From 9de8850950c370a60ad12fc6be18a1c647fcd1d4 Mon Sep 17 00:00:00 2001 From: danielscholl Date: Wed, 17 Jan 2024 14:46:24 -0600 Subject: [PATCH] Updated the software and made it override capable. (#25) --- azuredeploy.json | 222 +++++++++++++++++++++++++---------------------- bicep/main.bicep | 160 ++++++++++++++++++---------------- 2 files changed, 201 insertions(+), 181 deletions(-) diff --git a/azuredeploy.json b/azuredeploy.json index c984c46b..29c72e26 100644 --- a/azuredeploy.json +++ b/azuredeploy.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.24.24.22086", - "templateHash": "8345717965934980829" + "templateHash": "16869636000797096972" } }, "parameters": { @@ -23,79 +23,92 @@ "description": "Feature Flag to Enable Telemetry" } }, - "enablePodSubnet": { - "type": "bool", - "defaultValue": false, + "applicationClientId": { + "type": "string", "metadata": { - "description": "Feature Flag to Enable a Pod Subnet" + "description": "Specify the AD Application Client Id." } }, - "virtualNetworkNewOrExisting": { + "clusterIngress": { "type": "string", - "defaultValue": "new", + "defaultValue": "Both", + "allowedValues": [ + "Internal", + "External", + "Both" + ], "metadata": { - "description": "Boolean indicating whether the VNet is new or existing" + "description": "The Cluster Ingress Mode" } }, - "virtualNetworkName": { - "type": "string", - "defaultValue": "osdu-network", + "partitions": { + "type": "array", + "defaultValue": [ + { + "name": "opendes" + } + ], "metadata": { - "description": "Name of the Virtual Network (Optional: If exiting Network is selected)" + "description": "List of Data Partitions" } }, - "virtualNetworkResourceGroup": { + "clusterSize": { "type": "string", - "defaultValue": "osdu-network", + "defaultValue": "CostOptimised", + "allowedValues": [ + "CostOptimised", + "Standard", + "HighSpec" + ], "metadata": { - "description": "Resource group of the VNet (Optional: If exiting Network is selected)" + "description": "The Cluster Size" } }, - "virtualNetworkAddressPrefix": { + "softwareRepository": { "type": "string", - "defaultValue": "10.1.0.0/16", + "defaultValue": "https://github.com/azure/osdu-developer", "metadata": { - "description": "VNet address prefix" + "description": "Software GIT Repository URL" } }, - "aksSubnetName": { + "softwareBranch": { "type": "string", - "defaultValue": "ClusterSubnet", + "defaultValue": "main", "metadata": { - "description": "New or Existing subnet Name" + "description": "Software GIT Repository Branch" } }, - "aksSubnetAddressPrefix": { - "type": "string", - "defaultValue": "10.1.0.0/20", + "enableBastion": { + "type": "bool", + "defaultValue": false, "metadata": { - "description": "Subnet address prefix" + "description": "Feature Flag to Enable Bastion" } }, - "bastionSubnetName": { + "vmAdminUsername": { "type": "string", - "defaultValue": "AzureBastionSubnet", + "defaultValue": "[if(parameters('enableBastion'), 'azureUser', newGuid())]", "metadata": { - "description": "New or Existing subnet Name" + "description": "Specifies the name of the administrator account of the virtual machine." } }, - "bastionSubnetAddressPrefix": { - "type": "string", - "defaultValue": "10.1.16.0/24", + "vmAdminPasswordOrKey": { + "type": "securestring", + "defaultValue": "[if(parameters('enableBastion'), '', newGuid())]", "metadata": { - "description": "Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space." + "description": "Specifies the SSH Key or password for the virtual machine. SSH key is recommended." } }, - "gatewaySubnetName": { + "bastionSubnetName": { "type": "string", - "defaultValue": "GatewaySubnet", + "defaultValue": "AzureBastionSubnet", "metadata": { "description": "New or Existing subnet Name" } }, - "gatewaySubnetAddressPrefix": { + "bastionSubnetAddressPrefix": { "type": "string", - "defaultValue": "10.1.17.0/24", + "defaultValue": "10.1.16.0/24", "metadata": { "description": "Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space." } @@ -114,20 +127,6 @@ "description": "Specifies the address prefix of the subnet which contains the virtual machine." } }, - "podSubnetName": { - "type": "string", - "defaultValue": "PodSubnet", - "metadata": { - "description": "New or Existing subnet Name" - } - }, - "podSubnetAddressPrefix": { - "type": "string", - "defaultValue": "10.1.19.0/20", - "metadata": { - "description": "Subnet address prefix" - } - }, "enableVpnGateway": { "type": "bool", "defaultValue": false, @@ -156,91 +155,106 @@ "description": "IP Address Segment of the Remote Network" } }, - "enablePrivateLink": { + "gatewaySubnetName": { + "type": "string", + "defaultValue": "GatewaySubnet", + "metadata": { + "description": "New or Existing subnet Name" + } + }, + "gatewaySubnetAddressPrefix": { + "type": "string", + "defaultValue": "10.1.17.0/24", + "metadata": { + "description": "Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space." + } + }, + "enablePodSubnet": { "type": "bool", "defaultValue": false, "metadata": { - "description": "Feature Flag to Enable Private Link" + "description": "Feature Flag to Enable a Pod Subnet" } }, - "cmekConfiguration": { - "type": "object", - "defaultValue": { - "kvUrl": "", - "keyName": "", - "identityId": "" - }, + "podSubnetName": { + "type": "string", + "defaultValue": "PodSubnet", "metadata": { - "description": "Optional. Customer Managed Encryption Key." + "description": "New or Existing subnet Name" } }, - "applicationClientId": { + "podSubnetAddressPrefix": { "type": "string", + "defaultValue": "10.1.19.0/20", "metadata": { - "description": "Specify the AD Application Client Id." + "description": "Subnet address prefix" } }, - "partitions": { - "type": "array", - "defaultValue": [ - { - "name": "opendes" - } - ], + "virtualNetworkNewOrExisting": { + "type": "string", + "defaultValue": "new", "metadata": { - "description": "List of Data Partitions" + "description": "Boolean indicating whether the VNet is new or existing" } }, - "clusterSize": { + "virtualNetworkName": { "type": "string", - "defaultValue": "CostOptimised", - "allowedValues": [ - "CostOptimised", - "Standard", - "HighSpec" - ], + "defaultValue": "osdu-network", "metadata": { - "description": "The Cluster Size" + "description": "Name of the Virtual Network (Optional: If exiting Network is selected)" } }, - "clusterIngress": { + "virtualNetworkResourceGroup": { "type": "string", - "defaultValue": "Both", - "allowedValues": [ - "Internal", - "External", - "Both" - ], + "defaultValue": "osdu-network", "metadata": { - "description": "The Cluster Ingress Mode" + "description": "Resource group of the VNet (Optional: If exiting Network is selected)" } }, - "clusterAdminIds": { - "type": "array", - "defaultValue": [], + "virtualNetworkAddressPrefix": { + "type": "string", + "defaultValue": "10.1.0.0/16", "metadata": { - "description": "Optional: Specify the AD Users and/or Groups that can manage the cluster." + "description": "VNet address prefix" } }, - "enableBastion": { + "aksSubnetName": { + "type": "string", + "defaultValue": "ClusterSubnet", + "metadata": { + "description": "New or Existing subnet Name" + } + }, + "aksSubnetAddressPrefix": { + "type": "string", + "defaultValue": "10.1.0.0/20", + "metadata": { + "description": "Subnet address prefix" + } + }, + "enablePrivateLink": { "type": "bool", "defaultValue": false, "metadata": { - "description": "Feature Flag to Enable Bastion" + "description": "Feature Flag to Enable Private Link" } }, - "vmAdminUsername": { - "type": "string", - "defaultValue": "[if(parameters('enableBastion'), 'azureUser', newGuid())]", + "cmekConfiguration": { + "type": "object", + "defaultValue": { + "kvUrl": "", + "keyName": "", + "identityId": "" + }, "metadata": { - "description": "Specifies the name of the administrator account of the virtual machine." + "description": "Optional. Customer Managed Encryption Key." } }, - "vmAdminPasswordOrKey": { - "type": "securestring", - "defaultValue": "[if(parameters('enableBastion'), '', newGuid())]", + "clusterAdminIds": { + "type": "array", + "defaultValue": [], "metadata": { - "description": "Specifies the SSH Key or password for the virtual machine. SSH key is recommended." + "description": "Optional: Specify the AD Users and/or Groups that can manage the cluster." } } }, @@ -664,8 +678,8 @@ }, "gitops": { "name": "flux-system", - "url": "https://github.com/azure/osdu-developer", - "branch": "aks_update", + "url": "[parameters('softwareRepository')]", + "branch": "[parameters('softwareBranch')]", "components": "./stamp/components", "applications": "./stamp/applications" }, @@ -698,13 +712,13 @@ "resources": [ { "type": "Microsoft.Network/virtualWans", - "apiVersion": "2023-04-01", + "apiVersion": "2023-06-01", "name": "[format('{0}-wan', variables('commonLayerConfig').network.name)]", "location": "[parameters('location')]" }, { "type": "Microsoft.Network/virtualHubs", - "apiVersion": "2022-01-01", + "apiVersion": "2023-06-01", "name": "[format('{0}-hub', variables('commonLayerConfig').network.name)]", "location": "[parameters('location')]", "properties": { diff --git a/bicep/main.bicep b/bicep/main.bicep index f37091b1..22868342 100644 --- a/bicep/main.bicep +++ b/bicep/main.bicep @@ -6,31 +6,56 @@ param location string = resourceGroup().location @description('Feature Flag to Enable Telemetry') param enableTelemetry bool = false +@description('Specify the AD Application Client Id.') +param applicationClientId string + +@allowed([ + 'Internal' + 'External' + 'Both' +]) +@description('The Cluster Ingress Mode') +param clusterIngress string = 'Both' +@description('List of Data Partitions') +param partitions array = [ + { + name: 'opendes' + } +] + +@allowed([ + 'CostOptimised' + 'Standard' + 'HighSpec' +]) +@description('The Cluster Size') +param clusterSize string = 'CostOptimised' ///////////////// -// Network Blade +// Software Blade ///////////////// -@description('Feature Flag to Enable a Pod Subnet') -param enablePodSubnet bool = false -@description('Boolean indicating whether the VNet is new or existing') -param virtualNetworkNewOrExisting string = 'new' +@description('Software GIT Repository URL') +param softwareRepository string = 'https://github.com/azure/osdu-developer' -@description('Name of the Virtual Network (Optional: If exiting Network is selected)') -param virtualNetworkName string = 'osdu-network' +@description('Software GIT Repository Branch') +param softwareBranch string = 'main' -@description('Resource group of the VNet (Optional: If exiting Network is selected)') -param virtualNetworkResourceGroup string = 'osdu-network' -@description('VNet address prefix') -param virtualNetworkAddressPrefix string = '10.1.0.0/16' +///////////////// +// Bastion Blade +///////////////// -@description('New or Existing subnet Name') -param aksSubnetName string = 'ClusterSubnet' +@description('Feature Flag to Enable Bastion') +param enableBastion bool = false -@description('Subnet address prefix') -param aksSubnetAddressPrefix string = '10.1.0.0/20' +@description('Specifies the name of the administrator account of the virtual machine.') +param vmAdminUsername string = enableBastion ? 'azureUser' : newGuid() + +@description('Specifies the SSH Key or password for the virtual machine. SSH key is recommended.') +@secure() +param vmAdminPasswordOrKey string = enableBastion ? '' : newGuid() @description('New or Existing subnet Name') param bastionSubnetName string = 'AzureBastionSubnet' @@ -38,24 +63,16 @@ param bastionSubnetName string = 'AzureBastionSubnet' @description('Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space.') param bastionSubnetAddressPrefix string = '10.1.16.0/24' -@description('New or Existing subnet Name') -param gatewaySubnetName string = 'GatewaySubnet' - -@description('Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space.') -param gatewaySubnetAddressPrefix string = '10.1.17.0/24' - @description('Specifies the name of the subnet which contains the virtual machine.') param vmSubnetName string = 'VmSubnet' @description('Specifies the address prefix of the subnet which contains the virtual machine.') param vmSubnetAddressPrefix string = '10.1.18.0/24' -@description('New or Existing subnet Name') -param podSubnetName string = 'PodSubnet' - -@description('Subnet address prefix') -param podSubnetAddressPrefix string = '10.1.19.0/20' +///////////////// +// Network Blade +///////////////// @description('Feature Flag to Enable VPN Gateway Functionality') param enableVpnGateway bool = false @@ -69,70 +86,59 @@ param remoteVpnPrefix string = '' @description('IP Address Segment of the Remote Network') param remoteNetworkPrefix string = '192.168.1.0/24' +@description('New or Existing subnet Name') +param gatewaySubnetName string = 'GatewaySubnet' +@description('Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space.') +param gatewaySubnetAddressPrefix string = '10.1.17.0/24' -///////////////// -// Security Blade -///////////////// -@description('Feature Flag to Enable Private Link') -param enablePrivateLink bool = false +// -- -@description('Optional. Customer Managed Encryption Key.') -param cmekConfiguration object = { - kvUrl: '' - keyName: '' - identityId: '' -} +@description('Feature Flag to Enable a Pod Subnet') +param enablePodSubnet bool = false +@description('New or Existing subnet Name') +param podSubnetName string = 'PodSubnet' +@description('Subnet address prefix') +param podSubnetAddressPrefix string = '10.1.19.0/20' -///////////////// -// Settings Blade -///////////////// -@description('Specify the AD Application Client Id.') -param applicationClientId string +// -- -@description('List of Data Partitions') -param partitions array = [ - { - name: 'opendes' - } -] +@description('Boolean indicating whether the VNet is new or existing') +param virtualNetworkNewOrExisting string = 'new' -@allowed([ - 'CostOptimised' - 'Standard' - 'HighSpec' -]) -@description('The Cluster Size') -param clusterSize string = 'CostOptimised' +@description('Name of the Virtual Network (Optional: If exiting Network is selected)') +param virtualNetworkName string = 'osdu-network' -@allowed([ - 'Internal' - 'External' - 'Both' -]) -@description('The Cluster Ingress Mode') -param clusterIngress string = 'Both' +@description('Resource group of the VNet (Optional: If exiting Network is selected)') +param virtualNetworkResourceGroup string = 'osdu-network' -@description('Optional: Specify the AD Users and/or Groups that can manage the cluster.') -param clusterAdminIds array = [] +@description('VNet address prefix') +param virtualNetworkAddressPrefix string = '10.1.0.0/16' +@description('New or Existing subnet Name') +param aksSubnetName string = 'ClusterSubnet' + +@description('Subnet address prefix') +param aksSubnetAddressPrefix string = '10.1.0.0/20' ///////////////// -// Bastion Blade +// Security Blade ///////////////// +@description('Feature Flag to Enable Private Link') +param enablePrivateLink bool = false -@description('Feature Flag to Enable Bastion') -param enableBastion bool = false - -@description('Specifies the name of the administrator account of the virtual machine.') -param vmAdminUsername string = enableBastion ? 'azureUser' : newGuid() +@description('Optional. Customer Managed Encryption Key.') +param cmekConfiguration object = { + kvUrl: '' + keyName: '' + identityId: '' +} -@description('Specifies the SSH Key or password for the virtual machine. SSH key is recommended.') -@secure() -param vmAdminPasswordOrKey string = enableBastion ? '' : newGuid() +@description('Optional: Specify the AD Users and/or Groups that can manage the cluster.') +param clusterAdminIds array = [] @@ -599,12 +605,12 @@ module network 'br/public:avm/res/network/virtual-network:0.1.0' = { ] } -resource virtualWan 'Microsoft.Network/virtualWans@2023-04-01' = { +resource virtualWan 'Microsoft.Network/virtualWans@2023-06-01' = { name: '${commonLayerConfig.network.name}-wan' location: location } -resource virtualHub 'Microsoft.Network/virtualHubs@2022-01-01' = { +resource virtualHub 'Microsoft.Network/virtualHubs@2023-06-01' = { name: '${commonLayerConfig.network.name}-hub' location: location properties: { @@ -1468,8 +1474,8 @@ var serviceLayerConfig = { } gitops: { name: 'flux-system' - url: 'https://github.com/azure/osdu-developer' - branch: 'aks_update' + url: softwareRepository + branch: softwareBranch components: './stamp/components' applications: './stamp/applications' }