From ca0e3a4e43baf4801ec0d947406b05c6e35dee43 Mon Sep 17 00:00:00 2001 From: Maxim Leonovich Date: Fri, 18 Jul 2025 10:16:33 -0700 Subject: [PATCH] docs: Azure PrivateLink doc --- .../deployment/cloud/vpc/azure/_meta.js | 4 + .../cloud/vpc/azure/private-link.mdx | 75 +++++++++++++++++++ .../vpc/{azure.mdx => azure/vpc-peering.mdx} | 2 +- docs/redirects.json | 5 ++ 4 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 docs/pages/product/deployment/cloud/vpc/azure/_meta.js create mode 100644 docs/pages/product/deployment/cloud/vpc/azure/private-link.mdx rename docs/pages/product/deployment/cloud/vpc/{azure.mdx => azure/vpc-peering.mdx} (99%) diff --git a/docs/pages/product/deployment/cloud/vpc/azure/_meta.js b/docs/pages/product/deployment/cloud/vpc/azure/_meta.js new file mode 100644 index 0000000000000..a8d1280ad1997 --- /dev/null +++ b/docs/pages/product/deployment/cloud/vpc/azure/_meta.js @@ -0,0 +1,4 @@ +module.exports = { + "private-link": "Private Link", + "vpc-peering": "VNet Peering", +} \ No newline at end of file diff --git a/docs/pages/product/deployment/cloud/vpc/azure/private-link.mdx b/docs/pages/product/deployment/cloud/vpc/azure/private-link.mdx new file mode 100644 index 0000000000000..e6b329a952a93 --- /dev/null +++ b/docs/pages/product/deployment/cloud/vpc/azure/private-link.mdx @@ -0,0 +1,75 @@ +# Connecting to your VNet using Azure Private Link + +[Azure Private Link][azure-docs-private-link] enables you to access Azure PaaS services and Azure hosted customer-owned/partner services over a private endpoint in your virtual network. +To set up a Private Link connection between Cube Cloud Dedicated Infrastructure and your own VNet, +you'll need to prepare a Private Link Service, +share service details with the Cube team, and approve the incoming connection request. + +## Preparing the Private Link Service + +There are two common scenarios for preparing the Private Link Service: +- Connecting to a service in your Azure infrastructure +- Connecting to a service provided by a third party such as Snowflake, Databricks, Confluent Cloud, etc. + +In the case of your own infrastructure, please follow the [official Azure documentation][azure-docs-private-link-service] to configure the Private Link Service +behind a standard Azure Load Balancer. + +If your data source is hosted in a third-party infrastructure, please follow the vendor's documentation +for creating and managing a Private Link Service. + +## Configuring Service Visibility + +Azure Private Link Service enables you to control the visibility of your private endpoint. You'll need to configure +access permissions to allow Cube Cloud to connect to your service. + +To allow Cube Cloud access, please go to Azure Portal -> Private Link Services -> Your service -> Manage visibility +and add the following subscription ID to the allowed list: `cd69336e-c628-4a88-a56e-86900a0df732` + +Alternatively, you can configure auto-approval for faster connection establishment by adding the same subscription ID +to the auto-approval list under Manage auto-approval. + +## Gathering required information + +To request establishing a Private Link connection, please share the following information with the Cube team: + +- **Private Link Service Resource ID** (such as `/subscriptions/abc123/resourceGroups/myResourceGroup/providers/Microsoft.Network/privateLinkServices/myservice`) +- **Reference Name** for the record (such as "Snowflake-prod" or "databricks-dev") +- **Ports**: a list of ports that will be accessed through this connection +- **DNS Name** (optional): an internal DNS name of the upstream service in case SSL needs to be supported +- **Dedicated Infrastructure Region:** Private Link requires Cube to be hosted in + [dedicated infrastructure][dedicated-infra]. Please specify what region the Cube Cloud + dedicated infrastructure should be hosted in. + +If a DNS name is provided, an internal DNS record will be created pointing at the established Private Link +connection, and the service will be addressable by that name inside the Cube Cloud infrastructure. + +## Approving the connection + +The connection approval process depends on your visibility configuration: + +### Manual Approval +If you haven't configured auto-approval, the Cube Cloud team will notify you once the Private Endpoint connection request is sent. You can approve it by: + +1. Going to Azure Portal -> Private Link Center -> Private Link Services -> Your Service -> Private endpoint connections +2. Finding the pending connection from Cube Cloud +3. Clicking Approve and optionally providing an approval message + +Alternatively, you can approve the connection from the resource itself if it supports Private Link natively (e.g., Storage Accounts, SQL Databases). + +### Auto-Approval +If you've added Cube Cloud's subscription ID to the auto-approval list, the connection will be automatically approved +upon creation, and no manual action is required. + +## Using the connection + +Once the connection is established, you can access your data source by addressing it either via the +supplied DNS Name or an Azure internal DNS name returned to you by the Cube team. + +## Supported Regions + +Private Link connections are supported in all Azure regions where Cube Cloud dedicated infrastructure is available. +The Private Link Service and Private Endpoint must be in the same region as the Cube Cloud infrastructure. + +[azure-docs-private-link]: https://docs.microsoft.com/azure/private-link/ +[azure-docs-private-link-service]: https://docs.microsoft.com/azure/private-link/create-private-link-service-portal +[dedicated-infra]: /product/deployment/cloud/infrastructure#dedicated-infrastructure diff --git a/docs/pages/product/deployment/cloud/vpc/azure.mdx b/docs/pages/product/deployment/cloud/vpc/azure/vpc-peering.mdx similarity index 99% rename from docs/pages/product/deployment/cloud/vpc/azure.mdx rename to docs/pages/product/deployment/cloud/vpc/azure/vpc-peering.mdx index 7afa95ebf4fae..347ff35fb2afa 100644 --- a/docs/pages/product/deployment/cloud/vpc/azure.mdx +++ b/docs/pages/product/deployment/cloud/vpc/azure/vpc-peering.mdx @@ -1,4 +1,4 @@ -# Connecting with a VPC on Azure +# Connecting with a VNet on Azure ## Setup diff --git a/docs/redirects.json b/docs/redirects.json index ec5cd27bc8806..c55fe617861e2 100644 --- a/docs/redirects.json +++ b/docs/redirects.json @@ -1613,5 +1613,10 @@ "source": "/reference/configuration/config", "destination": "/product/configuration/reference/config", "permanent": true + }, + { + "source": "/product/deployment/cloud/vpc/azure", + "destination": "/product/deployment/cloud/vpc/azure/vpc-peering", + "permanent": true } ]