Skip to content

Commit

Permalink
fix Review and update private DNS zones for private endpoint Azure#330
Browse files Browse the repository at this point in the history
  • Loading branch information
jtracey93 committed Nov 24, 2022
1 parent 7ff026c commit d09556c
Show file tree
Hide file tree
Showing 9 changed files with 489 additions and 374 deletions.
91 changes: 52 additions & 39 deletions infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -111,57 +111,70 @@ param parPrivateDnsZonesResourceGroup string = resourceGroup().name

@description('Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones')
param parPrivateDnsZones array = [
'privatelink.${toLower(parLocation)}.azmk8s.io'
'privatelink.${toLower(parLocation)}.batch.azure.com'
'privatelink.${toLower(parLocation)}.kusto.windows.net'
'privatelink.adf.azure.com'
'privatelink.afs.azure.net'
'privatelink.agentsvc.azure-automation.net'
'privatelink.analysis.windows.net'
'privatelink.api.azureml.ms'
'privatelink.azconfig.io'
'privatelink.azure-api.net'
'privatelink.azure-automation.net'
'privatelink.database.windows.net'
'privatelink.sql.azuresynapse.net'
'privatelink.dev.azuresynapse.net'
'privatelink.azurecr.io'
'privatelink.azure-devices.net'
'privatelink.azurehdinsight.net'
'privatelink.azurehealthcareapis.com'
'privatelink.azurestaticapps.net'
'privatelink.azuresynapse.net'
'privatelink.azurewebsites.net'
'privatelink.batch.azure.com'
'privatelink.blob.core.windows.net'
'privatelink.table.core.windows.net'
'privatelink.queue.core.windows.net'
'privatelink.file.core.windows.net'
'privatelink.web.core.windows.net'
'privatelink.cassandra.cosmos.azure.com'
'privatelink.cognitiveservices.azure.com'
'privatelink.database.windows.net'
'privatelink.datafactory.azure.net'
'privatelink.dev.azuresynapse.net'
'privatelink.dfs.core.windows.net'
'privatelink.dicom.azurehealthcareapis.com'
'privatelink.digitaltwins.azure.net'
'privatelink.directline.botframework.com'
'privatelink.documents.azure.com'
'privatelink.mongo.cosmos.azure.com'
'privatelink.cassandra.cosmos.azure.com'
'privatelink.eventgrid.azure.net'
'privatelink.file.core.windows.net'
'privatelink.gremlin.cosmos.azure.com'
'privatelink.table.cosmos.azure.com'
'privatelink.${toLower(parLocation)}.batch.azure.com'
'privatelink.postgres.database.azure.com'
'privatelink.mysql.database.azure.com'
'privatelink.mariadb.database.azure.com'
'privatelink.vaultcore.azure.net'
'privatelink.guestconfiguration.azure.com'
'privatelink.his.arc.azure.com'
'privatelink.kubernetesconfiguration.azure.com'
'privatelink.managedhsm.azure.net'
'privatelink.${toLower(parLocation)}.azmk8s.io'
'privatelink.siterecovery.windowsazure.com'
'privatelink.servicebus.windows.net'
'privatelink.azure-devices.net'
'privatelink.eventgrid.azure.net'
'privatelink.azurewebsites.net'
'privatelink.api.azureml.ms'
'privatelink.notebooks.azure.net'
'privatelink.service.signalr.net'
'privatelink.mariadb.database.azure.com'
'privatelink.media.azure.net'
'privatelink.mongo.cosmos.azure.com'
'privatelink.monitor.azure.com'
'privatelink.oms.opinsights.azure.com'
'privatelink.mysql.database.azure.com'
'privatelink.notebooks.azure.net'
'privatelink.ods.opinsights.azure.com'
'privatelink.agentsvc.azure-automation.net'
'privatelink.afs.azure.net'
'privatelink.datafactory.azure.net'
'privatelink.adf.azure.com'
'privatelink.redis.cache.windows.net'
'privatelink.redisenterprise.cache.azure.net'
'privatelink.oms.opinsights.azure.com'
'privatelink.pbidedicated.windows.net'
'privatelink.postgres.database.azure.com'
'privatelink.prod.migration.windowsazure.com'
'privatelink.purview.azure.com'
'privatelink.purviewstudio.azure.com'
'privatelink.digitaltwins.azure.net'
'privatelink.azconfig.io'
'privatelink.cognitiveservices.azure.com'
'privatelink.azurecr.io'
'privatelink.queue.core.windows.net'
'privatelink.redis.cache.windows.net'
'privatelink.redisenterprise.cache.azure.net'
'privatelink.search.windows.net'
'privatelink.azurehdinsight.net'
'privatelink.media.azure.net'
'privatelink.his.arc.azure.com'
'privatelink.guestconfiguration.azure.com'
'privatelink.service.signalr.net'
'privatelink.servicebus.windows.net'
'privatelink.siterecovery.windowsazure.com'
'privatelink.sql.azuresynapse.net'
'privatelink.table.core.windows.net'
'privatelink.table.cosmos.azure.com'
'privatelink.tip1.powerquery.microsoft.com'
'privatelink.token.botframework.com'
'privatelink.vaultcore.azure.net'
'privatelink.web.core.windows.net'
]

//ASN must be 65515 if deploying VPN & ER for co-existence to work: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#limits-and-limitations
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,58 +89,71 @@
},
"parPrivateDnsZones": {
"value": [
"privatelink.xxxxxx.azmk8s.io", // Replace xxxxxx with target region (i.e. eastus)
"privatelink.xxxxxx.batch.azure.com", // Replace xxxxxx with target region (i.e. eastus)
"privatelink.xxxxxx.kusto.windows.net", // Replace xxxxxx with target region (i.e. eastus)
"privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region geo code (i.e. for eastus, the geo code is eus)
"privatelink.adf.azure.com",
"privatelink.afs.azure.net",
"privatelink.agentsvc.azure-automation.net",
"privatelink.analysis.windows.net",
"privatelink.api.azureml.ms",
"privatelink.azconfig.io",
"privatelink.azure-api.net",
"privatelink.azure-automation.net",
"privatelink.database.windows.net",
"privatelink.sql.azuresynapse.net",
"privatelink.dev.azuresynapse.net",
"privatelink.azurecr.io",
"privatelink.azure-devices.net",
"privatelink.azurehdinsight.net",
"privatelink.azurehealthcareapis.com",
"privatelink.azurestaticapps.net",
"privatelink.azuresynapse.net",
"privatelink.azurewebsites.net",
"privatelink.batch.azure.com",
"privatelink.blob.core.windows.net",
"privatelink.table.core.windows.net",
"privatelink.queue.core.windows.net",
"privatelink.file.core.windows.net",
"privatelink.web.core.windows.net",
"privatelink.cassandra.cosmos.azure.com",
"privatelink.cognitiveservices.azure.com",
"privatelink.database.windows.net",
"privatelink.datafactory.azure.net",
"privatelink.dev.azuresynapse.net",
"privatelink.dfs.core.windows.net",
"privatelink.dicom.azurehealthcareapis.com",
"privatelink.digitaltwins.azure.net",
"privatelink.directline.botframework.com",
"privatelink.documents.azure.com",
"privatelink.mongo.cosmos.azure.com",
"privatelink.cassandra.cosmos.azure.com",
"privatelink.eventgrid.azure.net",
"privatelink.file.core.windows.net",
"privatelink.gremlin.cosmos.azure.com",
"privatelink.table.cosmos.azure.com",
"privatelink.xxxxxx.batch.azure.com", // Replace xxxxxx with target region (i.e. eastus)
"privatelink.postgres.database.azure.com",
"privatelink.mysql.database.azure.com",
"privatelink.mariadb.database.azure.com",
"privatelink.vaultcore.azure.net",
"privatelink.guestconfiguration.azure.com",
"privatelink.his.arc.azure.com",
"privatelink.kubernetesconfiguration.azure.com",
"privatelink.managedhsm.azure.net",
"privatelink.xxxxxx.azmk8s.io", // Replace xxxxxx with target region (i.e. eastus)
"privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region geo code (i.e. for eastus, the geo code is eus)
"privatelink.siterecovery.windowsazure.com",
"privatelink.servicebus.windows.net",
"privatelink.azure-devices.net",
"privatelink.eventgrid.azure.net",
"privatelink.azurewebsites.net",
"privatelink.api.azureml.ms",
"privatelink.notebooks.azure.net",
"privatelink.service.signalr.net",
"privatelink.mariadb.database.azure.com",
"privatelink.media.azure.net",
"privatelink.mongo.cosmos.azure.com",
"privatelink.monitor.azure.com",
"privatelink.oms.opinsights.azure.com",
"privatelink.mysql.database.azure.com",
"privatelink.notebooks.azure.net",
"privatelink.ods.opinsights.azure.com",
"privatelink.agentsvc.azure-automation.net",
"privatelink.afs.azure.net",
"privatelink.datafactory.azure.net",
"privatelink.adf.azure.com",
"privatelink.redis.cache.windows.net",
"privatelink.redisenterprise.cache.azure.net",
"privatelink.oms.opinsights.azure.com",
"privatelink.pbidedicated.windows.net",
"privatelink.postgres.database.azure.com",
"privatelink.prod.migration.windowsazure.com",
"privatelink.purview.azure.com",
"privatelink.purviewstudio.azure.com",
"privatelink.digitaltwins.azure.net",
"privatelink.azconfig.io",
"privatelink.cognitiveservices.azure.com",
"privatelink.azurecr.io",
"privatelink.queue.core.windows.net",
"privatelink.redis.cache.windows.net",
"privatelink.redisenterprise.cache.azure.net",
"privatelink.search.windows.net",
"privatelink.azurehdinsight.net",
"privatelink.media.azure.net",
"privatelink.his.arc.azure.com",
"privatelink.guestconfiguration.azure.com"
"privatelink.service.signalr.net",
"privatelink.servicebus.windows.net",
"privatelink.siterecovery.windowsazure.com",
"privatelink.sql.azuresynapse.net",
"privatelink.table.core.windows.net",
"privatelink.table.cosmos.azure.com",
"privatelink.tip1.powerquery.microsoft.com",
"privatelink.token.botframework.com",
"privatelink.vaultcore.azure.net",
"privatelink.web.core.windows.net"
]
},
"parVpnGatewayConfig": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,58 +7,71 @@
},
"parPrivateDnsZones": {
"value": [
"privatelink.xxxxxx.azmk8s.io", // Replace xxxxxx with target region (i.e. eastus)
"privatelink.xxxxxx.batch.azure.com", // Replace xxxxxx with target region (i.e. eastus)
"privatelink.xxxxxx.kusto.windows.net", // Replace xxxxxx with target region (i.e. eastus)
"privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region geo code (i.e. for eastus, the geo code is eus)
"privatelink.adf.azure.com",
"privatelink.afs.azure.net",
"privatelink.agentsvc.azure-automation.net",
"privatelink.analysis.windows.net",
"privatelink.api.azureml.ms",
"privatelink.azconfig.io",
"privatelink.azure-api.net",
"privatelink.azure-automation.net",
"privatelink.database.windows.net",
"privatelink.sql.azuresynapse.net",
"privatelink.dev.azuresynapse.net",
"privatelink.azurecr.io",
"privatelink.azure-devices.net",
"privatelink.azurehdinsight.net",
"privatelink.azurehealthcareapis.com",
"privatelink.azurestaticapps.net",
"privatelink.azuresynapse.net",
"privatelink.azurewebsites.net",
"privatelink.batch.azure.com",
"privatelink.blob.core.windows.net",
"privatelink.table.core.windows.net",
"privatelink.queue.core.windows.net",
"privatelink.file.core.windows.net",
"privatelink.web.core.windows.net",
"privatelink.cassandra.cosmos.azure.com",
"privatelink.cognitiveservices.azure.com",
"privatelink.database.windows.net",
"privatelink.datafactory.azure.net",
"privatelink.dev.azuresynapse.net",
"privatelink.dfs.core.windows.net",
"privatelink.dicom.azurehealthcareapis.com",
"privatelink.digitaltwins.azure.net",
"privatelink.directline.botframework.com",
"privatelink.documents.azure.com",
"privatelink.mongo.cosmos.azure.com",
"privatelink.cassandra.cosmos.azure.com",
"privatelink.eventgrid.azure.net",
"privatelink.file.core.windows.net",
"privatelink.gremlin.cosmos.azure.com",
"privatelink.table.cosmos.azure.com",
"privatelink.xxxxxx.batch.azure.com", // Replace xxxxxx with target region (i.e. eastus)
"privatelink.postgres.database.azure.com",
"privatelink.mysql.database.azure.com",
"privatelink.mariadb.database.azure.com",
"privatelink.vaultcore.azure.net",
"privatelink.guestconfiguration.azure.com",
"privatelink.his.arc.azure.com",
"privatelink.kubernetesconfiguration.azure.com",
"privatelink.managedhsm.azure.net",
"privatelink.xxxxxx.azmk8s.io", // Replace xxxxxx with target region (i.e. eastus)
"privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region geo code (i.e. for eastus, the geo code is eus)
"privatelink.siterecovery.windowsazure.com",
"privatelink.servicebus.windows.net",
"privatelink.azure-devices.net",
"privatelink.eventgrid.azure.net",
"privatelink.azurewebsites.net",
"privatelink.api.azureml.ms",
"privatelink.notebooks.azure.net",
"privatelink.service.signalr.net",
"privatelink.mariadb.database.azure.com",
"privatelink.media.azure.net",
"privatelink.mongo.cosmos.azure.com",
"privatelink.monitor.azure.com",
"privatelink.oms.opinsights.azure.com",
"privatelink.mysql.database.azure.com",
"privatelink.notebooks.azure.net",
"privatelink.ods.opinsights.azure.com",
"privatelink.agentsvc.azure-automation.net",
"privatelink.afs.azure.net",
"privatelink.datafactory.azure.net",
"privatelink.adf.azure.com",
"privatelink.redis.cache.windows.net",
"privatelink.redisenterprise.cache.azure.net",
"privatelink.oms.opinsights.azure.com",
"privatelink.pbidedicated.windows.net",
"privatelink.postgres.database.azure.com",
"privatelink.prod.migration.windowsazure.com",
"privatelink.purview.azure.com",
"privatelink.purviewstudio.azure.com",
"privatelink.digitaltwins.azure.net",
"privatelink.azconfig.io",
"privatelink.cognitiveservices.azure.com",
"privatelink.azurecr.io",
"privatelink.queue.core.windows.net",
"privatelink.redis.cache.windows.net",
"privatelink.redisenterprise.cache.azure.net",
"privatelink.search.windows.net",
"privatelink.azurehdinsight.net",
"privatelink.media.azure.net",
"privatelink.his.arc.azure.com",
"privatelink.guestconfiguration.azure.com"
"privatelink.service.signalr.net",
"privatelink.servicebus.windows.net",
"privatelink.siterecovery.windowsazure.com",
"privatelink.sql.azuresynapse.net",
"privatelink.table.core.windows.net",
"privatelink.table.cosmos.azure.com",
"privatelink.tip1.powerquery.microsoft.com",
"privatelink.token.botframework.com",
"privatelink.vaultcore.azure.net",
"privatelink.web.core.windows.net"
]
},
"parTags": {
Expand All @@ -73,4 +86,4 @@
"value": false
}
}
}
}
Loading

0 comments on commit d09556c

Please sign in to comment.