246 - Network Security rules onboarding (!776) · Merge requests · OSDU Software / OSDU Data Platform / Deployment and Operations / infra-azure-provisioning · GitLab

Arturo Hernandez [EPAM] requested to merge feature/ah-246-pe-redis into master Feb 02, 2023

Infrastructure Submissions:

[YES] Have you added an explanation of what your changes do and why you'd like us to include them?
[YES] I have updated the documentation accordingly.
[YES] I have added tests to cover my changes.
[YES] All new and existing tests passed.
[YES] I have formatted the terraform code. (terraform fmt -recursive && go fmt ./...)

Current Behavior or Linked Issues

Related to: #246 (closed)

Backend managed services should have restricted connectivity (Cosmos, redis, kv, postgres), only AKS nodes should be able to reach those.
For development environments flag can be disabled to allow public network access.
Implemented private_endpoints.tf at service resources for redis resources mapping.
Created docs to manage the backend_services_accesses enable.

Does this introduce a breaking change?

[NO] However, there might be a service downtime when appliying this changes in Redis, already documented how to overcome this in docs/upgrades/private_endpoints.md

DNS Cache must be flushed in the pod and sdk to take new ip of private endpoint.

MR Guildelines

Paste TF Plan for the MR.

sr-plan.txt it is the only affected stage as for now.

Pre-Merge pipeline should be run before merging. (Azure team) - [https://dev.azure.com/osdu-demo/OSDU_Rx/_build/results?buildId=263952&view=results]
Does the module exists for new resource. N/A - managed in different tf file
Is there a new variable added in the MR. backend_network_access_enabled to control whether or not backend resources should be reachable.

Other information

Precursor for this mr: !770 (closed)

Edited Mar 08, 2023 by Arturo Hernandez [EPAM]