Skip to content
This repository was archived by the owner on Jul 28, 2025. It is now read-only.

Use Storage.Global service endpoint, add keyvault endpoint and minor refactor. #674

Merged
merged 13 commits into from
Jun 12, 2023
Merged

Use Storage.Global service endpoint, add keyvault endpoint and minor refactor. #674

Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
d704c97
Disable batch public ips and always use subnet
jsaun May 19, 2023
26055c2
Merge branch 'main' into jsaun/private-networking
jsaun May 19, 2023
127bc19
Add acr service endpoint and handle updating
jsaun Jun 9, 2023
73bd4fb
Keep public ips pending further testing
jsaun Jun 9, 2023
eb22cdb
Whitespace
jsaun Jun 9, 2023
114a1a7
Merge branch 'main' into jsaun/private-networking
jsaun Jun 9, 2023
4e7e30f
Fix version for 4.4
jsaun Jun 9, 2023
3862a3a
Merge branch 'jsaun/private-networking' of github.com:microsoft/Cromw…
jsaun Jun 9, 2023
2b179f4
Allow a user supplied subnet to override still
jsaun Jun 9, 2023
08ed5dc
Correctly update BatchNodesSubnetId
jsaun Jun 10, 2023
7691014
Add Storage.Global and KeyVault service endpoints
jsaun Jun 12, 2023
04a2dc3
Merge branch 'main' into jsaun/private-networking
jsaun Jun 12, 2023
990910a
Whitespace
jsaun Jun 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 25 additions & 20 deletions src/deploy-cromwell-on-azure/Deployer.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1293,8 +1293,6 @@ private Task AssignVmAsContributorToAppInsightsAsync(IIdentity managedIdentity,

vnetDefinition = vnetDefinition.DefineSubnet(configuration.BatchSubnetName)
.WithAddressPrefix(configuration.BatchNodesSubnetAddressSpace)
.WithAccessFromService(ServiceEndpointType.MicrosoftStorage)
.WithAccessFromService(ServiceEndpointType.MicrosoftSql)
.Attach();

var vnet = await vnetDefinition.CreateAsync();
Expand All @@ -1303,10 +1301,7 @@ private Task AssignVmAsContributorToAppInsightsAsync(IIdentity managedIdentity,
// Use the new ResourceManager sdk to add the ACR service endpoint since it is absent from the fluent sdk.
var armBatchSubnet = (await armClient.GetSubnetResource(new ResourceIdentifier(batchSubnet.Inner.Id)).GetAsync()).Value;

armBatchSubnet.Data.ServiceEndpoints.Add(new ServiceEndpointProperties()
{
Service = "Microsoft.ContainerRegistry",
});
AddServiceEndpointsToSubnet(armBatchSubnet.Data);

await armBatchSubnet.UpdateAsync(Azure.WaitUntil.Completed, armBatchSubnet.Data);

Expand Down Expand Up @@ -1825,27 +1820,37 @@ private Task<string> UpdateVnetWithBatchSubnet()
AddressPrefix = configuration.BatchNodesSubnetAddressSpace,
};

batchSubnet.ServiceEndpoints.Add(new ServiceEndpointProperties()
{
Service = "Microsoft.Storage",
});

batchSubnet.ServiceEndpoints.Add(new ServiceEndpointProperties()
{
Service = "Microsoft.Sql",
});

batchSubnet.ServiceEndpoints.Add(new ServiceEndpointProperties()
{
Service = "Microsoft.ContainerRegistry",
});
AddServiceEndpointsToSubnet(batchSubnet);

vnetData.Subnets.Add(batchSubnet);
var updatedVnet = (await vnetCollection.CreateOrUpdateAsync(Azure.WaitUntil.Completed, vnetData.Name, vnetData)).Value;

return (await updatedVnet.GetSubnetAsync(configuration.DefaultBatchSubnetName)).Value.Id.ToString();
});

private void AddServiceEndpointsToSubnet(SubnetData subnet)
{
subnet.ServiceEndpoints.Add(new ServiceEndpointProperties()
{
Service = "Microsoft.Storage.Global",
});

subnet.ServiceEndpoints.Add(new ServiceEndpointProperties()
{
Service = "Microsoft.Sql",
});

subnet.ServiceEndpoints.Add(new ServiceEndpointProperties()
{
Service = "Microsoft.ContainerRegistry",
});

subnet.ServiceEndpoints.Add(new ServiceEndpointProperties()
{
Service = "Microsoft.KeyVault",
});
}

private async Task ValidateVmAsync()
{
var computeSkus = (await generalRetryPolicy.ExecuteAsync(() =>
Expand Down