We deploy PostgreSQL servers for our customers using ARM templates and the public/private implementation for flexible server is very confusing. For single servers we use service endpoints to secure public servers and private endpoints to secure the private ones. With flexible there is no way to restrict the public servers to be allowed from VNET only, IP whitelisting doesn't make any sense. Of course we could use the private access mode to secure the traffic, but the implementation is very complicated. Dedicated subnet and private DNS zone requirements make this task impossible to automate. We can't create subnets or private DNS zones in our customer's subscription just for this purpose.
Please consider to remove the dedicated subnet requirement and implement public DNS support instead of private DNS for private access mode like in AKS.
We deploy PostgreSQL servers for our customers using ARM templates and the public/private implementation for flexible server is very confusing. For single servers we use service endpoints to secure public servers and private endpoints to secure the private ones. With flexible there is no way to restrict the public servers to be allowed from VNET only, IP whitelisting doesn't make any sense. Of course we could use the private access mode to secure the traffic, but the implementation is very complicated. Dedicated subnet and private DNS zone requirements make this task impossible to automate. We can't create subnets or private DNS zones in our customer's subscription just for this purpose.
Please consider to remove the dedicated subnet requirement and implement public DNS support instead of private DNS for private access mode like in AKS.