Issue #246 - Keyvault PrivateEndpoint (!825) · Merge requests · OSDU Software / OSDU Data Platform / Deployment and Operations / infra-azure-provisioning

Arturo Hernandez [EPAM] requested to merge 246-ah/kv-privatelinks into master Mar 30, 2023

All Submissions:

[YES] Have you added an explanation of what your changes do and why you'd like us to include them?
[YES] I have updated the documentation accordingly.
[YES] My code follows the code style of this project.

Current Behavior or Linked Issues

This is related to #246 (closed), basically, will use private endpoints for keyvault resources.

Variable backend_access, can be either enabled or disabled to allow public access, by default backend access it is enabled, some customers are using azure devops pipelines to maintain their code, and these pipelines require access to some backend resources, nevertheless, there is option to not allow access to the backend resources, and just have access through private endpoints.

Does this introduce a breaking change?

[NO]

This change should be transparent to the client if backend access it is enabled, we noticed just few random errors in some pods about resolution, however those can be easily workarounded by restarting pods.
If the backend access it is disabled, you will need to restart pods to be able to properly resolve to the new private endpoint ip address and retrieve secrets again for the CSI provider as well as the app keyvault retrieval.

Other information

Related to #246 (closed) (for keyvault accesses)

Issue #246 - Keyvault PrivateEndpoint

All Submissions:

Current Behavior or Linked Issues

Does this introduce a breaking change?

Other information

Merge request reports