Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug/Help Needed: Private Enpoint Exposes only one NIC IP address #4464

Open
mehighlow opened this issue Nov 22, 2024 · 0 comments
Open

Bug/Help Needed: Private Enpoint Exposes only one NIC IP address #4464

mehighlow opened this issue Nov 22, 2024 · 0 comments
Labels
bug 🪲 Something isn't working needs-triage 🔍

Comments

@mehighlow
Copy link
Contributor

mehighlow commented Nov 22, 2024

Describe the bug

Private Endpoint Integration for CosmosDB exposes only one NIC IP address. However, a Private Endpoint for CosmosDB might create more than one NIC + IP address.

Automation can be leveraged to create just one DNS record for PrimaryNicPrivateIpAddress:

│   ├── OperatorSpec: *Object (3 properties)
│   │   ├── ConfigMapExpressions: *core.DestinationExpression[]
│   │   ├── ConfigMaps: *Object (1 property)
│   │   │   └── PrimaryNicPrivateIpAddress: *genruntime.ConfigMapDestination

although both IP addresses remain valid for establishing connections:

Image

The issue arises using CosmosDB client (Azure SDK for .NET). By default, client has the LimitToEndpointProperty set to false. This configuration instructs the SDK to automatically discover write and read regions and use them when the configured application region is unavailable. In my case, the application opted to use the regional FQDN, even though the endpoint connection was configured as global. This behavior can be addressed by setting the LimitToEndpointProperty to true, but this adjustment requires knowing what to look for.

Azure Service Operator Version: 2.9.0

Expected behavior

Both regional and global IP addresses are exposed, required FQDN records exposed.

To Reproduce

Deploy CosmosDB with Private Endpoint integration. Use the Azure SDK for .NET to establish a connection to the database with default settings. Observe that the client selects the regional endpoint, even though the supplied database FQDN is global.

Screenshots

N/A

Additional context

N/A

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug 🪲 Something isn't working needs-triage 🔍
Projects
Development

No branches or pull requests

1 participant