🔗 Supported Cloud Objects🔗 Portal🔗 REST API🔗 tuono.com

Deploy or connect an Azure MSSQL database with a discovered network.

How to add a Microsoft.Sql service endpoint and disable network policy to a discovered subnet

Overview

Tuono has the ability to discover an existing network and subnet in your infrastructure and deploy or connect to an Azure MSSQL database. Since we treat discovered networks as read only objects you are required to configure the network manually to prepare it for database usage.

Azure MSSQL requires the following subnet configuration that will not automatically be configured in a read only network.

  1. Subnet with a 'Microsoft.Sql/managedInstances' endpoint.

  2. Subnet with privateEndpointNetworkPolicies disabled

Error message

When attempting to deploy a Microsoft Azure MSSQL database to a discovered network you will receive the following errors:

Service Endpoint missing

Apply DB in azure :: end :: failure

error in managed.database.<DATABASE_NAME>

Subnet <SUBNET_NAME> must have a 'Microsoft.Sql' service endpoint.

Add a Microsoft.Sql service endpoint to the subnet, or do not make the subnet readonly.

Network policy enabled

Apply mssql in azure :: end :: failure

error in compute.nic.<NIC_NAME>

Subnet <SUBNET_NAME> cannot have private endpoints with network policies enabled.

Disable private endpoint network policies for the subnet, or do not make the subnet readonly.

Resolution

Execute the following azure cli commands to configure the targeted subnet.

  1. Open an Azure shell console https://shell.azure.com/.

  2. Set your account subscription in cloud shell

az account set --subscription <mysubscription>

  1. Add a Microsoft.SQL endpoint to your subnet by executing a subnet update command in cloud shell.

az network vnet subnet update --name <SUBNET_NAME> --resource-group <RESOURCE_GROUP_NAME> --vnet-name <vNET_NAME> --service-endpoints "Microsoft.Sql"

4. Disable network policies for private endpoints.

az network vnet subnet update --name <SUBNET_NAME> --resource-group <RESOURCE_GROUP_NAME> --vnet-name <vNET_NAME> --disable-private-endpoint-network-policies true

  1. Re-run the Tuono job.

PreviousDatabaseNextDeploy or connect an Azure Managed Instance database with a discovered network.

Last updated

Was this helpful?