Azure
/
data-management-zone
зеркало из https://github.com/Azure/data-management-zone.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #44 from Azure/firewall_policy_databricks 

Updated firewall policy for ADB
This commit is contained in:
Marvin Buss 2021-02-17 09:31:18 +01:00 коммит произвёл GitHub
Родитель dce96a9c59 ba6b94f779
Коммит d80c2bff71
1 изменённых файлов: 146 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

146
infra/FirewallPolicy/deploy.firewallPolicy.json
Просмотреть файл

@ -169,6 +169,67 @@
"443"
],
"description": "Allow OAuth flow for the User to the Workspace Private Endpoint and features like Mount Points, Credential Passthrough, etc."
},
{
"name": "Databricks-NetworkRule-002",
"ruleType": "NetworkRule",
"ipProtocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"sourceIpGroups": [],
"destinationAddresses": [
"AzureDatabricks",
"Storage"
],
"destinationIpGroups": [],
"destinationFqdns": [],
"destinationPorts": [
"443"
],
"description": "Required for workers communication with Azure Storage services and Databricks Webapp"
},
{
"name": "Databricks-NetworkRule-003",
"ruleType": "NetworkRule",
"ipProtocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"sourceIpGroups": [],
"destinationAddresses": [
"Sql"
],
"destinationIpGroups": [],
"destinationFqdns": [],
"destinationPorts": [
"3306"
],
"description": "Required for workers communication with Azure SQL services"
},
{
"name": "Databricks-NetworkRule-004",
"ruleType": "NetworkRule",
"ipProtocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"sourceIpGroups": [],
"destinationAddresses": [
"EventHub"
],
"destinationIpGroups": [],
"destinationFqdns": [],
"destinationPorts": [
"9093"
],
"description": "Required for workers communication with Azure Eventhub services"
}
]
}
@ -377,6 +438,91 @@
"description": "Allows download of SHIR install script from GitHub"
}
]
},
{
"name": "Databricks-ApplicationRules",
"priority": 20400,
"action": {
"type": "Allow"
},
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"name": "Databricks-ApplicationRule-001",
"ruleType": "ApplicationRule",
"protocols": [
{
"protocolType": "Http",
"port": 80
},
{
"protocolType": "Https",
"port": 443
}
],
"fqdnTags": [],
"targetFqdns": [
"tunnel.australiaeast.azuredatabricks.net",
"tunnel.brazilsouth.azuredatabricks.net",
"tunnel.canadacentral.azuredatabricks.net",
"tunnel.centralindia.azuredatabricks.net",
"tunnel.eastus2.azuredatabricks.net",
"tunnel.eastus2c2.azuredatabricks.net",
"tunnel.eastusc3.azuredatabricks.net",
"tunnel.centralusc2.azuredatabricks.net",
"tunnel.northcentralusc2.azuredatabricks.net",
"tunnel.southeastasia.azuredatabricks.net",
"tunnel.francecentral.azuredatabricks.net",
"tunnel.japaneast.azuredatabricks.net",
"tunnel.koreacentral.azuredatabricks.net",
"tunnel.northeuropec2.azuredatabricks.net",
"tunnel.westus.azuredatabricks.net",
"tunnel.westeurope.azuredatabricks.net",
"tunnel.westeuropec2.azuredatabricks.net",
"tunnel.southafricanorth.azuredatabricks.net",
"tunnel.switzerlandnorth.azuredatabricks.net",
"tunnel.uaenorth.azuredatabricks.net",
"tunnel.ukwest.azuredatabricks.net"
],
"targetUrls": [],
"terminateTLS": false,
"sourceAddresses": [
"*"
],
"destinationAddresses": [],
"sourceIpGroups": [],
"description": "Allows Secure Cluster Connectivity option"
},
{
"name": "Databricks-ApplicationRule-002",
"ruleType": "ApplicationRule",
"protocols": [
{
"protocolType": "Http",
"port": 80
},
{
"protocolType": "Https",
"port": 443
}
],
"fqdnTags": [],
"targetFqdns": [
"archive.ubuntu.com",
"github.com",
"*.maven.apache.org",
"conjars.org"
],
"targetUrls": [],
"terminateTLS": false,
"sourceAddresses": [
"*"
],
"destinationAddresses": [],
"sourceIpGroups": [],
"description": "Allows Databricks Setup Notebook to run successfully"
}
]
}
]
}