infra-azure-provisioning issueshttps://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues2023-04-26T13:48:46Zhttps://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/261objectId filed is not present2023-04-26T13:48:46ZDmytro KomisarobjectId filed is not presentHere [README](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/blob/master/infra/templates/osdu-r3-mvp/central_resources/README.md?plain=1#L40) says
```bash
az ad sp list --display-name ...Here [README](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/blob/master/infra/templates/osdu-r3-mvp/central_resources/README.md?plain=1#L40) says
```bash
az ad sp list --display-name $NAME --query [].objectId -ojson
```
but output json does not have ".objectId" filed. Assume just ".id" is what is needed but it definitely need to be corrected.
Also, [line 48](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/blob/master/infra/templates/osdu-r3-mvp/central_resources/README.md?plain=1#L48) says:
```bash
az ad app permission admin-consent --id $appId
```
where $appId was not set. Again, I assume this should be "appId" from line 22, but not sure about this.
Could these please be fixed.https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/260Feature - Security rules for OSDU Infrastructure - Network (ServiceBus PE)2023-07-13T13:25:32ZVasyl Leskiv [SLB]Feature - Security rules for OSDU Infrastructure - Network (ServiceBus PE)Currently the connection from AKS to Service Bus is established through public endpoint. This has the next impact on highly loaded production:
- Security (public internet traffic)
- Load & auto scaling (AKS SNAT outgoing port limitation)...Currently the connection from AKS to Service Bus is established through public endpoint. This has the next impact on highly loaded production:
- Security (public internet traffic)
- Load & auto scaling (AKS SNAT outgoing port limitation)
- Performance (latency)
Switching to Private endpoints should resolve the items above.M19 - Release 0.22Arturo Hernandez [EPAM]Srinivasan Narayananshivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/259Secret service should be required service2023-04-27T15:07:04ZArturo Hernandez [EPAM]Secret service should be required serviceThis is related to #230.
Secret service was onboarded as feature and not core service.
Secret service has being more popular and there are few ADR's which are suggesting to use secret service instead of csp specific secret solution.
I...This is related to #230.
Secret service was onboarded as feature and not core service.
Secret service has being more popular and there are few ADR's which are suggesting to use secret service instead of csp specific secret solution.
I would suggest to remove the feature flags and make secret service part of the helm charts as well as to install by default the secret service infrastructure.
## Workaround
As for now, as workaround to enable secret service we need to execute few manual steps...
1. Need to turn on the flag `secret_kv_enabled` to `true` and to create configmap with new secret service url when deploying Service Resources.
2. Create secretwhich has configuration of the new secret kV provisioned `kubectl create secret generic -n testexxon osdu-secret-svc --from-literal=SECRET_KEY_VAULT_URL=<https://secretkv.xxx.xxx>`Arturo Hernandez [EPAM]Igor Zimovets (EPAM)shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/258Application Insights (Classic) is retiring on 29 Feb 20242023-11-07T18:21:55ZVasyl Leskiv [SLB]Application Insights (Classic) is retiring on 29 Feb 2024https://github.com/azure-deprecation/dashboard/issues/141
As this change have impact on all services, we have to prepare to this in advance and make a manual (if not covered by pipelines) how to apply the change on production environmen...https://github.com/azure-deprecation/dashboard/issues/141
As this change have impact on all services, we have to prepare to this in advance and make a manual (if not covered by pipelines) how to apply the change on production environments.
It would be good to check if any changes required on services source code (AI library, etc)Arturo Hernandez [EPAM]Arturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/257Redis version 4 deprecation (deadline July 2023)2023-03-29T12:29:56ZVasyl Leskiv [SLB]Redis version 4 deprecation (deadline July 2023)Redis v4 used in OSDU will be retired soon and we have to switch to Redis v6:
https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-retired-features#redis-version-4Redis v4 used in OSDU will be retired soon and we have to switch to Redis v6:
https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-retired-features#redis-version-4Arturo Hernandez [EPAM]Igor Zimovets (EPAM)shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/256[Feature] Standardize airflow2 resources2023-08-02T22:06:09ZArturo Hernandez [EPAM][Feature] Standardize airflow2 resourcesWe are no longer using airflow1, Airflow2 was introduced in Release M9 (0.12), slowly adopted by all CSP's. We are now in M17 and still maintaining airflow1 resources.
In dp resources `airflow2_enabled` `deploy_dp_airflow` `dp_airflow_a...We are no longer using airflow1, Airflow2 was introduced in Release M9 (0.12), slowly adopted by all CSP's. We are now in M17 and still maintaining airflow1 resources.
In dp resources `airflow2_enabled` `deploy_dp_airflow` `dp_airflow_aks_version` variables are misleading, which seems to be relying one from another on data partition stages.
Variable `airflow2_enabled` will not have any effect if `deploy_dp_airflow` it is not enabled either, we have a mess of airflow options that would be wise to standardize and refactor all the infra/helm code to use only airflow2 in the upcoming releases if no one is using anymore airflow1.
cc @lucynliu @nursheikh @shivani_karipeArturo Hernandez [EPAM]Igor Zimovets (EPAM)shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/255[BUG] Deployment wiki Errors2023-02-16T11:01:14ZLucy Liu[BUG] Deployment wiki ErrorsA series of wiki errors were discovered during several rounds of greenfield deployments:
1. In Common resource deployment, Elastic setup step, the link to Elastic cloud market place is no longer valid (404 not found error). It needs to ...A series of wiki errors were discovered during several rounds of greenfield deployments:
1. In Common resource deployment, Elastic setup step, the link to Elastic cloud market place is no longer valid (404 not found error). It needs to be replaced with the self managed Elastic from market place. The statement about needing credit card for billing is no longer valid for self managed Elastic thus needs to be removed.
1. In [common resource deployment](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/tree/master/tools/rest/osduauth#docker-instructions), in the "Installed Azure Resources", step 8 is no longer needed. Instead need to add: grant “admin consent” for API permissions as needed for the ad applications created.
2. In central resource deployment step, unit tests step requires gcc to be installed first otherwise tests fail. wiki needs to add the installing gcc step as a prerequisite before unit tests step.
3. In configuration data loading step, in the prerequisite, hard-coded branch version 1.10.0 line needs to have a comment about changing it to the branch name that matches the current release being deployed
3. In configuration data loading step, the [command for running ingestion dag](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/blob/master/docs/configuration-data.md#ingest-manifest-dags) needs to be changed from "python" to "python3" or setting up alias to link python to pythion3 on the deployment machine following this [guide](https://itsfoss.com/python-not-found-ubuntu/).
3. In the rest api testing step, the [script to create client secret](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/blob/master/tools/rest/README.md#http-rest-scripts) fails with permission issue. Add a description after the script about manually adding client secret in azure portal if script fails.
4. In the rest api testing step, the docker [command ](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/tree/master/tools/rest/osduauth#docker-instructions) needs to be changed to "sudo docker-compose up"Naresh JampalaNaresh Jampalahttps://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/254[BUG] "ZonalApplicationGatewayCannotReferenceNoZonePublicIP" Error in Gateway...2023-02-14T12:44:17ZLucy Liu[BUG] "ZonalApplicationGatewayCannotReferenceNoZonePublicIP" Error in Gateway DeploymentDuring a greenfield Azure OSDU deployment from the master branch dated 1/27/2023, the "ZonalApplicationGatewayCannotReferenceNoZonePublicIP" errors were observed in the Service Resources deployment step about Gateway resources, both appg...During a greenfield Azure OSDU deployment from the master branch dated 1/27/2023, the "ZonalApplicationGatewayCannotReferenceNoZonePublicIP" errors were observed in the Service Resources deployment step about Gateway resources, both appgw and istiogw. Further investigation shows, due to the azurerm version upgrade, this rule seems to be introduced for gateway resources. Adding zones for the public IP resources to the terraform config files for the gw and istiogw manually fixed the errors.Arturo Hernandez [EPAM]Igor Zimovets (EPAM)shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/253[BUG] "ApplicationGatewayRequestRoutingRulePriorityCannotBeEmpty" Errors in G...2023-02-14T12:44:18ZLucy Liu[BUG] "ApplicationGatewayRequestRoutingRulePriorityCannotBeEmpty" Errors in Gateway DeploymentDuring a greenfield Azure OSDU deployment from the master branch dated 1/27/2023, the "ApplicationGatewayRequestRoutingRulePriorityCannotBeEmpty" errors were observed in the Service Resources deployment step about Gateway resources, both...During a greenfield Azure OSDU deployment from the master branch dated 1/27/2023, the "ApplicationGatewayRequestRoutingRulePriorityCannotBeEmpty" errors were observed in the Service Resources deployment step about Gateway resources, both appgw and istiogw. Further investigation shows, due to the azurerm version upgrade, routing rule priority is a required parameter now for gateway resources. Adding them to the terraform config files manually fixed the errors.Arturo Hernandez [EPAM]Igor Zimovets (EPAM)shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/252[BUG] "AgentPoolK8sVersionNotSupported" Error in Service Resource Deployment2023-04-20T17:25:27ZLucy Liu[BUG] "AgentPoolK8sVersionNotSupported" Error in Service Resource DeploymentAKS version in Service Resource Deployment Terraform Script ("infra\templates\osdu-r3-mvp\service_resources\terraform.tfvars") needs to be updated from "1.24.0" to "1.24.3" to fix the "AgentPoolK8sVersionNotSupported" error during greenf...AKS version in Service Resource Deployment Terraform Script ("infra\templates\osdu-r3-mvp\service_resources\terraform.tfvars") needs to be updated from "1.24.0" to "1.24.3" to fix the "AgentPoolK8sVersionNotSupported" error during greenfield deployment.Arturo Hernandez [EPAM]shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/251Terraform Script for Istio Gateway Missing "aks_dns_host" in Terraform Variab...2023-01-16T21:16:47ZLucy LiuTerraform Script for Istio Gateway Missing "aks_dns_host" in Terraform Variable ConfigurationIn Service Resource deployment step, terraform variable "aks_dns_host" needs to be allowed to be customized to match the actual DNS A record. It is missing in the default "infra\templates\osdu-r3-mvp\service_resources\terraform.tfvars" f...In Service Resource deployment step, terraform variable "aks_dns_host" needs to be allowed to be customized to match the actual DNS A record. It is missing in the default "infra\templates\osdu-r3-mvp\service_resources\terraform.tfvars" file and missing in the wiki customization script for "custom.tfvars" file. This leads to the wrong Host name (default contoso.com) being added to the Backend setting in the istio gateway deployed by the istio Helm Chart in later stage.Arturo Hernandez [EPAM]Arturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/250502 Bad Gateway Error in OSDU Azure Instance Created through Greenfield Deplo...2023-02-10T23:11:23ZLucy Liu502 Bad Gateway Error in OSDU Azure Instance Created through Greenfield DeploymentAn OSDU Azure instance was created through greenfield deployment following the wiki in this project and [helm-charts-azure project](https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure). Testing in PO...An OSDU Azure instance was created through greenfield deployment following the wiki in this project and [helm-charts-azure project](https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure). Testing in POSTMan results in "502 Bad Gateway" error for all the requests sent to the deployed instance. The latest code (as of 1/5/2023) in master branch was used for deployment and DNS points to the deployed istio gateway. The same error was observed in another greenfield deployment in another region.shivani karipeNaresh Jampalashivani karipehttps://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/249[BUG] Fix ApplicationGatewayKeyVaultSecretException from Istio Gateway Deploy...2022-12-19T23:37:07ZLucy Liu[BUG] Fix ApplicationGatewayKeyVaultSecretException from Istio Gateway DeploymentIn Greenfield Azure OSDU deployment, the ApplicationGatewayKeyVaultSecretException was observed during "Service Resource" deployment step resulting to Istio gateway resource created in a failed state. Detail error message:
Error: waitin...In Greenfield Azure OSDU deployment, the ApplicationGatewayKeyVaultSecretException was observed during "Service Resource" deployment step resulting to Istio gateway resource created in a failed state. Detail error message:
Error: waiting for create/update of Application Gateway: (Name "xxxx-gw" / Resource Group "xxxx-rg"): Code="ApplicationGatewayKeyVaultSecretException" Message="Problem occured while accessing and validating KeyVault Secrets associated with Application Gateway '/subscriptions/xxxx/resourceGroups/xxxx-rg/providers/Microsoft.Network/applicationGateways/xxxx-gw'. See details below:" Details=\[{"code":"0","message":"Operation returned an invalid status code 'Forbidden'"}\]M15 - Release 0.18Arturo Hernandez [EPAM]shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/248data-partition terraform unsupported attribute error for resource "azurerm_ke...2023-01-18T16:19:21ZFabien Bosquetdata-partition terraform unsupported attribute error for resource "azurerm_key_vault_secret" "storage_account_blob_endpoint"I have an error when following the manual install of the azure infrastructure.
The issue appears when running `terraform plan` for the `data-partition` as described here.
https://community.opengroup.org/osdu/platform/deployment-and-oper...I have an error when following the manual install of the azure infrastructure.
The issue appears when running `terraform plan` for the `data-partition` as described here.
https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/blob/master/infra/templates/osdu-r3-mvp/data_partition/README.md
```
terraform plan -var-file custom.tfvars
╷
│ Warning: Deprecated attribute
│
│ on ../../../modules/providers/azure/aks/main.tf line 169, in resource "azurerm_kubernetes_cluster" "main":
│ 169: addon_profile[0].oms_agent[0].log_analytics_workspace_id
│
│ The attribute "log_analytics_workspace_id" is deprecated. Refer to the provider documentation for details.
│
│ (and one more similar warning elsewhere)
╵
╷
│ Warning: Argument is deprecated
│
│ with module.service_bus.azurerm_servicebus_namespace_authorization_rule.main,
│ on ../../../modules/providers/azure/service-bus/main.tf line 144, in resource "azurerm_servicebus_namespace_authorization_rule" "main":
│ 144: namespace_name = azurerm_servicebus_namespace.main.name
│
│ Deprecated in favor of "namespace_id"
│
│ (and 18 more similar warnings elsewhere)
╵
╷
│ Error: Unsupported attribute
│
│ on secrets.tf line 103, in resource "azurerm_key_vault_secret" "storage_account_blob_endpoint":
│ 103: value = module.storage_account.endpoint
│ ├────────────────
│ │ module.storage_account is a object
│
│ This object does not have an attribute named "endpoint".
```Arturo Hernandez [EPAM]shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/247Upgrade Terraform version to latest stable version2023-03-27T21:34:58Zshivani karipeUpgrade Terraform version to latest stable version[Terraform 0.14.4](https://releases.hashicorp.com/terraform/0.14.4/) is the version which we are now using to create the infrastructure.
* ~~To upgrade terraform to latest version `1.3.4`~~
* ~~To upgrade golang version to `1.18.8`~~
* ...[Terraform 0.14.4](https://releases.hashicorp.com/terraform/0.14.4/) is the version which we are now using to create the infrastructure.
* ~~To upgrade terraform to latest version `1.3.4`~~
* ~~To upgrade golang version to `1.18.8`~~
* ~~To upgrade azurerm provider?~~
* To upgrade azuread provider?
This initiative started to get advantage of some of the azurerm features such as the keyvault features, as well to have flexibility in the future to use newer resource attributes which may not be available in current provider version, and the terraform version upgrade it is the first step.
When we started to research destroy scenarios and greenfield scenarios, but noticed that are not available in our current azurerm provider version (2.98) only in azurerm 3.33 ():
key_vault {
purge_soft_delete_on_destroy = true
recover_soft_deleted_key_vaults = true
}
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block
This is affecting destroy scenario.
Motivation behind this (non functional requirements):
* Would recommend to take a look at this: https://www.hashicorp.com/blog/announcing-hashicorp-terraform-1-0-general-availability
* Greater performance, and terraform versions interoperability basically, new features for sensitive strings in state.
* Additionally, it is recommended by azurerm and azuread to upgrade terraform version prior to upgrade provider version.
* We would be able to upgrade provider version.
About golang upgrade:
* golang version is very old and we had seeing that time to time some library is not available anymore for go v1.12 for unit tests (2 years ago)
* Library outdate and compatibility with newer imports versions.
About providers upgrade (possibly would be nice to think about this for the near future):
* Current azurerm version: 2.98.0 / latest 3.33
* Current azuread version: 1.1.1 / latest 2.30 (2 years ago)
* Noticed some recent changes in the resources for azuread provider which are not updated in our modules and may have unexpected behavior in the future like application_ad (we already faced in the past), if you take a look at the resource for recent stable provider version it is not at all related to the module that it is being used in the community module version.
* Removed deprecated attributes in old providers
* Renamed attributes
* Superseded resources (here the resource can be deprecated or removed by the upgraded version)
Eventually, terraform community code will became obsolete if there are changes in the AzureARM api which are not compatible anymore with the azurerm/azuread providers.Arturo Hernandez [EPAM]Igor Zimovets (EPAM)Arturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/246Feature - Security rules for OSDU Infrastructure - Network2023-08-16T18:28:56ZArturo Hernandez [EPAM]Feature - Security rules for OSDU Infrastructure - Network| Done | Infra Relation | Rule |
|------|----------------|--------------------------------------------------------------------------------------------...| Done | Infra Relation | Rule |
|------|----------------|---------------------------------------------------------------------------------------------|
| !740 | NETWORK | ~~Ensure keyvault is recoverable~~ |
| !825 | NETWORK | ~~Ensure that public network access is disabled for Azure Key Vaults~~ |
| !843 | NETWORK | Ensure that Azure CosmosDB does not allow access from all networks |
| !776 | NETWORK | ~~Ensure that public network access is disabled in Redis Cache~~ |
| !776 | NETWORK | ~~Ensure that Redis Cache uses private link~~ |
| !620 #218 | NETWORK | ~~Ensure that Azure Kubernetes Service Private Clusters is enabled~~ |
| !825 | NETWORK | ~~Ensure that Azure Key Vaults use Private Links~~ |
| | NETWORK | Ensure that Postgres DB use Private Links |
| | NETWORK | Ensure that Storage Accounts use Private Links |
| !879 | NETWORK | Ensure that Event Grid uses Private Links |
* [ ] All changes must be well documented and if downtime it would be expected
* [ ] TF scripts should work without errors in greenfield environments
* [ ] If TF Brownfield apply presents any migration or downtime, to be documented
* [ ] Check if Cosmos/resource backup policies are affected by private endpointsArturo Hernandez [EPAM]Igor Zimovets (EPAM)Arturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/245Feature - Security rules for OSDU Infrastructure - Encryption2023-08-01T22:26:09ZArturo Hernandez [EPAM]Feature - Security rules for OSDU Infrastructure - EncryptionFrom EPAM security recommendations we got the following suggestions for *ENCRYPTION* to comply with:
| Done | Infra Relation | Rule |
|------|--------...From EPAM security recommendations we got the following suggestions for *ENCRYPTION* to comply with:
| Done | Infra Relation | Rule |
|------|----------------|---------------------------------------------------------------------------------------------|
| [ ] | ENCRYPTION | Ensure Storage Service Encryption is enabled for Storage Accounts |
| [ ] | ENCRYPTION | Ensure that Storage Accounts have infrastructure encryption enabled |
| [ ] | ENCRYPTION | Ensure Storage Accounts are using the latest version of TLS encryption |
| [ ] | ENCRYPTION | Ensure that "OS and Data" disks are encrypted with Customer Managed Key |
| [ ] | ENCRYPTION | Ensure that public network access is disabled in Managed Disks |
| [ ] | ENCRYPTION | Ensure that all unattached VM disks are encrypted |
| [ ] | ENCRYPTION | Ensure that Container Registries are configured to disable public network access |
| [ ] | ENCRYPTION | Ensure that Container Registries are encrypted with a customer-managed key |
All changes must be well documented and if downtime it would be expected.
Would be nice to test this in greenfield environments as well.Arturo Hernandez [EPAM]Igor Zimovets (EPAM)Siarhei Symanovich (EPAM)Aliaksei Kruk2Arturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/244Automation gaps in Release Process - Phase 32022-12-01T16:02:13ZKrishna Nikhil VedurumudiAutomation gaps in Release Process - Phase 3Automate post-deployment activities.
- [ ] Schema boostrapping - load standard schemas to the system.
- [ ] DAG upload - Upload DAGs to the airflow storage account.
- [ ] Data loading
- [ ] Standard references.
- [ ] TNO data...Automate post-deployment activities.
- [ ] Schema boostrapping - load standard schemas to the system.
- [ ] DAG upload - Upload DAGs to the airflow storage account.
- [ ] Data loading
- [ ] Standard references.
- [ ] TNO dataset
- [ ] DDMSs to use helm-charts-azure in community migrate to standard-ddms
- [ ] Implement helm-chart-azure pipeline on demand in preship and demo envs
- [ ] azure_code_coverage changes for all java servicesM15 - Release 0.18Arturo Hernandez [EPAM]shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/243Upgrade AKS/Istio in Flux based model2022-09-29T19:34:08ZVasyl Leskiv [SLB]Upgrade AKS/Istio in Flux based model- Flux based model - Istio v1.11.3 (max supported AKS version: 1.22)
- Helm based model - Istio v1.14.0 (max supported AKS version: 1.24)
As we decided to continue support Flux based model - it would be good to sync Istio version with H...- Flux based model - Istio v1.11.3 (max supported AKS version: 1.22)
- Helm based model - Istio v1.14.0 (max supported AKS version: 1.24)
As we decided to continue support Flux based model - it would be good to sync Istio version with Helm based model to be able Upgrade AKS to the latest version according to client requirement.Arturo Hernandez [EPAM]shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/242Azure AD for authentication to be used to connect to PostgresDB2022-09-02T07:50:09Zdevesh bajpaiAzure AD for authentication to be used to connect to PostgresDBAs of today Airflow uses credentials stored in KeyVault to connect to Postgres via PG bouncer service.
Customer has raised a concern regarding how Postgres DB is being used by Airflow. As recommended best practices, Azure AD for authent...As of today Airflow uses credentials stored in KeyVault to connect to Postgres via PG bouncer service.
Customer has raised a concern regarding how Postgres DB is being used by Airflow. As recommended best practices, Azure AD for authentication to be used (see https://docs.microsoft.com/en-us/azure/postgresql/single-server/concepts-azure-ad-authentication and here https://docs.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-sign-in-azure-ad-authentication).Vineeth Guna [Microsoft]Vineeth Guna [Microsoft]