Enterprise-Scale icon indicating copy to clipboard operation
Enterprise-Scale copied to clipboard
verified publisher icon Azure

Policy Deploy-Private-DNS-Zones missing notebooks for azure machine learning workspace

Open steph409 opened this issue 2 years ago • 6 comments

The initiative Deploy-Private-DNS-Zones is missing the DNS entry for privatelink.notebooks.azure.net

The machine learning workspace, as per documentation, needs entries in two private DNS zones, privatelink.api.azureml.ms and privatelink.notebooks.azure.net.

Currently, the initiative Deploy-Private-DNS-Zones uses a built-in policy only takes care of the first one. I was not able to find a built-in policy that would do the trick.

When I deployed the private Machine learning workspace, while connecting, I got the following error message: ml_demo_error

When I manually add the private DNS zone configuration for notebooks, it disappears and connection works as expected.

It would be great if this would be done automatically by the initiative as well.

steph409 avatar Nov 28 '23 08:11 steph409

Thanks @steph409 for the issue report. @Springstone can we investigate 👍

jtracey93 avatar Nov 29 '23 15:11 jtracey93

We have a related issue #1486, we'll group these together to address the issue for both. It's on the backlog and we'll resolve as soon as possible. AB#32352

Springstone avatar Dec 11 '23 13:12 Springstone

@rozkurt please investigate.

Springstone avatar Dec 18 '23 14:12 Springstone

As there is no built-in policy for Notebooks, we'll test this with a new custom policy we'll be introducing for generic Private DNS Zones, and validate that it works.

Springstone avatar Apr 29 '24 07:04 Springstone

As there is no built-in policy for Notebooks, we'll test this with a new custom policy we'll be introducing for generic Private DNS Zones, and validate that it works.

@Springstone Any ETA on that Custom Policy ?

haflidif avatar Apr 29 '24 11:04 haflidif

As there is no built-in policy for Notebooks, we'll test this with a new custom policy we'll be introducing for generic Private DNS Zones, and validate that it works.

@Springstone Any ETA on that Custom Policy ?

Am I looking at it in the wrong way or isn't this policy here https://www.azadvertizer.net/azpolicyadvertizer/ee40564d-486e-4f68-a5ca-7a621edae0fb.html Version 1.1.0 already supporting two PrivateDNSZoneGroupIDs ?

haflidif avatar Apr 29 '24 11:04 haflidif

@haflidif this was resolved and merged in this PR #1621. Closing as this is merged. Please feel free to re-open if needed. Also for any additional Private DNS Zone issues, please consider using https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Private-DNS-Generic.html which should allow you to configure private DNS zones for resources missing built-in policies.

Springstone avatar Oct 10 '24 13:10 Springstone