feat: Added storage account private endpoint (#59)

Added storage account cross region access from private subnet
wandb · Jun 24, 2024 · 9c28821 · 9c28821
1 parent 928c8d8
commit 9c28821
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -76,7 +76,7 @@ resources that lack official modules.
 | <a name="input_azuremonitor"></a> [azuremonitor](#input\_azuremonitor) | # To support otel azure monitor sql and redis metrics need operator-wandb chart minimum version 0.14.0 | `bool` | `true` | no |
 | <a name="input_blob_container"></a> [blob\_container](#input\_blob\_container) | Use an existing bucket. | `string` | `""` | no |
 | <a name="input_cluster_sku_tier"></a> [cluster\_sku\_tier](#input\_cluster\_sku\_tier) | The Azure AKS SKU Tier to use for this cluster (https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers) | `string` | `"Free"` | no |
-| <a name="input_create_private_link"></a> [create\_private\_link](#input\_create\_private\_link) | Use for the azure private link. | `bool` | `false` | no |
+| <a name="input_create_private_link"></a> [create\_private\_link](#input\_create\_private\_link) | Use for the azure private link. | `bool` | `true` | no |
 | <a name="input_create_redis"></a> [create\_redis](#input\_create\_redis) | Boolean indicating whether to provision an redis instance (true) or not (false). | `bool` | `false` | no |
 | <a name="input_database_availability_mode"></a> [database\_availability\_mode](#input\_database\_availability\_mode) | n/a | `string` | `"SameZone"` | no |
 | <a name="input_database_sku_name"></a> [database\_sku\_name](#input\_database\_sku\_name) | Specifies the SKU Name for this MySQL Server | `string` | `"GP_Standard_D4ds_v4"` | no |

diff --git a/main.tf b/main.tf
@@ -27,6 +27,7 @@ module "networking" {
   private_link        = var.create_private_link
   allowed_ip_ranges   = var.allowed_ip_ranges
   tags                = var.tags
+
 }
 
 module "database" {
@@ -72,16 +73,14 @@ module "vault" {
 }
 
 module "storage" {
-  count  = (var.blob_container == "" && var.external_bucket == null) ? 1 : 0
-  source = "./modules/storage"
-
+  count               = (var.blob_container == "" && var.external_bucket == null) ? 1 : 0
+  source              = "./modules/storage"
   namespace           = var.namespace
   resource_group_name = azurerm_resource_group.default.name
   location            = azurerm_resource_group.default.location
   create_queue        = !var.use_internal_queue
   deletion_protection = var.deletion_protection
-
-  tags = var.tags
+  tags                = var.tags
 }
 
 module "app_lb" {

diff --git a/modules/networking/main.tf b/modules/networking/main.tf
@@ -15,11 +15,10 @@ resource "azurerm_subnet" "private" {
   virtual_network_name = azurerm_virtual_network.default.name
   private_link_service_network_policies_enabled = var.private_link ? false : true
 
-  service_endpoints = [
-    "Microsoft.Sql",
-    "Microsoft.Storage",
-    "Microsoft.KeyVault"
-  ]
+  service_endpoints = concat(
+    ["Microsoft.Sql", "Microsoft.KeyVault"],
+    var.private_link ? ["Microsoft.Storage.Global"] : ["Microsoft.Storage"]
+  )
 }
 
 resource "azurerm_subnet" "public" {

diff --git a/modules/networking/variables.tf b/modules/networking/variables.tf
@@ -57,7 +57,7 @@ variable "tags" {
 
 variable "private_link" {
   type = bool
-  description = "Specifies the Azure private link creation"
+  description = "Private link flag for multi region storage endpoint access"
 }
 
 variable "allowed_ip_ranges" {

diff --git a/variables.tf b/variables.tf
@@ -245,6 +245,17 @@ variable "parquet_wandb_env" {
   default     = {}
 }
 
+
+###################
+# private link    #
+###################
+
+variable "create_private_link" {
+  type        = bool
+  default     = true
+  description = "Use for the azure private link."
+}
+
 variable "cluster_sku_tier" {
   type        = string
   description = "The Azure AKS SKU Tier to use for this cluster (https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers)"