Open davidmonk-cbts opened 9 months ago
You can deploy without the 6598 address space. The VNET address spaces are array input (in the parameters.json file), therefore you can just add RFC 1918 spaces.
We tried that. The problem came in with the identity deployment also requiring that item. It appears to be required by the schema.
David Monk
Cloud Architect – Cloud Engineering
From: Senthuran Sivananthan @.> Sent: Friday, December 1, 2023 1:22:57 PM To: Azure/CanadaPubSecALZ @.> Cc: Monk, David @.>; Author @.> Subject: Re: [Azure/CanadaPubSecALZ] RFC 6598 (Issue #391)
You can deploy without the 6598 address space. The VNET address spaces are array input (in the parameters.json file), therefore you can just add RFC 1918 spaces.
— Reply to this email directly, view it on GitHubhttps://github.com/Azure/CanadaPubSecALZ/issues/391#issuecomment-1836650236, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A45BXCUL4JIYOXGUCAZTM7DYHIVBDAVCNFSM6AAAAAA6TB2N52VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMZWGY2TAMRTGY. You are receiving this because you authored the thread.Message ID: @.***>
@tredell wondering if there's a way to make RFC 6598 references optional? Do you have a suggestion?
@dmonkcbts, in the interim, you may have to comment out those lines in the Bicep and create a custom implementation for your requirements.
@dmonkcbts is the identity deployment failing on the UDR configuration?
If yes, we can try splitting out 'SpokeUdrHubRFC6598FWRoute' config (lines 208-216 in the Identity networking bicep file) and making it a conditional union based on if the variable is blank "" or has an IP range in it.
I believe so. I am not the one deploying this. I only configured the network portion as the customer wanted to use Palo Alto firewalls instead of Azure or Fortigate. I had to make some extensive changes myself to accommodate their design, with no inter-department or public access. Therefore, there is no need for 6598. Those managing the identity deployment just told me it required 6598 space.
David Monk
Cloud Architect – Cloud Engineering
From: Barrington Willis @.> Sent: Monday, December 4, 2023 9:36 AM To: Azure/CanadaPubSecALZ @.> Cc: Monk, David @.>; Mention @.> Subject: Re: [Azure/CanadaPubSecALZ] RFC 6598 (Issue #391)
@dmonkcbtshttps://github.com/dmonkcbts is the identity deployment failing on the UDR configuration?
If yes, we can try splitting out 'SpokeUdrHubRFC6598FWRoute' config (lines 208-216 in the Identity networking bicep file) and making it a conditional union based on if the variable is blank "" or has an IP range in it.
— Reply to this email directly, view it on GitHubhttps://github.com/Azure/CanadaPubSecALZ/issues/391#issuecomment-1838902105, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A45BXCXF6VABKEVQS7VSKE3YHXUY3AVCNFSM6AAAAAA6TB2N52VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMZYHEYDEMJQGU. You are receiving this because you were mentioned.Message ID: @.***>
The parameter is set as required in line 137 in schema for Identity archetype.
And yes, as David mentioned if we try to omit the parameter the deployment fails on schema verification (obviously)
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 7 days.
Is there a way to have a deployment of this configuration without any utilization of the 6598 space? At this time, a customer we have will have this Azure deployment with no inter-department or external connections at all.