factories) / dataFactory no changes identified
Azure Data Factory (Microsoft.DataFactory/factories) / portal no changes identified
Azure Cache for Redis (Microsoft.Cache/Redis) / redisCache no changes identified
Azure Cache for Redis Enterprise (Microsoft.Cache/RedisEnterprise) / redisEnterprise missing
Microsoft Purview (Microsoft.Purview) / account included in PR #481
Microsoft Purview (Microsoft.Purview) / portal included in PR #481
Azure Digital Twins (Microsoft.DigitalTwins) / digitalTwinsInstances missing
Azure HDInsight (Microsoft.HDInsight) missing
Azure Arc (Microsoft.HybridCompute) / hybridcompute missing
Azure Media Services (Microsoft.Media) / keydelivery, liveevent, streamingendpoint missing
Azure Data Explorer (Microsoft.Kusto) missing
Azure Static Web Apps (Microsoft.Web/staticSites) / staticSites missing
Azure Migrate (Microsoft.Migrate) / migrate projects, assessment project and discovery site missing
Azure Managed HSM (Microsoft.Keyvault/managedHSMs) / managedhsm missing
Azure API Management (Microsoft.ApiManagement/service) / gateway missing
Microsoft PowerBI (Microsoft.PowerBI/privateLinkServicesForPowerBI) missing
Azure Bot Service (Microsoft.BotService/botServices) / Bot missing
Azure Bot Service (Microsoft.BotService/botServices) / Token missing

Describe the solution you'd like

Update the module to reflect the latest changes in available services with private endpoint support.

Additional context

Thank you @bentaylorwork for the initial prompt on this via PR #481

We also need to consider this for the ARM and Bicep implementations.
@ghost ghost added the Needs: Triage 🔍 Needs triaging by the team label Oct 7, 2022
This was referenced Oct 7, 2022
Closed
Closed
@krowlandson krowlandson self-assigned this Oct 10, 2022
@ghost ghost removed the Needs: Triage 🔍 Needs triaging by the team label Oct 10, 2022
@krowlandson krowlandson added this to the v2.5.0 milestone Oct 10, 2022
@krowlandson
Copy link
Contributor Author

Trigger ADO Sync

@krowlandson
Copy link
Contributor Author

@krowlandson krowlandson mentioned this issue Nov 29, 2022
Merged
6 tasks
@krowlandson krowlandson mentioned this issue Dec 16, 2022
Merged
6 tasks
@ghost ghost added PR-referenced and removed PR-referenced labels Dec 16, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Jan 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@krowlandson krowlandson

Labels
None yet
Projects
None yet
Milestone
v2.5.0
Development

No branches or pull requests
1 participant
@krowlandson