-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactored the solution bicep for better organization (#51)
* Validated the capability with a s2s VPN solution. * Refactored the solution to leverage a better bicep pattern.
- Loading branch information
1 parent
6dca7db
commit 673d183
Showing
19 changed files
with
21,906 additions
and
21,256 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| # Contributing to [project-title] | ||
|
|
||
| This project welcomes contributions and suggestions. Most contributions require you to agree to a | ||
| Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us | ||
| the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. | ||
|
|
||
| When you submit a pull request, a CLA bot will automatically determine whether you need to provide | ||
| a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions | ||
| provided by the bot. You will only need to do this once across all repos using our CLA. | ||
|
|
||
| This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). | ||
| For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or | ||
| contact [[email protected]](mailto:[email protected]) with any additional questions or comments. | ||
|
|
||
| - [Code of Conduct](#coc) | ||
| - [Issues and Bugs](#issue) | ||
| - [Feature Requests](#feature) | ||
| - [Submission Guidelines](#submit) | ||
|
|
||
| ## <a name="coc"></a> Code of Conduct | ||
| Help us keep this project open and inclusive. Please read and follow our [Code of Conduct](https://opensource.microsoft.com/codeofconduct/). | ||
|
|
||
| ## <a name="issue"></a> Found an Issue? | ||
| If you find a bug in the source code or a mistake in the documentation, you can help us by | ||
| [submitting an issue](#submit-issue) to the GitHub Repository. Even better, you can | ||
| [submit a Pull Request](#submit-pr) with a fix. | ||
|
|
||
| ## <a name="feature"></a> Want a Feature? | ||
| You can *request* a new feature by [submitting an issue](#submit-issue) to the GitHub | ||
| Repository. If you would like to *implement* a new feature, please submit an issue with | ||
| a proposal for your work first, to be sure that we can use it. | ||
|
|
||
| * **Small Features** can be crafted and directly [submitted as a Pull Request](#submit-pr). | ||
|
|
||
| ## <a name="submit"></a> Submission Guidelines | ||
|
|
||
| ### <a name="submit-issue"></a> Submitting an Issue | ||
| Before you submit an issue, search the archive, maybe your question was already answered. | ||
|
|
||
| If your issue appears to be a bug, and hasn't been reported, open a new issue. | ||
| Help us to maximize the effort we can spend fixing issues and adding new | ||
| features, by not reporting duplicate issues. Providing the following information will increase the | ||
| chances of your issue being dealt with quickly: | ||
|
|
||
| * **Overview of the Issue** - if an error is being thrown a non-minified stack trace helps | ||
| * **Version** - what version is affected (e.g. 0.1.2) | ||
| * **Motivation for or Use Case** - explain what are you trying to do and why the current behavior is a bug for you | ||
| * **Browsers and Operating System** - is this a problem with all browsers? | ||
| * **Reproduce the Error** - provide a live example or a unambiguous set of steps | ||
| * **Related Issues** - has a similar issue been reported before? | ||
| * **Suggest a Fix** - if you can't fix the bug yourself, perhaps you can point to what might be | ||
| causing the problem (line of code or commit) | ||
|
|
||
| You can file new issues by providing the above information at the issues link: https://github.com/azure/osdu-develoepr/issues/new. | ||
|
|
||
| ### <a name="submit-pr"></a> Submitting a Pull Request (PR) | ||
| Before you submit your Pull Request (PR) consider the following guidelines: | ||
|
|
||
| * Search the repository (https://github.com/azure/osdu-developer/pulls) for an open or closed PR | ||
| that relates to your submission. You don't want to duplicate effort. | ||
|
|
||
| * Make your changes in a new git fork: | ||
|
|
||
| * Commit your changes using a descriptive commit message | ||
| * Push your fork to GitHub: | ||
| * In GitHub, create a pull request | ||
| * If we suggest changes then: | ||
| * Make the required updates. | ||
| * Rebase your fork and force push to your GitHub repository (this will update your Pull Request): | ||
|
|
||
| ```shell | ||
| git rebase master -i | ||
| git push -f | ||
| ``` | ||
|
|
||
| That's it! Thank you for your contribution! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -160,54 +160,44 @@ azd env set SOFTWARE_BRANCH main | |
| Customize your resources by enabling these optional features based on your specific requirements: | ||
|
|
||
|
|
||
| #### Feature: Pod Subnet | ||
| #### Feature: Vnet Injection | ||
|
|
||
| __Purpose:__ Enhances network configuration for Kubernetes Pods. | ||
| __Purpose:__ Enables a bring your own network capability. | ||
|
|
||
| __Details:__ Typically, with kubenet in Kubernetes, nodes are assigned IP addresses from the Azure virtual network subnet. Enabling the Pod Subnet feature allows Pods to receive IP addresses from a different address space, separate from the subnet of the nodes. This separation alters the network flows. | ||
| __Details:__ Typically, internal solutions require a preconfigured network due to possible S2S vpn configurations or a Hub Spoke Network design. | ||
|
|
||
| __How To Enable:__ | ||
|
|
||
| ```bash | ||
| azd env set ENABLE_POD_SUBNET true | ||
| azd env set ENABLE_VNET_INJECTION true | ||
| ``` | ||
|
|
||
|
|
||
| #### Feature: Bastion | ||
| #### Feature: Pod Subnet | ||
|
|
||
| __Purpose:__ Facilitates secure access to internal network resources. | ||
| __Purpose:__ Enhances network configuration for Kubernetes Pods. | ||
|
|
||
| __Details:__ Internal ingress configurations can sometimes make it challenging to access network resources. The Bastion feature addresses this by creating a bastion host and a virtual machine. These components act as a secure gateway, allowing you to communicate with and manage resources within the private network, even if they're not exposed to the public internet. | ||
| __Details:__ Typically, with kubenet in Kubernetes, nodes are assigned IP addresses from the Azure virtual network subnet. Enabling the Pod Subnet feature allows Pods to receive IP addresses from a different address space, separate from the subnet of the nodes. This separation alters the network flows. | ||
|
|
||
| __How To Enable:__ | ||
|
|
||
| ```bash | ||
| azd env set ENABLE_BASTION true | ||
| azd env set ENABLE_POD_SUBNET true | ||
| ``` | ||
|
|
||
|
|
||
| #### Feature: VPN Gateway | ||
|
|
||
| __Purpose:__ Establishes secure VPN connections for remote access. | ||
|
|
||
| __Details:__ The VPN Gateway feature is essential for projects that require secure remote network access. It facilitates the creation of site-to-site and point-to-site VPN connections, enabling secure and flexible development environments, especially when dealing with internal ingress. This feature is crucial for maintaining robust network security and facilitating seamless remote access. | ||
| #### Feature: Bastion | ||
|
|
||
| __Additional Configuration Values:__ | ||
| __Purpose:__ Facilitates secure access to internal network resources. | ||
|
|
||
| - REMOTE_NETWORK_PREFIX: The CIDR notation for the remote network (e.g., '192.168.1.0/24'). | ||
| - REMOTE_VPN_ADDRESS: The IP address of the Remote VPN Gateway. | ||
| - VPN_SHARED_KEY: The shared key for establishing the VPN connection. | ||
| __Details:__ Internal ingress configurations can sometimes make it challenging to access network resources. The Bastion feature addresses this by creating a bastion host and a virtual machine. These components act as a secure gateway, allowing you to communicate with and manage resources within the private network, even if they're not exposed to the public internet. | ||
|
|
||
| __How To Enable:__ | ||
|
|
||
| ```bash | ||
| azd env set ENABLE_VPN_GATEWAY true | ||
| azd env set REMOTE_NETWORK_PREFIX <your_network_prefix> | ||
| azd env set REMOTE_VPN_ADDRESS <your_vpn_ip> | ||
| azd env set _VPN_SHARED_KEY <your_shared_key> | ||
| azd env set ENABLE_BASTION true | ||
| ``` | ||
|
|
||
|
|
||
| #### Feature: Public Blob Access | ||
|
|
||
| __Purpose:__ Control public access to Blob Storage. | ||
|
|
@@ -258,7 +248,7 @@ The architecture diagram below provides a visual representation of the infrastru | |
| 1. Azure Virtual Network: Illustrates the network and how feature enablement changes the network structure and subnets. | ||
| 2. Azure Kubernetes Service (AKS): Demonstrates the Kubernetes clusters and an example of how software is set up along with interactions to other Azure services. | ||
| 3. Storage Resources: Illustrates the use of services such as Azure Storage Accounts and Azure Cosmos Databases and how they connect to the network. | ||
| 4. Optional Features: If enabled, features like the VPN Gateway, Bastion Host, and Pod Subnet are represented, attempting to show their placement and role within the architecture. | ||
| 4. Optional Features: If enabled, features like the Bastion Host, Public Blob Access and Pod Subnet are represented, attempting to show their placement and role within the architecture. | ||
|
|
||
|
|
||
| ## Software Management with a Gitops Approach | ||
|
|
@@ -289,20 +279,6 @@ There are many things that can be done to customize the deployment. One example | |
| See [this tutorial](docs/vnet-injection.md) for how a customization like this might be performed. | ||
|
|
||
|
|
||
| ## Contributing | ||
|
|
||
| This project welcomes contributions and suggestions. Most contributions require you to agree to a | ||
| Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us | ||
| the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. | ||
|
|
||
| When you submit a pull request, a CLA bot will automatically determine whether you need to provide | ||
| a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions | ||
| provided by the bot. You will only need to do this once across all repos using our CLA. | ||
|
|
||
| This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). | ||
| For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or | ||
| contact [[email protected]](mailto:[email protected]) with any additional questions or comments. | ||
|
|
||
| ## Trademarks | ||
|
|
||
| This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.