Skip to content

Commit 14b6c7c

Browse files
denniseikdenniseik
committed
include vnet links
1 parent 5e52a38 commit 14b6c7c

File tree

2 files changed

+94
-50
lines changed

2 files changed

+94
-50
lines changed

quickstart/201-machine-learning-private/main.tf

Lines changed: 91 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,4 +8,94 @@ data "azurerm_client_config" "current" {}
88
resource "azurerm_resource_group" "default" {
99
name = "${var.name}-${var.environment}-rgp"
1010
location = "${var.location}"
11-
}
11+
}
12+
13+
# Virtual network
14+
resource "azurerm_virtual_network" "default" {
15+
name = "${var.name}-${var.environment}-vnet"
16+
address_space = ["10.0.0.0/16"]
17+
location = azurerm_resource_group.default.location
18+
resource_group_name = azurerm_resource_group.default.name
19+
}
20+
21+
resource "azurerm_subnet" "mlsubnet" {
22+
name = "mlsubnet"
23+
resource_group_name = azurerm_resource_group.default.name
24+
virtual_network_name = azurerm_virtual_network.default.name
25+
address_prefixes = ["10.0.1.0/24"]
26+
enforce_private_link_endpoint_network_policies = true
27+
}
28+
29+
# DNS zones
30+
resource "azurerm_private_dns_zone" "dnsvault" {
31+
name = "privatelink.vaultcore.azure.net"
32+
resource_group_name = azurerm_resource_group.default.name
33+
}
34+
35+
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" {
36+
name = "dnsvaultlink"
37+
resource_group_name = azurerm_resource_group.default.name
38+
private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name
39+
virtual_network_id = azurerm_virtual_network.default.id
40+
}
41+
42+
resource "azurerm_private_dns_zone" "dnsstorageblob" {
43+
name = "privatelink.blob.core.windows.net"
44+
resource_group_name = azurerm_resource_group.default.name
45+
}
46+
47+
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" {
48+
name = "dnsblobstoragelink"
49+
resource_group_name = azurerm_resource_group.default.name
50+
private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name
51+
virtual_network_id = azurerm_virtual_network.default.id
52+
}
53+
54+
55+
resource "azurerm_private_dns_zone" "dnsstoragefile" {
56+
name = "privatelink.file.core.windows.net"
57+
resource_group_name = azurerm_resource_group.default.name
58+
}
59+
60+
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" {
61+
name = "dnsfilestoragelink"
62+
resource_group_name = azurerm_resource_group.default.name
63+
private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name
64+
virtual_network_id = azurerm_virtual_network.default.id
65+
}
66+
67+
resource "azurerm_private_dns_zone" "dnscontainerregistry" {
68+
name = "privatelink.azurecr.io"
69+
resource_group_name = azurerm_resource_group.default.name
70+
}
71+
72+
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" {
73+
name = "dnscrlink"
74+
resource_group_name = azurerm_resource_group.default.name
75+
private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name
76+
virtual_network_id = azurerm_virtual_network.default.id
77+
}
78+
79+
resource "azurerm_private_dns_zone" "dnsazureml" {
80+
name = "privatelink.api.azureml.ms"
81+
resource_group_name = azurerm_resource_group.default.name
82+
}
83+
84+
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" {
85+
name = "dnsazuremllink"
86+
resource_group_name = azurerm_resource_group.default.name
87+
private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name
88+
virtual_network_id = azurerm_virtual_network.default.id
89+
}
90+
91+
resource "azurerm_private_dns_zone" "dnsnotebooks" {
92+
name = "privatelink.azureml.notebooks.net"
93+
resource_group_name = azurerm_resource_group.default.name
94+
}
95+
96+
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" {
97+
name = "dnsnotebookslink"
98+
resource_group_name = azurerm_resource_group.default.name
99+
private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name
100+
virtual_network_id = azurerm_virtual_network.default.id
101+
}

quickstart/201-machine-learning-private/workspace.tf

Lines changed: 3 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ resource "azurerm_key_vault" "default" {
1212
resource_group_name = azurerm_resource_group.default.name
1313
tenant_id = data.azurerm_client_config.current.tenant_id
1414
sku_name = "premium"
15-
purge_protection_enabled = false
15+
purge_protection_enabled = true
1616

1717
network_acls {
1818
default_action = "Deny"
@@ -56,53 +56,6 @@ resource "azurerm_machine_learning_workspace" "default" {
5656
}
5757
}
5858

59-
# Virtual network
60-
resource "azurerm_virtual_network" "default" {
61-
name = "${var.name}-${var.environment}-vnet"
62-
address_space = ["10.0.0.0/16"]
63-
location = azurerm_resource_group.default.location
64-
resource_group_name = azurerm_resource_group.default.name
65-
}
66-
67-
resource "azurerm_subnet" "mlsubnet" {
68-
name = "mlsubnet"
69-
resource_group_name = azurerm_resource_group.default.name
70-
virtual_network_name = azurerm_virtual_network.default.name
71-
address_prefixes = ["10.0.1.0/24"]
72-
enforce_private_link_endpoint_network_policies = true
73-
}
74-
75-
# DNS zones
76-
resource "azurerm_private_dns_zone" "dnsvault" {
77-
name = "privatelink.vaultcore.azure.net"
78-
resource_group_name = azurerm_resource_group.default.name
79-
}
80-
81-
resource "azurerm_private_dns_zone" "dnsstorageblob" {
82-
name = "privatelink.blob.core.windows.net"
83-
resource_group_name = azurerm_resource_group.default.name
84-
}
85-
86-
resource "azurerm_private_dns_zone" "dnsstoragefile" {
87-
name = "privatelink.file.core.windows.net"
88-
resource_group_name = azurerm_resource_group.default.name
89-
}
90-
91-
resource "azurerm_private_dns_zone" "dnscontainerregistry" {
92-
name = "privatelink.azurecr.io"
93-
resource_group_name = azurerm_resource_group.default.name
94-
}
95-
96-
resource "azurerm_private_dns_zone" "dnsazureml" {
97-
name = "privatelink.api.azureml.ms"
98-
resource_group_name = azurerm_resource_group.default.name
99-
}
100-
101-
resource "azurerm_private_dns_zone" "dnsnotebooks" {
102-
name = "privatelink.azureml.notebooks.net"
103-
resource_group_name = azurerm_resource_group.default.name
104-
}
105-
10659
# Private endpoints
10760
resource "azurerm_private_endpoint" "keyvault_ple" {
10861
name = "${var.name}-${var.environment}-kv-ple"
@@ -181,7 +134,7 @@ resource "azurerm_private_endpoint" "cr_ple" {
181134
}
182135

183136
resource "azurerm_private_endpoint" "ml_ple" {
184-
name = "${var.name}-${var.environment}-ple"
137+
name = "${var.name}-${var.environment}-ml-ple"
185138
location = azurerm_resource_group.default.location
186139
resource_group_name = azurerm_resource_group.default.name
187140
subnet_id = azurerm_subnet.mlsubnet.id
@@ -200,4 +153,5 @@ resource "azurerm_private_endpoint" "ml_ple" {
200153
subresource_names = [ "amlworkspace" ]
201154
is_manual_connection = false
202155
}
156+
203157
}

0 commit comments

Comments
 (0)