Skip to content

Commit ad2d184

Browse files
bowen5bowen5
authored
chore: Add VNet requirements for 21v
chore: Add VNet requirements for 21v
1 parent ec2f679 commit ad2d184

File tree

1 file changed

+29
-6
lines changed

1 file changed

+29
-6
lines changed

articles/spring-apps/vnet-customer-responsibilities.md

Lines changed: 29 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -33,16 +33,16 @@ The following list shows the resource requirements for Azure Spring Apps service
3333
- Don't create more than one Azure Spring Apps service instance in the same subnet.
3434
- When using a firewall to control traffic, don't block the following egress traffic to Azure Spring Apps components that operate, maintain, and support the service instance.
3535

36-
## Azure Spring Apps network requirements
36+
## Azure Global required network rules
3737

38-
| Destination Endpoint | Port | Use | Note |
39-
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|-------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|
40-
| \*:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureCloud:443 | TCP:443 | Azure Spring Apps Service Management. | Information of service instance "requiredTraffics" could be known in resource payload, under "networkProfile" section. |
41-
| \*.azurecr.io:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureContainerRegistry:443 | TCP:443 | Azure Container Registry. | Can be replaced by enabling *Azure Container Registry* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
38+
| Destination Endpoint | Port | Use | Note |
39+
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
40+
| \*:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureCloud:443 | TCP:443 | Azure Spring Apps Service Management. | Information of service instance "requiredTraffics" could be known in resource payload, under "networkProfile" section. |
41+
| \*.azurecr.io:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureContainerRegistry:443 | TCP:443 | Azure Container Registry. | Can be replaced by enabling *Azure Container Registry* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
4242
| \*.core.windows.net:443 and \*.core.windows.net:445 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - Storage:443 and Storage:445 | TCP:443, TCP:445 | Azure Files | Can be replaced by enabling *Azure Storage* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
4343
| \*.servicebus.windows.net:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - EventHub:443 | TCP:443 | Azure Event Hubs. | Can be replaced by enabling *Azure Event Hubs* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
4444

45-
## Azure Spring Apps FQDN requirements/application rules
45+
## Azure Global required FQDN / application rules
4646

4747
Azure Firewall provides the FQDN tag **AzureKubernetesService** to simplify the following configurations:
4848

@@ -56,6 +56,29 @@ Azure Firewall provides the FQDN tag **AzureKubernetesService** to simplify the
5656
| <i>packages.microsoft.com</i> | HTTPS:443 | Microsoft packages repository. |
5757
| <i>acs-mirror.azureedge.net</i> | HTTPS:443 | Repository required to install required binaries like kubenet and Azure CNI. |
5858

59+
## Microsoft Azure operated by 21Vianet required network rules
60+
61+
| Destination Endpoint | Port | Use | Note |
62+
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
63+
| \*:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureCloud:443 | TCP:443 | Azure Spring Apps Service Management. | Information of service instance "requiredTraffics" could be known in resource payload, under "networkProfile" section. |
64+
| \*.azurecr.cn:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureContainerRegistry:443 | TCP:443 | Azure Container Registry. | Can be replaced by enabling *Azure Container Registry* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
65+
| \*.core.chinacloudapi.cn:443 and \*.core.chinacloudapi.cn:445 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - Storage:443 and Storage:445 | TCP:443, TCP:445 | Azure Files | Can be replaced by enabling *Azure Storage* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
66+
| \*.servicebus.chinacloudapi.cn:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - EventHub:443 | TCP:443 | Azure Event Hubs. | Can be replaced by enabling *Azure Event Hubs* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
67+
68+
## Microsoft Azure operated by 21Vianet required FQDN / application rules
69+
70+
Azure Firewall provides the FQDN tag **AzureKubernetesService** to simplify the following configurations:
71+
72+
| Destination FQDN | Port | Use |
73+
|------------------------------------|-----------|------------------------------------------------------------------------------|
74+
| <i>*.cx.prod.service.azk8s.cn</i> | HTTPS:443 | Underlying Kubernetes Cluster management. |
75+
| <i>mcr.microsoft.com</i> | HTTPS:443 | Microsoft Container Registry (MCR). |
76+
| <i>*.data.mcr.microsoft.com</i> | HTTPS:443 | MCR storage backed by the Azure CDN. |
77+
| <i>management.chinacloudapi.cn</i> | HTTPS:443 | Underlying Kubernetes Cluster management. |
78+
| <i>login.chinacloudapi.cn</i> | HTTPS:443 | Azure Active Directory authentication. |
79+
| <i>packages.microsoft.com</i> | HTTPS:443 | Microsoft packages repository. |
80+
| <i>*.azk8s.cn</i> | HTTPS:443 | Repository required to install required binaries like kubenet and Azure CNI. |
81+
5982
## Azure Spring Apps optional FQDN for third-party application performance management
6083

6184
| Destination FQDN | Port | Use |

0 commit comments

Comments
 (0)