azure-service-operator icon indicating copy to clipboard operation
azure-service-operator copied to clipboard

Published 20 hours ago verified publisher icon Azure

Allow support for Private Endpoints

Open mkosieradzki opened this issue 5 years ago • 3 comments

Users should be able to create service, e.g. database, storage account or key vault together with a private endpoint. Private DNS zone should be created, integrated with the private endpoint and associated with cluster vnet.

This CRD extension should expose an annotation that will trigger creation of a Network Policy rule allowing egress connectivity to this private endpoint IP addresses to all pods (or custom selector) in the namespace owning the resource.

mkosieradzki avatar Jun 25 '20 23:06 mkosieradzki

Redis should be included in the above list as well

matthchr avatar Jan 29 '21 21:01 matthchr

I think this is a security feature which can be a blocker to use azure-service-operator for redis. Same for postgresql, the only difference is that it is possible to configure a vnet for postgresql.

cpflaume avatar Aug 12 '21 12:08 cpflaume

This seems very similar to #2159. We think this needs to be done for ASOv2. We will not be doing this for ASOv1 as it is in maintenance mode.

matthchr avatar Mar 14 '22 20:03 matthchr

This should be unblocked now that #2323 has been merged; I'll self assign with an aim of doing this post beta.4.

theunrepentantgeek avatar Dec 13 '22 03:12 theunrepentantgeek

closed by #2733

super-harsh avatar Apr 17 '23 23:04 super-harsh