Skip to content

Commit 0a22fd3

Browse files
author
sivakami
committed
Private endpoints.
1 parent ec0075a commit 0a22fd3

File tree

3 files changed

+83
-0
lines changed

3 files changed

+83
-0
lines changed
Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
#!/usr/bin/env bash
2+
set -e
3+
trap 'echo "[ERROR] Failed during Private Endpoint or DNS setup." >&2' ERR
4+
5+
SUBSCRIPTION_ID=$1
6+
LOCATION=$2
7+
RG=$3
8+
SA1_NAME=$4 # from previous script (storage account 1)
9+
SA2_NAME=$5 # from previous script (storage account 2)
10+
VNET_A1="cx_vnet_a1"
11+
12+
SUBNET_PE_A1="pe"
13+
PE_NAME="${SA1_NAME}-pe"
14+
PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net"
15+
LINK_NAME="${VNET_A1}-link"
16+
17+
echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE"
18+
az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none \
19+
&& echo "[OK] DNS zone $PRIVATE_DNS_ZONE created."
20+
21+
echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET_A1"
22+
az network private-dns link-vnet create \
23+
-g "$RG" -n "$LINK_NAME" \
24+
--zone-name "$PRIVATE_DNS_ZONE" \
25+
--virtual-network "$VNET_A1" \
26+
--registration-enabled false --output none \
27+
&& echo "[OK] Linked DNS zone to $VNET_A1."
28+
29+
echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME"
30+
SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv)
31+
az network private-endpoint create \
32+
-g "$RG" -n "$PE_NAME" -l "$LOCATION" \
33+
--vnet-name "$VNET_A1" --subnet "$SUBNET_PE_A1" \
34+
--private-connection-resource-id "$SA1_ID" \
35+
--group-id blob \
36+
--connection-name "${PE_NAME}-conn" \
37+
--output none \
38+
&& echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME."
39+
40+
echo "==> Linking Private Endpoint to DNS zone"
41+
NIC_ID=$(az network private-endpoint show -g "$RG" -n "$PE_NAME" --query 'networkInterfaces[0].id' -o tsv)
42+
FQDN=$(az storage account show -g "$RG" -n "$SA1_NAME" --query 'primaryEndpoints.blob' -o tsv | sed 's#https://##; s#/##')
43+
PRIVATE_IP=$(az network nic show --ids "$NIC_ID" --query 'ipConfigurations[0].privateIpAddress' -o tsv)
44+
45+
az network private-dns record-set a add-record \
46+
-g "$RG" -z "$PRIVATE_DNS_ZONE" -n "$FQDN" -a "$PRIVATE_IP" --output none \
47+
&& echo "[OK] Added Private DNS record for $SA1_NAME$PRIVATE_IP"
48+
49+
echo "Private Endpoint setup complete for $SA1_NAME (accessible only within VNet A1)."

.pipelines/swiftv2-long-running/scripts/create_storage.sh

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,3 +30,7 @@ for SA in "$SA1" "$SA2"; do
3030
done
3131

3232
echo "All storage accounts created successfully."
33+
set +x
34+
echo "##vso[task.setvariable variable=StorageAccount1;isOutput=true]$SA1"
35+
echo "##vso[task.setvariable variable=StorageAccount2;isOutput=true]$SA2"
36+
set -x

.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,7 @@ stages:
9292
steps:
9393
- checkout: self
9494
- task: AzureCLI@2
95+
name: CreateStorageTask
9596
displayName: "Run create_storage.sh"
9697
inputs:
9798
azureSubscription: ${{ parameters.serviceConnection }}
@@ -102,6 +103,9 @@ stages:
102103
${{ parameters.subscriptionId }}
103104
${{ parameters.location }}
104105
${{ parameters.resourceGroupName }}
106+
outputs:
107+
StorageAccount1: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount1'] ]
108+
StorageAccount2: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount2'] ]
105109

106110
# ------------------------------------------------------------
107111
# Job 5: Create NSG
@@ -124,3 +128,29 @@ stages:
124128
${{ parameters.subscriptionId }}
125129
${{ parameters.resourceGroupName }}
126130
${{ parameters.location }}
131+
# ------------------------------------------------------------
132+
# Job 6: Create Private Endpoint
133+
# ------------------------------------------------------------
134+
- job: Create_PrivateEndpoint
135+
displayName: "Create Private Endpoint for Storage"
136+
dependsOn: Create_Storage
137+
pool:
138+
vmImage: ubuntu-latest
139+
variables:
140+
StorageAccount1: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount1'] ]
141+
StorageAccount2: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount2'] ]
142+
steps:
143+
- checkout: self
144+
- task: AzureCLI@2
145+
displayName: "Run create_private_endpoint.sh"
146+
inputs:
147+
azureSubscription: ${{ parameters.serviceConnection }}
148+
scriptType: bash
149+
scriptLocation: scriptPath
150+
scriptPath: ".pipelines/swiftv2-long-running/scripts/create_private_endpoint.sh"
151+
arguments: >
152+
${{ parameters.subscriptionId }}
153+
${{ parameters.location }}
154+
${{ parameters.resourceGroupName }}
155+
$(StorageAccount1)
156+
$(StorageAccount2)

0 commit comments

Comments
 (0)