Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure Templates Improvements | ARM & Terraform #385

Merged
merged 6 commits into from
Jun 20, 2024
Merged

Azure Templates Improvements | ARM & Terraform #385

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7f0f399
Azure Templates Improvements | Terraform
chkp-yairra Jun 13, 2024
69b8bcb
Azure Templates Improvements | ARM
chkp-yairra Jun 13, 2024
1df0316
Updated ingress
chkp-yairra Jun 13, 2024
0204d54
Fixed style
chkp-yairra Jun 13, 2024
b2df1e2
Azure TF Templates | Updated vmss-existing-vnet template
chkp-yairra Jun 19, 2024
6c139b8
Updated README
chkp-yairra Jun 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 36 additions & 1 deletion azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,7 @@
"label": "Number of Availability Zones to use",
"defaultValue": "None",
"toolTip": "The number of avalability zones to use for the scale set. Note that the load balancers and their IP addresses will be zone redundant in any case.",
"visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth ', concat(' ', location(), ' '))]",
"visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth ', concat(' ', location(), ' '))]",
"constraints": {
"allowedValues": [
{
Expand Down Expand Up @@ -1279,6 +1279,18 @@
]
}
},
{
"name": "additionalDiskSizeGB",
"type": "Microsoft.Common.TextBox",
"label": "Additional disk space (GB)",
"defaultValue": "0",
"toolTip": "Additional disk space (in GB), initial disk size is 100 GB.",
"constraints": {
"regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
"validationMessage": "Select a number between 0 and 3995"
},
"visible": "[not(contains('R80.40 R81 R81.10 R81.20', steps('chkp').cloudGuardVersion))]"
},
{
"name": "useCustomImageUri",
"type": "Microsoft.Common.OptionsGroup",
Expand Down Expand Up @@ -1411,6 +1423,27 @@
"validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
},
"visible": "[steps('network').NSG]"
},
{
"name": "addStorageAccountIpRules",
"type": "Microsoft.Common.OptionsGroup",
"defaultValue": "Network access from all networks",
"label": "Storage Account Network Access",
"toolTip": "Select your preferred network access to the Storage Account, for more information - https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#serial-console-security",
"constraints": {
"allowedValues": [
{
"label": "Network access from all networks",
"value": false
},
{
"label": "Network access only from Serial Console",
"value": true
}
],
"required": true
},
"visible": true
}
]
},
Expand Down Expand Up @@ -1460,6 +1493,7 @@
"sicKey": "[steps('chkp').sicKeyUi]",
"bootstrapScript": "[steps('chkp').bootstrapScript]",
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
"additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
"diskType": "[if(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
"virtualNetworkName": "[steps('network').virtualNetwork.name]",
Expand All @@ -1474,6 +1508,7 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
"addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
"SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]"
}
Expand Down
92 changes: 86 additions & 6 deletions azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,15 @@
"description": "The IP address used to manage the VMSS instances."
}
},
"additionalDiskSizeGB": {
"type": "int",
"defaultValue": 0,
"metadata": {
"description": "Amount of additional disk space (in GB), not relevant for R81.20 and below"
},
"minValue": 0,
"maxValue": 3995
},
"diskType": {
"type": "string",
"defaultValue": "Standard_LRS",
Expand Down Expand Up @@ -386,6 +395,20 @@
"NewNsgName": {
"type": "string",
"defaultValue": "[concat(parameters('vmName'),'-nsg')]"
},
"addStorageAccountIpRules": {
"type": "bool",
"metadata": {
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
},
"defaultValue" : false
},
"storageAccountAdditionalIps":{
"type": "array",
"metadata": {
"description": "IPs/CIDRs that are allowed access to the Storage Account"
},
"defaultValue" : []
}
},
"variables": {
Expand All @@ -411,10 +434,60 @@
"R81.20 - Pay As You Go (NGTX)": "R8120"
},
"osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
"SerialConsoleGeographies": {
"eastasia" : ["20.205.69.28", "20.195.85.180"],
"southeastasia" : ["20.205.69.28", "20.195.85.180"],
"australiacentral" : ["20.53.53.224", "20.70.222.112"],
"australiacentral2" : ["20.53.53.224", "20.70.222.112"],
"australiaeast" : ["20.53.53.224", "20.70.222.112"],
"australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
"brazilsouth" : ["91.234.136.63", "20.206.0.194"],
"brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
"canadacentral" : ["52.228.86.177", "52.242.40.90"],
"canadaeast" : ["52.228.86.177", "52.242.40.90"],
"northeurope" : ["52.146.139.220", "20.105.209.72"],
"westeurope" : ["52.146.139.220", "20.105.209.72"],
"francecentral" : ["20.111.0.244", "52.136.191.10"],
"francesouth" : ["20.111.0.244", "52.136.191.10"],
"germanynorth" : ["51.116.75.88", "20.52.95.48"],
"germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
"centralindia" : ["20.192.168.150", "20.192.153.104"],
"southindia" : ["20.192.168.150", "20.192.153.104"],
"westindia" : ["20.192.168.150", "20.192.153.104"],
"japaneast" : ["20.43.70.205", "20.189.228.222"],
"japanwest" : ["20.43.70.205", "20.189.228.222"],
"koreacentral" : ["20.200.196.96", "52.147.119.29"],
"koreasouth" : ["20.200.196.96", "52.147.119.29"],
"norwaywest" : ["20.100.1.184", "51.13.138.76"],
"norwayeast" : ["20.100.1.184", "51.13.138.76"],
"switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
"switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
"uaecentral" : ["20.45.95.66", "20.38.141.5"],
"uaenorth" : ["20.45.95.66", "20.38.141.5"],
"uksouth" : ["20.90.132.144", "20.58.68.62"],
"ukwest" : ["20.90.132.144", "20.58.68.62"],
"swedencentral" : ["51.12.72.223", "51.12.22.174"],
"swedensouth" : ["51.12.72.223", "51.12.22.174"],
"centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
"eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
"eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
"northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
"southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
"westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
"westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
"westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
"westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
"eastus2euap" : ["20.45.242.18", "20.51.21.252"],
"centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
"serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
"storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
"isBlink": true,
"subnet1Name": "[parameters('subnet1Name')]",
"storageAccountName": "[concat('bootdiag', uniqueString(variables('resourceGroup').id, deployment().name))]",
"storageAccountType": "Standard_LRS",
"diskSize100GB": 100,
"additionalDiskSizeGB": "[if(contains('R8040 R81 R8110 R8120', variables('osVersion')), 0, parameters('additionalDiskSizeGB'))]",
"diskSizeGB": "[add(variables('additionalDiskSizeGB'), variables('diskSize100GB'))]",
"customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'MaintenanceModePassword=\"', parameters('MaintenanceModePasswordHash'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
"imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
"imagePublisher": "checkpoint",
Expand Down Expand Up @@ -544,7 +617,8 @@
"japaneast",
"koreacentral",
"southeastasia",
"eastasia"
"eastasia",
"italynorth"
],
"availabilityZonesProperty": "[range(1, parameters('availabilityZonesNum'))]",
"mgmtInterface": "[if(equals(parameters('instanceLevelPublicIP'), 'yes'), parameters('mgmtInterfaceOpt1'), 'eth0-private')]",
Expand All @@ -571,7 +645,7 @@
"resources": [
{
"apiVersion": "2020-06-01",
"name": "pid-6f13b00a-7546-4ab2-be9f-c66815cc6c8b-partnercenter",
"name": "pid-5432b4df-d783-57a2-b65f-39f4bca4974a",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
Expand Down Expand Up @@ -633,7 +707,7 @@
},
"NewNsgName":
{
"value":"[parameters('NewNsgName')]"
"value": "[parameters('NewNsgName')]"
},
"deployRouteTable": {
"value": true
Expand Down Expand Up @@ -677,7 +751,7 @@
},
"NewNsgName":
{
"value":"[parameters('NewNsgName')]"
"value": "[parameters('NewNsgName')]"
},
"tagsByResource": {
"value": "[parameters('tagsByResource')]"
Expand Down Expand Up @@ -749,7 +823,12 @@
"properties": {
"supportsHttpsTrafficOnly": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2"
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"bypass": "None",
"defaultAction": "[if(parameters('addStorageAccountIpRules'), 'Deny', 'Allow')]",
"ipRules": "[if(parameters('addStorageAccountIpRules'), map(variables('storageAccountIps'), lambda('ip',createObject('action','Allow','value',lambdaVariables('ip')))), createArray())]"
}
},
"location": "[variables('location')]",
"sku": {
Expand Down Expand Up @@ -805,6 +884,7 @@
"UserData": "[base64(concat(variables('customData'), '\n', 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefix.value, reference('networkExistingSetup').outputs.vnetAddressPrefix.value), '\"', '\n' ))]",
"storageProfile": {
"osDisk": {
"diskSizeGB": "[variables('diskSizeGB')]",
"caching": "ReadWrite",
"createOption": "FromImage",
"managedDisk": {
Expand All @@ -826,7 +906,7 @@
"name": "eth0",
"properties": {
"primary": true,
"enableIPForwarding": false,
"enableIPForwarding": true,
"enableAcceleratedNetworking": true,
"networkSecurityGroup": "[if(parameters('deployNewNSG') , variables('NewNsgReference') , parameters('ExistingNSG'))]",
"ipConfigurations": [
Expand Down
26 changes: 24 additions & 2 deletions azure/templates/marketplace-ha/createUiDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1632,7 +1632,7 @@
"label": "Availability options",
"defaultValue": "Availability Set",
"toolTip": "Use replicated Cluster VMs in Availability Set or Availability Zones. Note that the load balancers and their IP addresses will be zone redundant in any case.",
"visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth ', concat(' ', location(), ' '))]",
"visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth ', concat(' ', location(), ' '))]",
"constraints": {
"allowedValues": [
{
Expand Down Expand Up @@ -1738,7 +1738,7 @@
"type": "Microsoft.Common.TextBox",
"label": "Additional disk space (GB)",
"defaultValue": "0",
"toolTip": "Additional disk space (in GB), Initial disk size is 100 GB.",
"toolTip": "Additional disk space (in GB), initial disk size is 100 GB.",
"constraints": {
"regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
"validationMessage": "Select a number between 0 and 3995"
Expand Down Expand Up @@ -2241,6 +2241,27 @@
"validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
},
"visible": "[steps('network').NSG]"
},
{
"name": "addStorageAccountIpRules",
"type": "Microsoft.Common.OptionsGroup",
"defaultValue": "Network access from all networks",
"label": "Storage Account Network Access",
"toolTip": "Select your preferred network access to the Storage Account, for more information - https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#serial-console-security",
"constraints": {
"allowedValues": [
{
"label": "Network access from all networks",
"value": false
},
{
"label": "Network access only from Serial Console",
"value": true
}
],
"required": true
},
"visible": true
}
]
},
Expand Down Expand Up @@ -2305,6 +2326,7 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
"addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
"VipsNumber": "[int(steps('network').Vips_Number)]",
"VipNames": "[concat(steps('network').VIP_Names.VIP2_Name, ',', steps('network').VIP_Names.VIP3_Name, ',', steps('network').VIP_Names.VIP4_Name, ',', steps('network').VIP_Names.VIP5_Name, ',', steps('network').VIP_Names.VIP6_Name, ',', steps('network').VIP_Names.VIP7_Name, ',', steps('network').VIP_Names.VIP8_Name, ',', steps('network').VIP_Names.VIP9_Name, ',', steps('network').VIP_Names.VIP10_Name)]",
"SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
Expand Down
Loading
Loading