What is happening when capabilityHost is being created. #265
Description
Hi!
I’m having an issues with capabilityHost creation. In last 4 weeks I’ve got only ONE successful deployment of whole setup (bicep). I will not lie if I will say I’ve tried dozens of times with different configurations / with purges / deletes (both terraform and bicep).
I’m deploying BYOVnet scenario.
No matter what - all the time it fails. Funny thing is that One successful run was unsuccessful 2days prior this run - without any code changes. It worked once. Then I’ve destroyed whole setup (purged resources as well), and to ensure errors are gone.. I’ve redeployed same setup „from scratch”.. well.. errors came back 😂 no code changes…
Since then: 0 successful runs anymore.
I’m loosing a hope. I also have support ticket - but there’s no real help.. I’m being asked to try „one more time vanilla templates”… I don’t want to comment that..
I want - for whole community - a transparency: what is happening under the hood in Azure with capHost creation. What actions are being initiated; to where; from where; what are the possible IPs to whitelist; how these actions possibly are authenticating to resources; is there any Network Security Groups config that have to be taken into consideration (we are having also central firewall - is there anything there to be set? Some additional Policies?)
If someone is able to put some high-level bullet points / actions that azure does under the hood to enable capabilityHost - I think that will be big help to whole community.
Errors „500 internal server error” could also be extended to give some hints..