Codespaces: Private networking with Azure VNETs (Preview) #534
Description
Summary
This functionality will enable developers access on-prem resources from within their codespace alongside providing enterprise and org admins more control on the network settings for org-owned codespaces.
Intended Outcome
One piece of constant feedback that blocks many enterprises from using Codespaces is access to on-prem services and resources from within a Codespace (e.g. databases, enterprise web services, package managers). In addition to on-prem access, more regulated enterprises also want existing firewall/networking policies to apply to Codespaces to aid secure development across their organization. This functionality aims at addressing the following scenarios:
- Ability to connect from a Codespace to on-prem servers, other parts of Azure, or other clouds.
- Ability to restrict and isolate what a Codespace can connect to.
How will it work?
Note: This functionality will be supported for the GitHub Enterprise Cloud plan.
- Enterprise administrators can connect an existing Azure VNET and subnet to their Enterprise.
- Once the VNET is connected, child organizations and repositories within that Enterprise can utilize that VNET for org-owned Codespaces to be created into.
- Since the VNET is owned by the customer, they will have full control on setting the required policies, inbound/outbound NSG rules, ExpressRoute/network peering to enable Codespaces access on-prem resources in addition to being compliant with those policies.