-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add authorized ip range variable for azure #2880
base: main
Are you sure you want to change the base?
Conversation
The failing tests appear unrelated to these changes. |
Hi @dcmcand, I am not sure if this will be related at all, but last time we changed something related to IP ranges (specifically for AWS CIDRs blocks) we ended up having issues with Dask (here's some of the discussion points #828) So I would just suggest to do a full Azure deploy with these settings and double check if dask can spin correctly. |
That looks unrelated, but I will test it. |
@viniciusdc tested and dask works fine. Now that 2024.12.1 is out, could I get a review here? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good to me; I only have a single question regarding the aks cluster new block api_server_access_profile
; did you test this modification on a previously deployed cluster? And is can this change be safely rolled back?
api_server_access_profile { | ||
authorized_ip_ranges = var.authorized_ip_ranges | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Including this field leads to a resource update. Does it affect the running nodes at all?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It shouldn't be I can test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All it does is update and attribute, no replacement needed. It also runs on the cluster, not on the node.
Reference Issues or PRs
Closes #2784
What does this implement/fix?
Put a
x
in the boxes that applyTesting
How to test this PR?
Ensure you can deploy to azure with an existing azure config.
Then
Add a
authorized_ip_ranges
line to the azure provider of your nebari-config.yaml. Deploy to azure and ensure that access to api server is limited to that ip range.example config block
Any other comments?