Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Basic VNET integration and security improvements #27

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

ajackfox
Copy link

This PR creates the Container Apps Environment in a /23 CIDR 10.x VNET, locks down the storage account so only that VNET can access it, and ensures the storage account and SQL server enforce using TLS 1.2 only.

@ajackfox ajackfox requested a review from a team as a code owner May 25, 2022 19:08
@ghost
Copy link

ghost commented May 25, 2022

CLA assistant check
All CLA requirements met.

@johnnyreilly
Copy link

What's the advantage of using a VNet? Feels potentially unnecessary?

@jschluchter
Copy link
Member

What's the advantage of using a VNet? Feels potentially unnecessary?

Most Azure customers use VNETs. Not all will need this requirement, but many will.

@lynn-orrell
Copy link
Contributor

What's the advantage of using a VNet? Feels potentially unnecessary?

Actually, this is great. Many customers need things deployed in a completely private manner or in a manner that has access to other resources within the vnet. We can use this as a basis for adding a "private" flag or similar that will allow deployment of the solution into a vnet with private endpoints for the ancillary services. The default can still be public, but having a private option is great.

@johnnyreilly
Copy link

Having public and private options available would be awesome

@alicejgibbons
Copy link
Contributor

Agreed. I would be happy to merge this if there was a "private" option in the deploy.sh file that users could toggle between.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants