azd 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/LICENSE +21 -0
- data/README.md +2 -0
- data/lib/generators/azd/install_generator.rb +14 -0
- data/lib/generators/templates/azure.yaml.tt +22 -0
- data/lib/generators/templates/infra/abbreviations.json +136 -0
- data/lib/generators/templates/infra/core/ai/cognitiveservices.bicep +53 -0
- data/lib/generators/templates/infra/core/config/configstore.bicep +48 -0
- data/lib/generators/templates/infra/core/database/cosmos/cosmos-account.bicep +49 -0
- data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep +23 -0
- data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep +47 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-account.bicep +22 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-db.bicep +74 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep +19 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep +30 -0
- data/lib/generators/templates/infra/core/database/mysql/flexibleserver.bicep +65 -0
- data/lib/generators/templates/infra/core/database/postgresql/flexibleserver.bicep +81 -0
- data/lib/generators/templates/infra/core/database/sqlserver/sqlserver.bicep +130 -0
- data/lib/generators/templates/infra/core/gateway/apim.bicep +79 -0
- data/lib/generators/templates/infra/core/host/aks-agent-pool.bicep +18 -0
- data/lib/generators/templates/infra/core/host/aks-managed-cluster.bicep +140 -0
- data/lib/generators/templates/infra/core/host/aks.bicep +280 -0
- data/lib/generators/templates/infra/core/host/appservice-appsettings.bicep +17 -0
- data/lib/generators/templates/infra/core/host/appservice.bicep +123 -0
- data/lib/generators/templates/infra/core/host/appserviceplan.bicep +22 -0
- data/lib/generators/templates/infra/core/host/container-app-upsert.bicep +109 -0
- data/lib/generators/templates/infra/core/host/container-app.bicep +165 -0
- data/lib/generators/templates/infra/core/host/container-apps-environment.bicep +41 -0
- data/lib/generators/templates/infra/core/host/container-apps.bicep +40 -0
- data/lib/generators/templates/infra/core/host/container-registry.bicep +83 -0
- data/lib/generators/templates/infra/core/host/functions.bicep +86 -0
- data/lib/generators/templates/infra/core/host/staticwebapp.bicep +22 -0
- data/lib/generators/templates/infra/core/monitor/applicationinsights-dashboard.bicep +1236 -0
- data/lib/generators/templates/infra/core/monitor/applicationinsights.bicep +30 -0
- data/lib/generators/templates/infra/core/monitor/loganalytics.bicep +22 -0
- data/lib/generators/templates/infra/core/monitor/monitoring.bicep +32 -0
- data/lib/generators/templates/infra/core/networking/cdn-endpoint.bicep +52 -0
- data/lib/generators/templates/infra/core/networking/cdn-profile.bicep +34 -0
- data/lib/generators/templates/infra/core/networking/cdn.bicep +42 -0
- data/lib/generators/templates/infra/core/search/search-services.bicep +68 -0
- data/lib/generators/templates/infra/core/security/aks-managed-cluster-access.bicep +19 -0
- data/lib/generators/templates/infra/core/security/configstore-access.bicep +21 -0
- data/lib/generators/templates/infra/core/security/keyvault-access.bicep +22 -0
- data/lib/generators/templates/infra/core/security/keyvault-secret.bicep +31 -0
- data/lib/generators/templates/infra/core/security/keyvault.bicep +31 -0
- data/lib/generators/templates/infra/core/security/registry-access.bicep +19 -0
- data/lib/generators/templates/infra/core/security/role.bicep +21 -0
- data/lib/generators/templates/infra/core/storage/storage-account.bicep +64 -0
- data/lib/generators/templates/infra/core/testing/loadtesting.bicep +15 -0
- data/lib/generators/templates/infra/identity.bicep +20 -0
- data/lib/generators/templates/infra/main.bicep +243 -0
- data/lib/generators/templates/infra/main.parameters.json +25 -0
- data/lib/generators/templates/infra/rails.bicep +95 -0
- metadata +115 -0
@@ -0,0 +1,81 @@
|
|
1
|
+
metadata description = 'Creates an Azure Database for PostgreSQL - Flexible Server.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param sku object
|
7
|
+
param storage object
|
8
|
+
param administratorLogin string
|
9
|
+
@secure()
|
10
|
+
param administratorLoginPassword string
|
11
|
+
param databaseNames array = []
|
12
|
+
param allowAzureIPsFirewall bool = false
|
13
|
+
param allowAllIPsFirewall bool = false
|
14
|
+
param allowedSingleIPs array = []
|
15
|
+
param azureExtensions array = []
|
16
|
+
|
17
|
+
// PostgreSQL version
|
18
|
+
param version string
|
19
|
+
|
20
|
+
resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-03-01-preview' = {
|
21
|
+
location: location
|
22
|
+
tags: tags
|
23
|
+
name: name
|
24
|
+
sku: sku
|
25
|
+
properties: {
|
26
|
+
version: version
|
27
|
+
administratorLogin: administratorLogin
|
28
|
+
administratorLoginPassword: administratorLoginPassword
|
29
|
+
storage: storage
|
30
|
+
highAvailability: {
|
31
|
+
mode: 'Disabled'
|
32
|
+
}
|
33
|
+
|
34
|
+
}
|
35
|
+
|
36
|
+
resource database 'databases' = [for name in databaseNames: {
|
37
|
+
name: name
|
38
|
+
}]
|
39
|
+
}
|
40
|
+
|
41
|
+
resource firewall_all 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = if (allowAllIPsFirewall) {
|
42
|
+
name: 'allow-all-IPs'
|
43
|
+
parent: postgresServer
|
44
|
+
properties: {
|
45
|
+
startIpAddress: '0.0.0.0'
|
46
|
+
endIpAddress: '255.255.255.255'
|
47
|
+
}
|
48
|
+
}
|
49
|
+
|
50
|
+
resource firewall_azure 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = if (allowAzureIPsFirewall) {
|
51
|
+
name: 'allow-all-azure-internal-IPs'
|
52
|
+
parent: postgresServer
|
53
|
+
properties: {
|
54
|
+
startIpAddress: '0.0.0.0'
|
55
|
+
endIpAddress: '0.0.0.0'
|
56
|
+
}
|
57
|
+
}
|
58
|
+
|
59
|
+
resource firewall_single 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = [for ip in allowedSingleIPs: {
|
60
|
+
name: 'allow-single-${replace(ip, '.', '')}'
|
61
|
+
parent: postgresServer
|
62
|
+
properties: {
|
63
|
+
startIpAddress: ip
|
64
|
+
endIpAddress: ip
|
65
|
+
}
|
66
|
+
}]
|
67
|
+
|
68
|
+
// Workaround issue https://github.com/Azure/bicep-types-az/issues/1507
|
69
|
+
resource configurations 'Microsoft.DBforPostgreSQL/flexibleServers/configurations@2023-03-01-preview' = {
|
70
|
+
name: 'azure.extensions'
|
71
|
+
parent: postgresServer
|
72
|
+
properties: {
|
73
|
+
value: join(azureExtensions, ',')
|
74
|
+
source: 'user-override'
|
75
|
+
}
|
76
|
+
dependsOn: [
|
77
|
+
firewall_all
|
78
|
+
]
|
79
|
+
}
|
80
|
+
|
81
|
+
output POSTGRES_DOMAIN_NAME string = postgresServer.properties.fullyQualifiedDomainName
|
@@ -0,0 +1,130 @@
|
|
1
|
+
metadata description = 'Creates an Azure SQL Server instance.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param appUser string = 'appUser'
|
7
|
+
param databaseName string
|
8
|
+
param keyVaultName string
|
9
|
+
param sqlAdmin string = 'sqlAdmin'
|
10
|
+
param connectionStringKey string = 'AZURE-SQL-CONNECTION-STRING'
|
11
|
+
|
12
|
+
@secure()
|
13
|
+
param sqlAdminPassword string
|
14
|
+
@secure()
|
15
|
+
param appUserPassword string
|
16
|
+
|
17
|
+
resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
|
18
|
+
name: name
|
19
|
+
location: location
|
20
|
+
tags: tags
|
21
|
+
properties: {
|
22
|
+
version: '12.0'
|
23
|
+
minimalTlsVersion: '1.2'
|
24
|
+
publicNetworkAccess: 'Enabled'
|
25
|
+
administratorLogin: sqlAdmin
|
26
|
+
administratorLoginPassword: sqlAdminPassword
|
27
|
+
}
|
28
|
+
|
29
|
+
resource database 'databases' = {
|
30
|
+
name: databaseName
|
31
|
+
location: location
|
32
|
+
}
|
33
|
+
|
34
|
+
resource firewall 'firewallRules' = {
|
35
|
+
name: 'Azure Services'
|
36
|
+
properties: {
|
37
|
+
// Allow all clients
|
38
|
+
// Note: range [0.0.0.0-0.0.0.0] means "allow all Azure-hosted clients only".
|
39
|
+
// This is not sufficient, because we also want to allow direct access from developer machine, for debugging purposes.
|
40
|
+
startIpAddress: '0.0.0.1'
|
41
|
+
endIpAddress: '255.255.255.254'
|
42
|
+
}
|
43
|
+
}
|
44
|
+
}
|
45
|
+
|
46
|
+
resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
|
47
|
+
name: '${name}-deployment-script'
|
48
|
+
location: location
|
49
|
+
kind: 'AzureCLI'
|
50
|
+
properties: {
|
51
|
+
azCliVersion: '2.37.0'
|
52
|
+
retentionInterval: 'PT1H' // Retain the script resource for 1 hour after it ends running
|
53
|
+
timeout: 'PT5M' // Five minutes
|
54
|
+
cleanupPreference: 'OnSuccess'
|
55
|
+
environmentVariables: [
|
56
|
+
{
|
57
|
+
name: 'APPUSERNAME'
|
58
|
+
value: appUser
|
59
|
+
}
|
60
|
+
{
|
61
|
+
name: 'APPUSERPASSWORD'
|
62
|
+
secureValue: appUserPassword
|
63
|
+
}
|
64
|
+
{
|
65
|
+
name: 'DBNAME'
|
66
|
+
value: databaseName
|
67
|
+
}
|
68
|
+
{
|
69
|
+
name: 'DBSERVER'
|
70
|
+
value: sqlServer.properties.fullyQualifiedDomainName
|
71
|
+
}
|
72
|
+
{
|
73
|
+
name: 'SQLCMDPASSWORD'
|
74
|
+
secureValue: sqlAdminPassword
|
75
|
+
}
|
76
|
+
{
|
77
|
+
name: 'SQLADMIN'
|
78
|
+
value: sqlAdmin
|
79
|
+
}
|
80
|
+
]
|
81
|
+
|
82
|
+
scriptContent: '''
|
83
|
+
wget https://github.com/microsoft/go-sqlcmd/releases/download/v0.8.1/sqlcmd-v0.8.1-linux-x64.tar.bz2
|
84
|
+
tar x -f sqlcmd-v0.8.1-linux-x64.tar.bz2 -C .
|
85
|
+
|
86
|
+
cat <<SCRIPT_END > ./initDb.sql
|
87
|
+
drop user if exists ${APPUSERNAME}
|
88
|
+
go
|
89
|
+
create user ${APPUSERNAME} with password = '${APPUSERPASSWORD}'
|
90
|
+
go
|
91
|
+
alter role db_owner add member ${APPUSERNAME}
|
92
|
+
go
|
93
|
+
SCRIPT_END
|
94
|
+
|
95
|
+
./sqlcmd -S ${DBSERVER} -d ${DBNAME} -U ${SQLADMIN} -i ./initDb.sql
|
96
|
+
'''
|
97
|
+
}
|
98
|
+
}
|
99
|
+
|
100
|
+
resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
|
101
|
+
parent: keyVault
|
102
|
+
name: 'sqlAdminPassword'
|
103
|
+
properties: {
|
104
|
+
value: sqlAdminPassword
|
105
|
+
}
|
106
|
+
}
|
107
|
+
|
108
|
+
resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
|
109
|
+
parent: keyVault
|
110
|
+
name: 'appUserPassword'
|
111
|
+
properties: {
|
112
|
+
value: appUserPassword
|
113
|
+
}
|
114
|
+
}
|
115
|
+
|
116
|
+
resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
|
117
|
+
parent: keyVault
|
118
|
+
name: connectionStringKey
|
119
|
+
properties: {
|
120
|
+
value: '${connectionString}; Password=${appUserPassword}'
|
121
|
+
}
|
122
|
+
}
|
123
|
+
|
124
|
+
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
|
125
|
+
name: keyVaultName
|
126
|
+
}
|
127
|
+
|
128
|
+
var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
|
129
|
+
output connectionStringKey string = connectionStringKey
|
130
|
+
output databaseName string = sqlServer::database.name
|
@@ -0,0 +1,79 @@
|
|
1
|
+
metadata description = 'Creates an Azure API Management instance.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
@description('The email address of the owner of the service')
|
7
|
+
@minLength(1)
|
8
|
+
param publisherEmail string = 'noreply@microsoft.com'
|
9
|
+
|
10
|
+
@description('The name of the owner of the service')
|
11
|
+
@minLength(1)
|
12
|
+
param publisherName string = 'n/a'
|
13
|
+
|
14
|
+
@description('The pricing tier of this API Management service')
|
15
|
+
@allowed([
|
16
|
+
'Consumption'
|
17
|
+
'Developer'
|
18
|
+
'Standard'
|
19
|
+
'Premium'
|
20
|
+
])
|
21
|
+
param sku string = 'Consumption'
|
22
|
+
|
23
|
+
@description('The instance size of this API Management service.')
|
24
|
+
@allowed([ 0, 1, 2 ])
|
25
|
+
param skuCount int = 0
|
26
|
+
|
27
|
+
@description('Azure Application Insights Name')
|
28
|
+
param applicationInsightsName string
|
29
|
+
|
30
|
+
resource apimService 'Microsoft.ApiManagement/service@2021-08-01' = {
|
31
|
+
name: name
|
32
|
+
location: location
|
33
|
+
tags: union(tags, { 'azd-service-name': name })
|
34
|
+
sku: {
|
35
|
+
name: sku
|
36
|
+
capacity: (sku == 'Consumption') ? 0 : ((sku == 'Developer') ? 1 : skuCount)
|
37
|
+
}
|
38
|
+
properties: {
|
39
|
+
publisherEmail: publisherEmail
|
40
|
+
publisherName: publisherName
|
41
|
+
// Custom properties are not supported for Consumption SKU
|
42
|
+
customProperties: sku == 'Consumption' ? {} : {
|
43
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
|
44
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
|
45
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
|
46
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
|
47
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
|
48
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
|
49
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
|
50
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
|
51
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
|
52
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
|
53
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
|
54
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
|
55
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
|
56
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
|
57
|
+
}
|
58
|
+
}
|
59
|
+
}
|
60
|
+
|
61
|
+
resource apimLogger 'Microsoft.ApiManagement/service/loggers@2021-12-01-preview' = if (!empty(applicationInsightsName)) {
|
62
|
+
name: 'app-insights-logger'
|
63
|
+
parent: apimService
|
64
|
+
properties: {
|
65
|
+
credentials: {
|
66
|
+
instrumentationKey: applicationInsights.properties.InstrumentationKey
|
67
|
+
}
|
68
|
+
description: 'Logger to Azure Application Insights'
|
69
|
+
isBuffered: false
|
70
|
+
loggerType: 'applicationInsights'
|
71
|
+
resourceId: applicationInsights.id
|
72
|
+
}
|
73
|
+
}
|
74
|
+
|
75
|
+
resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) {
|
76
|
+
name: applicationInsightsName
|
77
|
+
}
|
78
|
+
|
79
|
+
output apimServiceName string = apimService.name
|
@@ -0,0 +1,18 @@
|
|
1
|
+
metadata description = 'Adds an agent pool to an Azure Kubernetes Service (AKS) cluster.'
|
2
|
+
param clusterName string
|
3
|
+
|
4
|
+
@description('The agent pool name')
|
5
|
+
param name string
|
6
|
+
|
7
|
+
@description('The agent pool configuration')
|
8
|
+
param config object
|
9
|
+
|
10
|
+
resource aksCluster 'Microsoft.ContainerService/managedClusters@2023-10-02-preview' existing = {
|
11
|
+
name: clusterName
|
12
|
+
}
|
13
|
+
|
14
|
+
resource nodePool 'Microsoft.ContainerService/managedClusters/agentPools@2023-10-02-preview' = {
|
15
|
+
parent: aksCluster
|
16
|
+
name: name
|
17
|
+
properties: config
|
18
|
+
}
|
@@ -0,0 +1,140 @@
|
|
1
|
+
metadata description = 'Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool.'
|
2
|
+
@description('The name for the AKS managed cluster')
|
3
|
+
param name string
|
4
|
+
|
5
|
+
@description('The name of the resource group for the managed resources of the AKS cluster')
|
6
|
+
param nodeResourceGroupName string = ''
|
7
|
+
|
8
|
+
@description('The Azure region/location for the AKS resources')
|
9
|
+
param location string = resourceGroup().location
|
10
|
+
|
11
|
+
@description('Custom tags to apply to the AKS resources')
|
12
|
+
param tags object = {}
|
13
|
+
|
14
|
+
@description('Kubernetes Version')
|
15
|
+
param kubernetesVersion string = '1.27.7'
|
16
|
+
|
17
|
+
@description('Whether RBAC is enabled for local accounts')
|
18
|
+
param enableRbac bool = true
|
19
|
+
|
20
|
+
// Add-ons
|
21
|
+
@description('Whether web app routing (preview) add-on is enabled')
|
22
|
+
param webAppRoutingAddon bool = true
|
23
|
+
|
24
|
+
// AAD Integration
|
25
|
+
@description('Enable Azure Active Directory integration')
|
26
|
+
param enableAad bool = false
|
27
|
+
|
28
|
+
@description('Enable RBAC using AAD')
|
29
|
+
param enableAzureRbac bool = false
|
30
|
+
|
31
|
+
@description('The Tenant ID associated to the Azure Active Directory')
|
32
|
+
param aadTenantId string = tenant().tenantId
|
33
|
+
|
34
|
+
@description('The load balancer SKU to use for ingress into the AKS cluster')
|
35
|
+
@allowed([ 'basic', 'standard' ])
|
36
|
+
param loadBalancerSku string = 'standard'
|
37
|
+
|
38
|
+
@description('Network plugin used for building the Kubernetes network.')
|
39
|
+
@allowed([ 'azure', 'kubenet', 'none' ])
|
40
|
+
param networkPlugin string = 'azure'
|
41
|
+
|
42
|
+
@description('Network policy used for building the Kubernetes network.')
|
43
|
+
@allowed([ 'azure', 'calico' ])
|
44
|
+
param networkPolicy string = 'azure'
|
45
|
+
|
46
|
+
@description('If set to true, getting static credentials will be disabled for this cluster.')
|
47
|
+
param disableLocalAccounts bool = false
|
48
|
+
|
49
|
+
@description('The managed cluster SKU.')
|
50
|
+
@allowed([ 'Free', 'Paid', 'Standard' ])
|
51
|
+
param sku string = 'Free'
|
52
|
+
|
53
|
+
@description('Configuration of AKS add-ons')
|
54
|
+
param addOns object = {}
|
55
|
+
|
56
|
+
@description('The log analytics workspace id used for logging & monitoring')
|
57
|
+
param workspaceId string = ''
|
58
|
+
|
59
|
+
@description('The node pool configuration for the System agent pool')
|
60
|
+
param systemPoolConfig object
|
61
|
+
|
62
|
+
@description('The DNS prefix to associate with the AKS cluster')
|
63
|
+
param dnsPrefix string = ''
|
64
|
+
|
65
|
+
resource aks 'Microsoft.ContainerService/managedClusters@2023-10-02-preview' = {
|
66
|
+
name: name
|
67
|
+
location: location
|
68
|
+
tags: tags
|
69
|
+
identity: {
|
70
|
+
type: 'SystemAssigned'
|
71
|
+
}
|
72
|
+
sku: {
|
73
|
+
name: 'Base'
|
74
|
+
tier: sku
|
75
|
+
}
|
76
|
+
properties: {
|
77
|
+
nodeResourceGroup: !empty(nodeResourceGroupName) ? nodeResourceGroupName : 'rg-mc-${name}'
|
78
|
+
kubernetesVersion: kubernetesVersion
|
79
|
+
dnsPrefix: empty(dnsPrefix) ? '${name}-dns' : dnsPrefix
|
80
|
+
enableRBAC: enableRbac
|
81
|
+
aadProfile: enableAad ? {
|
82
|
+
managed: true
|
83
|
+
enableAzureRBAC: enableAzureRbac
|
84
|
+
tenantID: aadTenantId
|
85
|
+
} : null
|
86
|
+
agentPoolProfiles: [
|
87
|
+
systemPoolConfig
|
88
|
+
]
|
89
|
+
networkProfile: {
|
90
|
+
loadBalancerSku: loadBalancerSku
|
91
|
+
networkPlugin: networkPlugin
|
92
|
+
networkPolicy: networkPolicy
|
93
|
+
}
|
94
|
+
disableLocalAccounts: disableLocalAccounts && enableAad
|
95
|
+
addonProfiles: addOns
|
96
|
+
ingressProfile: {
|
97
|
+
webAppRouting: {
|
98
|
+
enabled: webAppRoutingAddon
|
99
|
+
}
|
100
|
+
}
|
101
|
+
}
|
102
|
+
}
|
103
|
+
|
104
|
+
var aksDiagCategories = [
|
105
|
+
'cluster-autoscaler'
|
106
|
+
'kube-controller-manager'
|
107
|
+
'kube-audit-admin'
|
108
|
+
'guard'
|
109
|
+
]
|
110
|
+
|
111
|
+
// TODO: Update diagnostics to be its own module
|
112
|
+
// Blocking issue: https://github.com/Azure/bicep/issues/622
|
113
|
+
// Unable to pass in a `resource` scope or unable to use string interpolation in resource types
|
114
|
+
resource diagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(workspaceId)) {
|
115
|
+
name: 'aks-diagnostics'
|
116
|
+
scope: aks
|
117
|
+
properties: {
|
118
|
+
workspaceId: workspaceId
|
119
|
+
logs: [for category in aksDiagCategories: {
|
120
|
+
category: category
|
121
|
+
enabled: true
|
122
|
+
}]
|
123
|
+
metrics: [
|
124
|
+
{
|
125
|
+
category: 'AllMetrics'
|
126
|
+
enabled: true
|
127
|
+
}
|
128
|
+
]
|
129
|
+
}
|
130
|
+
}
|
131
|
+
|
132
|
+
@description('The resource name of the AKS cluster')
|
133
|
+
output clusterName string = aks.name
|
134
|
+
|
135
|
+
@description('The AKS cluster identity')
|
136
|
+
output clusterIdentity object = {
|
137
|
+
clientId: aks.properties.identityProfile.kubeletidentity.clientId
|
138
|
+
objectId: aks.properties.identityProfile.kubeletidentity.objectId
|
139
|
+
resourceId: aks.properties.identityProfile.kubeletidentity.resourceId
|
140
|
+
}
|