Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose Private IP Address as exported attribute in azurerm_private_endpoint #5622

Closed
jeffddix opened this issue Feb 5, 2020 · 2 comments · Fixed by #5838
Closed

Expose Private IP Address as exported attribute in azurerm_private_endpoint #5622

jeffddix opened this issue Feb 5, 2020 · 2 comments · Fixed by #5838
Assignees
@WodansSon

Comments

@jeffddix
Copy link

jeffddix commented Feb 5, 2020

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When creating a Private Endpoint, a common use case is to create a Private DNS Zone that overrides the Azure PaaS FQDN with the private IP address from the private endpoint. For example, if I have an Azure Storage Account mystorageaccount and I have a Private Endpoint in my VNET, I would create a Private DNS Zone for blob.core.windows.net and create an DNS A-Record for mystorageaccount with the Private Endpoint private IP address.

When I use azurerm_private_endpoint to create the Private Endpoint, the only exported attribute is the Resource ID. To find the private IP address of the private endpoint I need to use a azurerm_private_endpoint_connection. Here is where I get into problems. The azurerm_private_endpoint_connection is a data reference, so I need to set a dependency on the azurerm_private_endpoint or there will be a runtime failure as the private endpoint has not been created yet, and the data reference is null.

By setting the dependency between the two, Terraform will not attempt to reference the azurerm_private_endpoint_connection until it is first used, which in the example I have below will not be until after the azurerm_private_endpoint is created. Because Terraform cannot resolve the azurerm_private_endpoint_connection until the execution phase, it means everytime I run this Terraform configuration, the plan phase says it needs to make a change. If I have the private IP address of the private endpoint in a DNS A-Record, it will update that and override the value with the same IP address each time I run terraform apply.

Providing the private IP address as an exported attribute in the azurerm_private_endpoint would remove this problem.

The following example shows how I can retrieve the private IP address of a private-link enabled AKS cluster.

# Create a private endpoint to the private AKS cluster
resource "azurerm_private_endpoint" "ple" {
  name                = "kube-apiserver"
  resource_group_name = "test-rg"
  subnet_id           = data.azurerm_subnet.ple_subnet.id

  private_service_connection {
    name                           = "kube-apiserver"
    private_connection_resource_id = azurerm_kubernetes_cluster.aks.id
    subresource_names              = [ "management" ]
    is_manual_connection           = false
  }
}

# Find the IP Address associated with the private endpoint created above
data "azurerm_private_endpoint_connection" "ple_connection" {
  name                = "kube-apiserver"
  resource_group_name = "test-rg"
  depends_on          = [ azurerm_private_endpoint.ple ]
}

# Create a local variable to the private IP address
locals {
  kube_ple_ip = data.azurerm_private_endpoint_connection.ple_connection.private_service_connection.0.private_ip_address
}

# Create a DNS A-Record using the private IP address
resource "azurerm_private_dns_a_record" "aks_dns_record" {
  name                = "aks-fqdn"
  zone_name           = azurerm_private_dns_zone.build_server_dns_zone.name
  resource_group_name = "test-rg"
  ttl                 = 3600
  records             = [ local.kube_ple_ip ]
}

New or Affected Resource(s)

  • azurerm_1.43.0

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

Private Endpoint exported attribute
@njuCZ njuCZ mentioned this issue Feb 21, 2020
Merged
@frankvdbh frankvdbh mentioned this issue Feb 24, 2020
Closed
@WodansSon WodansSon self-assigned this Feb 25, 2020
@WodansSon
Copy link
Collaborator

@jeffddix , Thank you for opening this issue however this is a duplicate of #5208 so if you don't mind I am going to go ahead and close this issue in favor of the other one as it was opened first. That will make keeping track of this request easier to maintain. Thanks again... cheers!

WodansSon added a commit that referenced this issue Feb 26, 2020
@njuCZ @WodansSon
Fixes #5622 #5208
7ca24f0 
* add `private_ip_address`

* Added computed to the private_ip_address desc

Co-authored-by: WS <[email protected]>
@johnwildes johnwildes mentioned this issue Mar 23, 2020
Closed
@ghost
Copy link

ghost commented Mar 28, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 28, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@WodansSon WodansSon

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@jeffddix @WodansSon