Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Private DNS Zones Bug (#695) #891

Merged
merged 14 commits into from
Nov 6, 2024
Merged

fix: Private DNS Zones Bug (#695) #891

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
bfe6def
accelerator files
jtracey93 Oct 28, 2024
8ae5044
updates to v0.2.0 of ptn
jtracey93 Oct 28, 2024
2f936bf
docs update
jtracey93 Oct 29, 2024
08cdec4
add output for names
jtracey93 Oct 29, 2024
51484f7
fmt
jtracey93 Oct 29, 2024
1649b53
bump to pdns 0.2.1
jtracey93 Oct 30, 2024
175bfac
hub MR changes
jtracey93 Oct 30, 2024
65c158a
add rel notes draft
jtracey93 Nov 1, 2024
8539498
remove pdns module
jtracey93 Nov 1, 2024
fc9ac62
doc updates
jtracey93 Nov 1, 2024
d171cec
update params
jtracey93 Nov 1, 2024
8bb8f31
fix psrule
jtracey93 Nov 1, 2024
c729ff4
readme updates
jtracey93 Nov 1, 2024
8779d14
remove
jtracey93 Nov 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 0 additions & 80 deletions accelerator/.config/ALZ-Powershell-Auto.config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -603,16 +603,6 @@
}
]
},
"AK8sPrivateLink": {
"source": "calculated",
"pattern": "privatelink.{%Location%}.azmk8s.io",
"targets": [
{
"Name": "parPrivateDnsZones.value[0]",
"Destination": "Parameters"
}
]
},
"parAzBastionName": {
"source": "calculated",
"pattern": "alz-bastion-{%Location%}",
Expand Down Expand Up @@ -693,76 +683,6 @@
}
]
},
"AK8sPrivateLinkSecondary": {
"source": "calculated",
"pattern": "privatelink.{%SecondaryLocation%}.azmk8s.io",
"targets": [
{
"Name": "parPrivateDnsZonesSecondaryLocation.value[0]",
"Destination": "Parameters"
}
]
},
"BatchPrivateLink": {
"source": "calculated",
"pattern": "privatelink.{%Location%}.batch.azure.com",
"targets": [
{
"Name": "parPrivateDnsZones.value[1]",
"Destination": "Parameters"
}
]
},
"BatchPrivateLinkSecondary": {
"source": "calculated",
"pattern": "privatelink.{%SecondaryLocation%}.batch.azure.com",
"targets": [
{
"Name": "parPrivateDnsZonesSecondaryLocation.value[1]",
"Destination": "Parameters"
}
]
},
"KustoPrivateLink": {
"source": "calculated",
"pattern": "privatelink.{%Location%}.kusto.windows.net",
"targets": [
{
"Name": "parPrivateDnsZones.value[2]",
"Destination": "Parameters"
}
]
},
"KustoPrivateLinkSecondary": {
"source": "calculated",
"pattern": "privatelink.{%SecondaryLocation%}.kusto.windows.net",
"targets": [
{
"Name": "parPrivateDnsZonesSecondaryLocation.value[2]",
"Destination": "Parameters"
}
]
},
"BackupPrivateLink": {
"source": "calculated",
"pattern": "privatelink.{%Location%}.backup.windowsazure.com",
"targets": [
{
"Name": "parPrivateDnsZones.value[3]",
"Destination": "Parameters"
}
]
},
"BackupPrivateLinkSecondary": {
"source": "calculated",
"pattern": "privatelink.{%SecondaryLocation%}.backup.windowsazure.com",
"targets": [
{
"Name": "parPrivateDnsZonesSecondaryLocation.value[3]",
"Destination": "Parameters"
}
]
},
"ConnectivityResourceGroupName": {
"source": "calculated",
"pattern": "rg-{%Prefix%}-connectivity",
Expand Down
40 changes: 0 additions & 40 deletions accelerator/.config/ALZ-Powershell.config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -603,46 +603,6 @@
}
]
},
"AK8sPrivateLink": {
"Type": "Computed",
"Value": "privatelink.{%Location%}.azmk8s.io",
"Targets": [
{
"Name": "parPrivateDnsZones.value.[0]",
"Destination": "Parameters"
}
]
},
"BatchPrivateLink": {
"Type": "Computed",
"Value": "privatelink.{%Location%}.batch.azure.com",
"Targets": [
{
"Name": "parPrivateDnsZones.value.[1]",
"Destination": "Parameters"
}
]
},
"KustoPrivateLink": {
"Type": "Computed",
"Value": "privatelink.{%Location%}.kusto.windows.net",
"Targets": [
{
"Name": "parPrivateDnsZones.value.[2]",
"Destination": "Parameters"
}
]
},
"BackupPrivateLink": {
"Type": "Computed",
"Value": "privatelink.{%Location%}.backup.windowsazure.com",
"Targets": [
{
"Name": "parPrivateDnsZones.value.[3]",
"Destination": "Parameters"
}
]
},
"UpstreamReleaseVersion": {
"Type": "Computed",
"Value": "{REPLACED_BY_ALZ_POWERSHELL_MODULE}",
Expand Down
1 change: 0 additions & 1 deletion docs/wiki/CustomerUsage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ The following are the unique ID's (also known as PIDs) used in each of the modul
| virtualNetworkPeer | ab8e3b12-b0fa-40aa-8630-e3f7699e2142 |
| vwanConnectivity | 7f94f23b-7a59-4a5c-9a8d-2a253a566f61 |
| vnetPeeringVwan | 7b5e6db2-1e8c-4b01-8eee-e1830073a63d |
| privateDnsZones | 981733dd-3195-4fda-a4ee-605ab959edb6 |
| hubSpoke - Orchestration | 50ad3b1a-f72c-4de4-8293-8a6399991beb |
| hubPeeredSpoke - Orchestration | 8ea6f19a-d698-4c00-9afb-5c92d4766fd2 |
| SubPlacementAll - Orchestration | bb800623-86ff-4ab4-8901-93c2b70967ae |
Expand Down
14 changes: 0 additions & 14 deletions infra-as-code/bicep/modules/hubNetworking/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,20 +22,6 @@ Module deploys the following resources:
> - Although there are generated parameter markdowns for Azure Commercial Cloud, this same module can still be used in Azure China. Example parameter are in the [parameters](./parameters/) folder.
>
> - The file `parameters/hubNetworking.parameters.az.all.json` contains parameter values for SKUs that are compatible with availability zones for relevant resource types. In cases where you are deploying to a region that does not support availability zones, you should opt for the `parameters/hubNetworking.parameters.all.json` file.
>
> - When deploying using the `parameters/hubNetworking.parameters.all.json` you must update the `parPrivateDnsZones` parameter by replacing the `xxxxxx` placeholders with the deployment region or geo code, for Azure Backup. Failure to do so will cause these services to be unreachable over private endpoints.
>
> For example, if deploying to East US the following zone entries:
> - `privatelink.xxxxxx.azmk8s.io`
> - `privatelink.xxxxxx.backup.windowsazure.com`
> - `privatelink.xxxxxx.batch.azure.com`
>
> Will become:
> - `privatelink.eastus.azmk8s.io`
> - `privatelink.eus.backup.windowsazure.com`
> - `privatelink.eastus.batch.azure.com`
>
> See child module, [`privateDnsZones.bicep` docs](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/privateDnsZones#dns-zones) for more info on how this works

To configure P2S VPN connections edit the vpnClientConfiguration value in the `parVpnGatewayConfig` parameter.

Expand Down
95 changes: 11 additions & 84 deletions ...de/bicep/modules/hubNetworking/generateddocs/hubNetworking-multiRegion.bicep.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,9 @@ parDisableBgpRoutePropagationSecondaryLocation | No | Switch to enable/dis
parHubRouteTableLock | No | Resource Lock Configuration for Hub Route Table. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.
parPrivateDnsZonesEnabled | No | Switch to enable/disable Private DNS Zones deployment.
parPrivateDnsZonesResourceGroup | No | Resource Group Name for Private DNS Zones.
parPrivateDnsZones | No | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones
parPrivateDnsZoneAutoMergeAzureBackupZone | No | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup.
parPrivateDnsZones | No | Array of DNS Zones to provision and link to Hub Virtual Networks. Default: All known Azure Private DNS Zones, baked into underlying AVM module see: https://github.com/Azure/bicep-registry-modules/tree/main/avm/ptn/network/private-link-private-dns-zones#parameter-privatelinkprivatednszones
parVirtualNetworkIdToLinkFailover | No | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links
parVirtualNetworkResourceIdsToLinkTo | No | Array of Resource IDs of VNets to link to Private DNS Zones. Hub VNets are automatically included by module.
parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.
parVpnGatewayEnabled | No | Switch to enable/disable VPN virtual network gateway deployment.
parVpnGatewayEnabledSecondaryLocation | No | Switch to enable/disable VPN virtual network gateway deployment in secondary location.
Expand Down Expand Up @@ -686,23 +686,19 @@ Resource Group Name for Private DNS Zones.

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones
Array of DNS Zones to provision and link to Hub Virtual Networks. Default: All known Azure Private DNS Zones, baked into underlying AVM module see: https://github.com/Azure/bicep-registry-modules/tree/main/avm/ptn/network/private-link-private-dns-zones#parameter-privatelinkprivatednszones

- Default value: `[format('privatelink.{0}.azmk8s.io', toLower(parameters('parLocation')))] [format('privatelink.{0}.batch.azure.com', toLower(parameters('parLocation')))] [format('privatelink.{0}.kusto.windows.net', toLower(parameters('parLocation')))] [format('privatelink.{0}.backup.windowsazure.com', toLower(parameters('parLocation')))] privatelink.adf.azure.com privatelink.afs.azure.net privatelink.agentsvc.azure-automation.net privatelink.analysis.windows.net privatelink.api.azureml.ms privatelink.azconfig.io privatelink.azure-api.net privatelink.azure-automation.net privatelink.azurecr.io privatelink.azure-devices.net privatelink.azure-devices-provisioning.net privatelink.azuredatabricks.net privatelink.azurehdinsight.net privatelink.azurehealthcareapis.com privatelink.azurestaticapps.net privatelink.azuresynapse.net privatelink.azurewebsites.net privatelink.batch.azure.com privatelink.blob.core.windows.net privatelink.cassandra.cosmos.azure.com privatelink.cognitiveservices.azure.com privatelink.database.windows.net privatelink.datafactory.azure.net privatelink.dev.azuresynapse.net privatelink.dfs.core.windows.net privatelink.dicom.azurehealthcareapis.com privatelink.digitaltwins.azure.net privatelink.directline.botframework.com privatelink.documents.azure.com privatelink.eventgrid.azure.net privatelink.file.core.windows.net privatelink.gremlin.cosmos.azure.com privatelink.guestconfiguration.azure.com privatelink.his.arc.azure.com privatelink.dp.kubernetesconfiguration.azure.com privatelink.managedhsm.azure.net privatelink.mariadb.database.azure.com privatelink.media.azure.net privatelink.mongo.cosmos.azure.com privatelink.monitor.azure.com privatelink.mysql.database.azure.com privatelink.notebooks.azure.net privatelink.ods.opinsights.azure.com privatelink.oms.opinsights.azure.com privatelink.pbidedicated.windows.net privatelink.postgres.database.azure.com privatelink.prod.migration.windowsazure.com privatelink.purview.azure.com privatelink.purviewstudio.azure.com privatelink.queue.core.windows.net privatelink.redis.cache.windows.net privatelink.redisenterprise.cache.azure.net privatelink.search.windows.net privatelink.service.signalr.net privatelink.servicebus.windows.net privatelink.siterecovery.windowsazure.com privatelink.sql.azuresynapse.net privatelink.table.core.windows.net privatelink.table.cosmos.azure.com privatelink.tip1.powerquery.microsoft.com privatelink.token.botframework.com privatelink.vaultcore.azure.net privatelink.web.core.windows.net privatelink.webpubsub.azure.com`

### parPrivateDnsZoneAutoMergeAzureBackupZone
### parVirtualNetworkIdToLinkFailover

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup.

- Default value: `True`
Resource ID of Failover VNet for Private DNS Zone VNet Failover Links

### parVirtualNetworkIdToLinkFailover
### parVirtualNetworkResourceIdsToLinkTo

![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

Resource ID of Failover VNet for Private DNS Zone VNet Failover Links
Array of Resource IDs of VNets to link to Private DNS Zones. Hub VNets are automatically included by module.

### parPrivateDNSZonesLock

Expand Down Expand Up @@ -1140,83 +1136,14 @@ outBastionNsgNameSecondaryLocation | string |
"value": "[resourceGroup().name]"
},
"parPrivateDnsZones": {
"value": [
"[format('privatelink.{0}.azmk8s.io', toLower(parameters('parLocation')))]",
"[format('privatelink.{0}.batch.azure.com', toLower(parameters('parLocation')))]",
"[format('privatelink.{0}.kusto.windows.net', toLower(parameters('parLocation')))]",
"[format('privatelink.{0}.backup.windowsazure.com', toLower(parameters('parLocation')))]",
"privatelink.adf.azure.com",
"privatelink.afs.azure.net",
"privatelink.agentsvc.azure-automation.net",
"privatelink.analysis.windows.net",
"privatelink.api.azureml.ms",
"privatelink.azconfig.io",
"privatelink.azure-api.net",
"privatelink.azure-automation.net",
"privatelink.azurecr.io",
"privatelink.azure-devices.net",
"privatelink.azure-devices-provisioning.net",
"privatelink.azuredatabricks.net",
"privatelink.azurehdinsight.net",
"privatelink.azurehealthcareapis.com",
"privatelink.azurestaticapps.net",
"privatelink.azuresynapse.net",
"privatelink.azurewebsites.net",
"privatelink.batch.azure.com",
"privatelink.blob.core.windows.net",
"privatelink.cassandra.cosmos.azure.com",
"privatelink.cognitiveservices.azure.com",
"privatelink.database.windows.net",
"privatelink.datafactory.azure.net",
"privatelink.dev.azuresynapse.net",
"privatelink.dfs.core.windows.net",
"privatelink.dicom.azurehealthcareapis.com",
"privatelink.digitaltwins.azure.net",
"privatelink.directline.botframework.com",
"privatelink.documents.azure.com",
"privatelink.eventgrid.azure.net",
"privatelink.file.core.windows.net",
"privatelink.gremlin.cosmos.azure.com",
"privatelink.guestconfiguration.azure.com",
"privatelink.his.arc.azure.com",
"privatelink.dp.kubernetesconfiguration.azure.com",
"privatelink.managedhsm.azure.net",
"privatelink.mariadb.database.azure.com",
"privatelink.media.azure.net",
"privatelink.mongo.cosmos.azure.com",
"privatelink.monitor.azure.com",
"privatelink.mysql.database.azure.com",
"privatelink.notebooks.azure.net",
"privatelink.ods.opinsights.azure.com",
"privatelink.oms.opinsights.azure.com",
"privatelink.pbidedicated.windows.net",
"privatelink.postgres.database.azure.com",
"privatelink.prod.migration.windowsazure.com",
"privatelink.purview.azure.com",
"privatelink.purviewstudio.azure.com",
"privatelink.queue.core.windows.net",
"privatelink.redis.cache.windows.net",
"privatelink.redisenterprise.cache.azure.net",
"privatelink.search.windows.net",
"privatelink.service.signalr.net",
"privatelink.servicebus.windows.net",
"privatelink.siterecovery.windowsazure.com",
"privatelink.sql.azuresynapse.net",
"privatelink.table.core.windows.net",
"privatelink.table.cosmos.azure.com",
"privatelink.tip1.powerquery.microsoft.com",
"privatelink.token.botframework.com",
"privatelink.vaultcore.azure.net",
"privatelink.web.core.windows.net",
"privatelink.webpubsub.azure.com"
]
},
"parPrivateDnsZoneAutoMergeAzureBackupZone": {
"value": true
"value": []
},
"parVirtualNetworkIdToLinkFailover": {
"value": ""
},
"parVirtualNetworkResourceIdsToLinkTo": {
"value": []
},
"parPrivateDNSZonesLock": {
"value": {
"kind": "None",
Expand Down
Loading
Loading