From 9c288219a5c42613a76948096409ad2a6f6de16c Mon Sep 17 00:00:00 2001 From: Aman Pruthi Date: Mon, 24 Jun 2024 17:02:37 +0530 Subject: [PATCH] feat: Added storage account private endpoint (#59) Added storage account cross region access from private subnet --- README.md | 2 +- main.tf | 9 ++++----- modules/networking/main.tf | 9 ++++----- modules/networking/variables.tf | 2 +- variables.tf | 11 +++++++++++ 5 files changed, 21 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 8e612cc..b6283ff 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ resources that lack official modules. | [azuremonitor](#input\_azuremonitor) | # To support otel azure monitor sql and redis metrics need operator-wandb chart minimum version 0.14.0 | `bool` | `true` | no | | [blob\_container](#input\_blob\_container) | Use an existing bucket. | `string` | `""` | no | | [cluster\_sku\_tier](#input\_cluster\_sku\_tier) | The Azure AKS SKU Tier to use for this cluster (https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers) | `string` | `"Free"` | no | -| [create\_private\_link](#input\_create\_private\_link) | Use for the azure private link. | `bool` | `false` | no | +| [create\_private\_link](#input\_create\_private\_link) | Use for the azure private link. | `bool` | `true` | no | | [create\_redis](#input\_create\_redis) | Boolean indicating whether to provision an redis instance (true) or not (false). | `bool` | `false` | no | | [database\_availability\_mode](#input\_database\_availability\_mode) | n/a | `string` | `"SameZone"` | no | | [database\_sku\_name](#input\_database\_sku\_name) | Specifies the SKU Name for this MySQL Server | `string` | `"GP_Standard_D4ds_v4"` | no | diff --git a/main.tf b/main.tf index 20b8ac4..555351f 100644 --- a/main.tf +++ b/main.tf @@ -27,6 +27,7 @@ module "networking" { private_link = var.create_private_link allowed_ip_ranges = var.allowed_ip_ranges tags = var.tags + } module "database" { @@ -72,16 +73,14 @@ module "vault" { } module "storage" { - count = (var.blob_container == "" && var.external_bucket == null) ? 1 : 0 - source = "./modules/storage" - + count = (var.blob_container == "" && var.external_bucket == null) ? 1 : 0 + source = "./modules/storage" namespace = var.namespace resource_group_name = azurerm_resource_group.default.name location = azurerm_resource_group.default.location create_queue = !var.use_internal_queue deletion_protection = var.deletion_protection - - tags = var.tags + tags = var.tags } module "app_lb" { diff --git a/modules/networking/main.tf b/modules/networking/main.tf index 50c2d86..a5f2bc5 100644 --- a/modules/networking/main.tf +++ b/modules/networking/main.tf @@ -15,11 +15,10 @@ resource "azurerm_subnet" "private" { virtual_network_name = azurerm_virtual_network.default.name private_link_service_network_policies_enabled = var.private_link ? false : true - service_endpoints = [ - "Microsoft.Sql", - "Microsoft.Storage", - "Microsoft.KeyVault" - ] + service_endpoints = concat( + ["Microsoft.Sql", "Microsoft.KeyVault"], + var.private_link ? ["Microsoft.Storage.Global"] : ["Microsoft.Storage"] + ) } resource "azurerm_subnet" "public" { diff --git a/modules/networking/variables.tf b/modules/networking/variables.tf index 7352f45..af10679 100644 --- a/modules/networking/variables.tf +++ b/modules/networking/variables.tf @@ -57,7 +57,7 @@ variable "tags" { variable "private_link" { type = bool - description = "Specifies the Azure private link creation" + description = "Private link flag for multi region storage endpoint access" } variable "allowed_ip_ranges" { diff --git a/variables.tf b/variables.tf index 33e8017..96e7a58 100644 --- a/variables.tf +++ b/variables.tf @@ -245,6 +245,17 @@ variable "parquet_wandb_env" { default = {} } + +################### +# private link # +################### + +variable "create_private_link" { + type = bool + default = true + description = "Use for the azure private link." +} + variable "cluster_sku_tier" { type = string description = "The Azure AKS SKU Tier to use for this cluster (https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers)"