Add config map support for PrivateDnsZonesARecord

[nraooptum]

When we create a private endpoint, we're able to output the primaryNicPrivateIpAddress to a config map. However, PrivateDnsZonesARecord doesn't support config maps as input for the ipv4Address field.

[matthchr]

@super-harsh is going to look into this, or if there is a better way to do this using the infrastructure that Azure provides (I thought there was a way to get this done automatically but need to look more).

[nraooptum]

Perfect! Thank you both! In the interim, would the ipv4Address field be compatible with the $importConfigMapMode option?

[matthchr]

I haven't had a chance to look into this further but just making a note we haven't forgotten.

[nraooptum]

Thanks for the follow up Matt!

[nraooptum]

@matthchr good news, our enterprise is adopting ASO as the way forward 👍 This passed our internal Architecture Review Board and everyone is excited to start migrating over to this.
 
Random side note, I was thinking, you know how we can export arbitrary values from a resource, e.g.:
https://azure.github.io/azure-service-operator/guide/configmaps/

Instead of having to implement $importConfigMapMode for a bunch of different things, what if we had the option of applying patches? For example (just making something up):

  operatorSpec:
    patchExpressions:
      - patchField: self.spec.aRecords[0].ipv4Address
        configMapName: some-configmap
        configMapKey: myIpV4Address

This would make it generic enough to pass stuff around even when the resource doesn't natively "support" injecting a value from a config map, especially when combined with the ability to export anything using configMapExpressions.

[nraooptum]

Hi, since none of our resources are internet facing (needs private endpoints), it's causing some of our developers issues as we more broadly expand this in our org, as users can create PEs but can't associate those IPs in our private DNS zones. Happy to try and contribute a PR for the config map support over the holiday break. EDIT: the break ended up being a break!

[matthchr]

Sorry about the slow response here. Holidays and other work got me distracted, but I had a chance to come back to this and refresh what I remembered.

So, networking added this new(ish?) resource called privateDnsZoneGroups. The full path of this resource is:
providers/Microsoft.Network/privateEndpoints/{privateEndpointName}/privateDnsZoneGroups/{privateDnsZoneGroupName}

ASO supports this resource already

Here's somebody on stackoverflow explaining it:

Private DNS Zone Groups are a kind of link back to one or multiple Private DNS Zones. With this connection, an A-Record will automatically be created, updated or removed on the referenced Private DNS Zone depending on the Private Endpoint configuration.

I'm not an Azure networking expert so take this with a grain of salt: I believe the preferred way to do A-records for private endpoints is using this new resource, which creates the A-record under the hood but has the added benefit of keeping it obviously associated with the PrivateEndpoint, and if the PrivateEndpoint is deleted, the A record will automatically be deleted as well (because it's a child resource). Another nice consequence of this is that you don't need to extract the IP manually, they do it under the hood for you.

Does this solve your needs?