Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure Databricks all-in-template for private link needs to have AzureDatabricks service tag removed from the NSG definition. #13701

Open
brucenelson6655 opened this issue Jan 16, 2024 · 1 comment

Comments

@brucenelson6655
Copy link

--------------------MESSAGE FROM ADMIN, DELETE BEFORE SUBMITTING----------------------

Sorry to hear you had a bad experience with one of the templates 😟 But, in case you're just asking a question, we're happy to help. You can also check if the question might already have been asked here https://github.com/Azure/azure-quickstart-templates/issues?utf8=%E2%9C%93&q=is%3Aissue

We've created an outline of recommended sections to fill out that will help make this Pull Request awesome!

--------------------MESSAGE FROM ADMIN, DELETE BEFORE SUBMITTING----------------------

[databricks-all-in-one-template-for-vnet-injection-privateendpoin]]

Issue Details

According to the Azure Databricks Private Link documentation, setting requiredNsgRules to NoAzureDatabricksRules omits the NSG security rules that are otherwise necessary to reach the control plane (i.e. without private link).

However, when deploying the linked all-in-one template with the parameter value NoAzureDatabricksRules, the NSG deployed does have the same security rules.

Repro steps (if necessary, delete otherwise)

  1. create azure databricks WS with private link noazuredatabricksrules for NSG.
  2. observe that even though NoAzureDatabricksRules was selected the AzureDatabricks service tag remains in the NSG

If you remove the service tag from the ARM template the WS builds correcly.

@brucenelson6655
Copy link
Author

The specific change that is needed is to update the ARM template to remove the AzureDatabricks service tag definition.
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant