Cleanup (#227)

* Feature Cleanup

* Updated feature documentation.

bicep/main.bicep

@@ -32,15 +32,6 @@ param ingressType string = 'External'
 @description('Feature Flag: Enable Storage accounts public access.')
 param enableBlobPublicAccess bool = false
 
-@description('Feature Flag: Enable AKS Enhanced Subnet Support (Azure CNI)')
-param enablePodSubnet bool = false
-
-@description('Optional: Cluster Configuration Overrides')
-param clusterConfiguration object = {
-  enablePrivateCluster: ''
-  enableNodeAutoProvisioning: ''
-}
-
 @description('(Optional) Software Load Override - {enable/osduCore/osduReference} --> true/false, {repository} --> https://github.com/azure/osdu-devloper  {branch} --> branch:main')
 param clusterSoftware object = {
   enable: true
@@ -58,6 +49,12 @@ param experimentalSoftware object = {
   adminUI: false
 }
 
+@description('Optional: Cluster Configuration Overrides')
+param clusterConfiguration object = {
+  enableNodeAutoProvisioning: true
+  enablePrivateCluster: false
+}
+
 @description('Optional. Bring your own Virtual Network.')
 param vnetConfiguration object = {
   group: ''
@@ -82,14 +79,6 @@ param vnetConfiguration object = {
   }
 }
 
-// This would be a type but bugs exist for ARM Templates so is object instead.
-@description('Cluster Network Overrides - {ingress} (Both/Internal/External), {serviceCidr}, {dnsServiceIP}')
-param clusterNetwork object = {
-  ingress: ''
-  serviceCidr: ''
-  dnsServiceIP: ''
-}
-
 /////////////////////////////////
 //  Configuration 
 /////////////////////////////////
@@ -211,7 +200,7 @@ module networkBlade 'modules/blade_network.bicep' = if (enableVnetInjection) {
     workspaceResourceId: logAnalytics.outputs.resourceId
     identityId: stampIdentity.outputs.principalId
 
-    enablePodSubnet: enablePodSubnet
+    enablePodSubnet: vnetConfiguration.podSubnet.name != '' && vnetConfiguration.podSubnet.prefix != '' ? true: false
     enableVnetInjection: enableVnetInjection
 
     vnetConfiguration: {
@@ -340,14 +329,13 @@ module serviceBlade 'modules/blade_service.bicep' = {
     location: location
     enableTelemetry: enableTelemetry
 
+    enableNodeAutoProvisioning: clusterConfiguration.enableNodeAutoProvisioning == 'false' ? false : true
+    enablePrivateCluster: clusterConfiguration.enablePrivateCluster == 'false' ? false : true
+
     osduVersion: clusterSoftware.osduVersion == '' ? 'master' : clusterSoftware.osduVersion
     enableSoftwareLoad: clusterSoftware.enable == 'false' ? false : true
     enableOsduCore: clusterSoftware.osduCore == 'false' ? false : true
     enableOsdureference: clusterSoftware.osduReference == 'false' ? false : true
-
-    enableNodeAutoProvisioning: clusterConfiguration.enableNodeAutoProvisioning == 'false' ? false : true
-    enablePrivateCluster: clusterConfiguration.enablePrivateCluster == 'true' ? true : false
-
     enableExperimental: experimentalSoftware.enable == 'true' ? true : false
     enableAdminUI: experimentalSoftware.adminUI == 'true' ? true : false
 
@@ -364,12 +352,10 @@ module serviceBlade 'modules/blade_service.bicep' = {
     partitionServiceBusNames: partitionBlade.outputs.partitionServiceBusNames
 
     aksSubnetId: enableVnetInjection ? networkBlade.outputs.aksSubnetId : ''
-    podSubnetId: enableVnetInjection && enablePodSubnet ? networkBlade.outputs.podSubnetId : ''
+    podSubnetId: enableVnetInjection ? networkBlade.outputs.podSubnetId : ''
     vmSize: customVMSize
 
     clusterIngress: ingressType == '' ? 'External' : ingressType
-    serviceCidr: clusterNetwork.serviceCidr == '' ? '172.16.0.0/16' : clusterNetwork.serviceCidr
-    dnsServiceIP: clusterNetwork.dnsServiceIP == '' ? '172.16.0.10' : clusterNetwork.vnet
 
     softwareBranch: clusterSoftware.branch
     softwareRepository: clusterSoftware.repository

bicep/modules/blade_service.bicep

@@ -84,13 +84,13 @@ param osduVersion string = 'master'
 @minLength(9)
 @maxLength(18)
 @description('The address range to use for services')
-param serviceCidr string
+param serviceCidr string = '172.16.0.0/16'
 
 
 @minLength(7)
 @maxLength(15)
 @description('The IP address to reserve for DNS')
-param dnsServiceIP string
+param dnsServiceIP string = '172.16.0.10'
 
 @description('The id of the subnet to deploy the AKS nodes')
 param aksSubnetId string

docs/src/design_platform.md

@@ -63,6 +63,14 @@ This solution implements comprehensive best practices across security controls a
 
     ---
 
+    - [x] [API VNet Integration](https://learn.microsoft.com/en-us/azure/aks/api-server-vnet-integration)
+
+        Kubernetes API server projection into the VNET where AKS is deployed.
+
+    - [x] [Private Cluster](https://learn.microsoft.com/en-us/azure/aks/private-clusters?tabs=default-basic-networking%2Cazure-portal)
+
+        Enable private cluster mode providing public network access without exposure of the AKS API server to the internet.
+
     - [x] [CNI Overlay](https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay)
 
         Enhanced network security with overlay networking, providing logical separation between pod and node networks.

docs/src/feature_flags.md

@@ -51,6 +51,8 @@ Infrastructure customizations can be modified using the following feature flags.
 | CLUSTER_INGRESS           | Specifies the Ingress type for the cluster (External, Internal, or Both)    |
 | CLUSTER_VM_SIZE           | Overrides the default server type with a custom VM size                     |
 | ENABLE_BLOB_PUBLIC_ACCESS | Enables public access for storage account blob (False by default)           |
+| ENABLE_NODE_AUTO_PROVISIONING | Enables node auto provisioning (True by default)                        |
+| ENABLE_PRIVATE_CLUSTER    | Enables private cluster (False by default)                                  |
 
 
 ## Custom Software