Add Azure support to egress private endpoints documentation#23391
Merged
Conversation
Add Azure Private Link Service throughout the egress private endpoints doc following the same structure and level of detail as AWS/GCP. Changes: - Add Azure to supported services list - Add Azure prerequisites section with approval process - Add Azure to target_service_identifier and target_service_type parameters - Add Azure example API request - Update Confluent Cloud section to include Azure All Azure additions include detailed TODO comments with self-contained context so they can be reviewed without referring to supporting documents. Each TODO includes: - Exact line references to AWS/GCP equivalents in the same file - Context showing what AWS and GCP do for the same scenario - Specific questions with clear options - Guidance on what content is needed based on the answer The 6 TODOs cover: 1. Supported services list wording (generic vs specific) 2. Pre-authorization requirement (compare to AWS principal, GCP approval) 3. Additional prerequisites (compare to AWS/GCP bullets) 4. Target service identifier format (resource ID vs alias + how to find) 5. Service type confirmation (PRIVATE_SERVICE vs Azure-specific types) 6. Example values (region format, realistic placeholders) Co-Authored-By: roachdev-claude <roachdev-claude-bot@cockroachlabs.com>
✅ Deploy Preview for cockroachdb-api-docs canceled.
|
✅ Deploy Preview for cockroachdb-interactivetutorials-docs canceled.
|
Files changed: |
✅ Deploy Preview for cockroachdb-api-docs canceled.
|
✅ Deploy Preview for cockroachdb-interactivetutorials-docs canceled.
|
Contributor
Author
|
@sanchit-CRL Would you mind reviewing the TODOs and providing the info we need to fill the gaps for each? Happy to collaborate in other ways, too, if preferable - just let me know. Thanks! |
✅ Netlify Preview
To edit notification comments on pull requests, go to your Netlify project configuration. |
✅ Netlify Preview
To edit notification comments on pull requests, go to your Netlify project configuration. |
sanchit-CRL
reviewed
May 22, 2026
|
|
||
| Question: Does Azure follow GCP's pattern (always `PRIVATE_SERVICE`), or does it need service-specific types like AWS MSK? | ||
| - For self-hosted Kafka on Azure VMs: `PRIVATE_SERVICE`? | ||
| - For Azure Event Hubs (if supported): `PRIVATE_SERVICE` or something specific like `AZURE_EVENT_HUBS`? |
There was a problem hiding this comment.
we have not worked on Azure event hubs in this phase, just PRIVATE_SERVICE is supported for both self hosted on VM and confluent cloud
…endpoints Applied all feedback from PR review to finalize Azure documentation. Changes: - Supported services: Keep generic "Azure Private Link Service" wording - Pre-authorization: Added explanation that CC subscription doesn't need pre-authorization, but manual approval is required (with optional auto-approval setup). Added API call to retrieve Azure subscription ID. - Prerequisites: Added same-region requirement, enhanced ILB bullet to specify Standard SKU requirement and note Basic SKU is not supported. - Target identifier: Expanded to show both resource ID (recommended) and alias formats with Portal and CLI instructions for finding values. - Service type: Confirmed PRIVATE_SERVICE is correct for Azure. - Example values: Confirmed "eastus" region format is correct. All 6 TODOs resolved and removed. Co-Authored-By: roachdev-claude <roachdev-claude-bot@cockroachlabs.com>
Refinements to the Azure prerequisites section: - Add link to "Standard SKU Internal Load Balancer" pointing to Azure's SKU comparison page for customers who want to understand the difference - Clarify Basic SKU limitation: "Basic SKU load balancers do not support the Private Link Service" (more explicit than "Basic SKU does not support Private Link") - Add "By default," to approval text for clarity on when manual approval is needed - Standardize navigation arrows to > throughout Azure sections Co-Authored-By: roachdev-claude <roachdev-claude-bot@cockroachlabs.com>
mikeCRL
force-pushed
the
DOC-16027_azure-egress-private-endpoints
branch
from
ad02f67 to
951c8a7
Compare
The connection approval step is a post-creation action, not a prerequisite. Remove it from the Azure PLS prerequisites and incorporate the guidance into the existing post-example callout, which already covers this case generically for all cloud providers.
Introduce "(PLS)" on the first mention of "Azure Private Link Service" so that subsequent uses of the abbreviation are unambiguous. Also tighten "must be created" to "must exist" since CockroachDB Cloud is not the one creating it.
The bare `az network private-endpoint-connection approve` command is not executable as written. Add the required --resource-group, --resource-name, --name, and --type flags so readers have a copy-pasteable starting point.
Contributor
Author
|
@sanchit-CRL FYI I made some improvements to the structure and detail of the Azure content, but I don't think it necessarily requires additional technical review. Hoping to get this merged today after Docs team review. |
bsanchez-the-roach
approved these changes
May 28, 2026
Contributor
bsanchez-the-roach
left a comment
bsanchez-the-roach
left a comment
There was a problem hiding this comment.
One optional nit, but LGTM
Co-authored-by: bsanchez-the-roach <brandon.sanchez@cockroachlabs.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds Azure Private Link Service support to egress private endpoints documentation, matching the level of detail provided for AWS and GCP. Resolves DOC-16027.
Azure coverage includes:
PRIVATE_SERVICE)