azd 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +21 -0
- data/README.md +2 -0
- data/lib/generators/azd/install_generator.rb +14 -0
- data/lib/generators/templates/azure.yaml.tt +22 -0
- data/lib/generators/templates/infra/abbreviations.json +136 -0
- data/lib/generators/templates/infra/core/ai/cognitiveservices.bicep +53 -0
- data/lib/generators/templates/infra/core/config/configstore.bicep +48 -0
- data/lib/generators/templates/infra/core/database/cosmos/cosmos-account.bicep +49 -0
- data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep +23 -0
- data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep +47 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-account.bicep +22 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-db.bicep +74 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep +19 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep +30 -0
- data/lib/generators/templates/infra/core/database/mysql/flexibleserver.bicep +65 -0
- data/lib/generators/templates/infra/core/database/postgresql/flexibleserver.bicep +81 -0
- data/lib/generators/templates/infra/core/database/sqlserver/sqlserver.bicep +130 -0
- data/lib/generators/templates/infra/core/gateway/apim.bicep +79 -0
- data/lib/generators/templates/infra/core/host/aks-agent-pool.bicep +18 -0
- data/lib/generators/templates/infra/core/host/aks-managed-cluster.bicep +140 -0
- data/lib/generators/templates/infra/core/host/aks.bicep +280 -0
- data/lib/generators/templates/infra/core/host/appservice-appsettings.bicep +17 -0
- data/lib/generators/templates/infra/core/host/appservice.bicep +123 -0
- data/lib/generators/templates/infra/core/host/appserviceplan.bicep +22 -0
- data/lib/generators/templates/infra/core/host/container-app-upsert.bicep +109 -0
- data/lib/generators/templates/infra/core/host/container-app.bicep +165 -0
- data/lib/generators/templates/infra/core/host/container-apps-environment.bicep +41 -0
- data/lib/generators/templates/infra/core/host/container-apps.bicep +40 -0
- data/lib/generators/templates/infra/core/host/container-registry.bicep +83 -0
- data/lib/generators/templates/infra/core/host/functions.bicep +86 -0
- data/lib/generators/templates/infra/core/host/staticwebapp.bicep +22 -0
- data/lib/generators/templates/infra/core/monitor/applicationinsights-dashboard.bicep +1236 -0
- data/lib/generators/templates/infra/core/monitor/applicationinsights.bicep +30 -0
- data/lib/generators/templates/infra/core/monitor/loganalytics.bicep +22 -0
- data/lib/generators/templates/infra/core/monitor/monitoring.bicep +32 -0
- data/lib/generators/templates/infra/core/networking/cdn-endpoint.bicep +52 -0
- data/lib/generators/templates/infra/core/networking/cdn-profile.bicep +34 -0
- data/lib/generators/templates/infra/core/networking/cdn.bicep +42 -0
- data/lib/generators/templates/infra/core/search/search-services.bicep +68 -0
- data/lib/generators/templates/infra/core/security/aks-managed-cluster-access.bicep +19 -0
- data/lib/generators/templates/infra/core/security/configstore-access.bicep +21 -0
- data/lib/generators/templates/infra/core/security/keyvault-access.bicep +22 -0
- data/lib/generators/templates/infra/core/security/keyvault-secret.bicep +31 -0
- data/lib/generators/templates/infra/core/security/keyvault.bicep +31 -0
- data/lib/generators/templates/infra/core/security/registry-access.bicep +19 -0
- data/lib/generators/templates/infra/core/security/role.bicep +21 -0
- data/lib/generators/templates/infra/core/storage/storage-account.bicep +64 -0
- data/lib/generators/templates/infra/core/testing/loadtesting.bicep +15 -0
- data/lib/generators/templates/infra/identity.bicep +20 -0
- data/lib/generators/templates/infra/main.bicep +243 -0
- data/lib/generators/templates/infra/main.parameters.json +25 -0
- data/lib/generators/templates/infra/rails.bicep +95 -0
- metadata +115 -0
@@ -0,0 +1,81 @@
|
|
1
|
+
metadata description = 'Creates an Azure Database for PostgreSQL - Flexible Server.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param sku object
|
7
|
+
param storage object
|
8
|
+
param administratorLogin string
|
9
|
+
@secure()
|
10
|
+
param administratorLoginPassword string
|
11
|
+
param databaseNames array = []
|
12
|
+
param allowAzureIPsFirewall bool = false
|
13
|
+
param allowAllIPsFirewall bool = false
|
14
|
+
param allowedSingleIPs array = []
|
15
|
+
param azureExtensions array = []
|
16
|
+
|
17
|
+
// PostgreSQL version
|
18
|
+
param version string
|
19
|
+
|
20
|
+
resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-03-01-preview' = {
|
21
|
+
location: location
|
22
|
+
tags: tags
|
23
|
+
name: name
|
24
|
+
sku: sku
|
25
|
+
properties: {
|
26
|
+
version: version
|
27
|
+
administratorLogin: administratorLogin
|
28
|
+
administratorLoginPassword: administratorLoginPassword
|
29
|
+
storage: storage
|
30
|
+
highAvailability: {
|
31
|
+
mode: 'Disabled'
|
32
|
+
}
|
33
|
+
|
34
|
+
}
|
35
|
+
|
36
|
+
resource database 'databases' = [for name in databaseNames: {
|
37
|
+
name: name
|
38
|
+
}]
|
39
|
+
}
|
40
|
+
|
41
|
+
resource firewall_all 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = if (allowAllIPsFirewall) {
|
42
|
+
name: 'allow-all-IPs'
|
43
|
+
parent: postgresServer
|
44
|
+
properties: {
|
45
|
+
startIpAddress: '0.0.0.0'
|
46
|
+
endIpAddress: '255.255.255.255'
|
47
|
+
}
|
48
|
+
}
|
49
|
+
|
50
|
+
resource firewall_azure 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = if (allowAzureIPsFirewall) {
|
51
|
+
name: 'allow-all-azure-internal-IPs'
|
52
|
+
parent: postgresServer
|
53
|
+
properties: {
|
54
|
+
startIpAddress: '0.0.0.0'
|
55
|
+
endIpAddress: '0.0.0.0'
|
56
|
+
}
|
57
|
+
}
|
58
|
+
|
59
|
+
resource firewall_single 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = [for ip in allowedSingleIPs: {
|
60
|
+
name: 'allow-single-${replace(ip, '.', '')}'
|
61
|
+
parent: postgresServer
|
62
|
+
properties: {
|
63
|
+
startIpAddress: ip
|
64
|
+
endIpAddress: ip
|
65
|
+
}
|
66
|
+
}]
|
67
|
+
|
68
|
+
// Workaround issue https://github.com/Azure/bicep-types-az/issues/1507
|
69
|
+
resource configurations 'Microsoft.DBforPostgreSQL/flexibleServers/configurations@2023-03-01-preview' = {
|
70
|
+
name: 'azure.extensions'
|
71
|
+
parent: postgresServer
|
72
|
+
properties: {
|
73
|
+
value: join(azureExtensions, ',')
|
74
|
+
source: 'user-override'
|
75
|
+
}
|
76
|
+
dependsOn: [
|
77
|
+
firewall_all
|
78
|
+
]
|
79
|
+
}
|
80
|
+
|
81
|
+
output POSTGRES_DOMAIN_NAME string = postgresServer.properties.fullyQualifiedDomainName
|
@@ -0,0 +1,130 @@
|
|
1
|
+
metadata description = 'Creates an Azure SQL Server instance.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param appUser string = 'appUser'
|
7
|
+
param databaseName string
|
8
|
+
param keyVaultName string
|
9
|
+
param sqlAdmin string = 'sqlAdmin'
|
10
|
+
param connectionStringKey string = 'AZURE-SQL-CONNECTION-STRING'
|
11
|
+
|
12
|
+
@secure()
|
13
|
+
param sqlAdminPassword string
|
14
|
+
@secure()
|
15
|
+
param appUserPassword string
|
16
|
+
|
17
|
+
resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
|
18
|
+
name: name
|
19
|
+
location: location
|
20
|
+
tags: tags
|
21
|
+
properties: {
|
22
|
+
version: '12.0'
|
23
|
+
minimalTlsVersion: '1.2'
|
24
|
+
publicNetworkAccess: 'Enabled'
|
25
|
+
administratorLogin: sqlAdmin
|
26
|
+
administratorLoginPassword: sqlAdminPassword
|
27
|
+
}
|
28
|
+
|
29
|
+
resource database 'databases' = {
|
30
|
+
name: databaseName
|
31
|
+
location: location
|
32
|
+
}
|
33
|
+
|
34
|
+
resource firewall 'firewallRules' = {
|
35
|
+
name: 'Azure Services'
|
36
|
+
properties: {
|
37
|
+
// Allow all clients
|
38
|
+
// Note: range [0.0.0.0-0.0.0.0] means "allow all Azure-hosted clients only".
|
39
|
+
// This is not sufficient, because we also want to allow direct access from developer machine, for debugging purposes.
|
40
|
+
startIpAddress: '0.0.0.1'
|
41
|
+
endIpAddress: '255.255.255.254'
|
42
|
+
}
|
43
|
+
}
|
44
|
+
}
|
45
|
+
|
46
|
+
resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
|
47
|
+
name: '${name}-deployment-script'
|
48
|
+
location: location
|
49
|
+
kind: 'AzureCLI'
|
50
|
+
properties: {
|
51
|
+
azCliVersion: '2.37.0'
|
52
|
+
retentionInterval: 'PT1H' // Retain the script resource for 1 hour after it ends running
|
53
|
+
timeout: 'PT5M' // Five minutes
|
54
|
+
cleanupPreference: 'OnSuccess'
|
55
|
+
environmentVariables: [
|
56
|
+
{
|
57
|
+
name: 'APPUSERNAME'
|
58
|
+
value: appUser
|
59
|
+
}
|
60
|
+
{
|
61
|
+
name: 'APPUSERPASSWORD'
|
62
|
+
secureValue: appUserPassword
|
63
|
+
}
|
64
|
+
{
|
65
|
+
name: 'DBNAME'
|
66
|
+
value: databaseName
|
67
|
+
}
|
68
|
+
{
|
69
|
+
name: 'DBSERVER'
|
70
|
+
value: sqlServer.properties.fullyQualifiedDomainName
|
71
|
+
}
|
72
|
+
{
|
73
|
+
name: 'SQLCMDPASSWORD'
|
74
|
+
secureValue: sqlAdminPassword
|
75
|
+
}
|
76
|
+
{
|
77
|
+
name: 'SQLADMIN'
|
78
|
+
value: sqlAdmin
|
79
|
+
}
|
80
|
+
]
|
81
|
+
|
82
|
+
scriptContent: '''
|
83
|
+
wget https://github.com/microsoft/go-sqlcmd/releases/download/v0.8.1/sqlcmd-v0.8.1-linux-x64.tar.bz2
|
84
|
+
tar x -f sqlcmd-v0.8.1-linux-x64.tar.bz2 -C .
|
85
|
+
|
86
|
+
cat <<SCRIPT_END > ./initDb.sql
|
87
|
+
drop user if exists ${APPUSERNAME}
|
88
|
+
go
|
89
|
+
create user ${APPUSERNAME} with password = '${APPUSERPASSWORD}'
|
90
|
+
go
|
91
|
+
alter role db_owner add member ${APPUSERNAME}
|
92
|
+
go
|
93
|
+
SCRIPT_END
|
94
|
+
|
95
|
+
./sqlcmd -S ${DBSERVER} -d ${DBNAME} -U ${SQLADMIN} -i ./initDb.sql
|
96
|
+
'''
|
97
|
+
}
|
98
|
+
}
|
99
|
+
|
100
|
+
resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
|
101
|
+
parent: keyVault
|
102
|
+
name: 'sqlAdminPassword'
|
103
|
+
properties: {
|
104
|
+
value: sqlAdminPassword
|
105
|
+
}
|
106
|
+
}
|
107
|
+
|
108
|
+
resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
|
109
|
+
parent: keyVault
|
110
|
+
name: 'appUserPassword'
|
111
|
+
properties: {
|
112
|
+
value: appUserPassword
|
113
|
+
}
|
114
|
+
}
|
115
|
+
|
116
|
+
resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
|
117
|
+
parent: keyVault
|
118
|
+
name: connectionStringKey
|
119
|
+
properties: {
|
120
|
+
value: '${connectionString}; Password=${appUserPassword}'
|
121
|
+
}
|
122
|
+
}
|
123
|
+
|
124
|
+
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
|
125
|
+
name: keyVaultName
|
126
|
+
}
|
127
|
+
|
128
|
+
var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
|
129
|
+
output connectionStringKey string = connectionStringKey
|
130
|
+
output databaseName string = sqlServer::database.name
|
@@ -0,0 +1,79 @@
|
|
1
|
+
metadata description = 'Creates an Azure API Management instance.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
@description('The email address of the owner of the service')
|
7
|
+
@minLength(1)
|
8
|
+
param publisherEmail string = 'noreply@microsoft.com'
|
9
|
+
|
10
|
+
@description('The name of the owner of the service')
|
11
|
+
@minLength(1)
|
12
|
+
param publisherName string = 'n/a'
|
13
|
+
|
14
|
+
@description('The pricing tier of this API Management service')
|
15
|
+
@allowed([
|
16
|
+
'Consumption'
|
17
|
+
'Developer'
|
18
|
+
'Standard'
|
19
|
+
'Premium'
|
20
|
+
])
|
21
|
+
param sku string = 'Consumption'
|
22
|
+
|
23
|
+
@description('The instance size of this API Management service.')
|
24
|
+
@allowed([ 0, 1, 2 ])
|
25
|
+
param skuCount int = 0
|
26
|
+
|
27
|
+
@description('Azure Application Insights Name')
|
28
|
+
param applicationInsightsName string
|
29
|
+
|
30
|
+
resource apimService 'Microsoft.ApiManagement/service@2021-08-01' = {
|
31
|
+
name: name
|
32
|
+
location: location
|
33
|
+
tags: union(tags, { 'azd-service-name': name })
|
34
|
+
sku: {
|
35
|
+
name: sku
|
36
|
+
capacity: (sku == 'Consumption') ? 0 : ((sku == 'Developer') ? 1 : skuCount)
|
37
|
+
}
|
38
|
+
properties: {
|
39
|
+
publisherEmail: publisherEmail
|
40
|
+
publisherName: publisherName
|
41
|
+
// Custom properties are not supported for Consumption SKU
|
42
|
+
customProperties: sku == 'Consumption' ? {} : {
|
43
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
|
44
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
|
45
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
|
46
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
|
47
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
|
48
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
|
49
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
|
50
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
|
51
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
|
52
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
|
53
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
|
54
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
|
55
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
|
56
|
+
'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
|
57
|
+
}
|
58
|
+
}
|
59
|
+
}
|
60
|
+
|
61
|
+
resource apimLogger 'Microsoft.ApiManagement/service/loggers@2021-12-01-preview' = if (!empty(applicationInsightsName)) {
|
62
|
+
name: 'app-insights-logger'
|
63
|
+
parent: apimService
|
64
|
+
properties: {
|
65
|
+
credentials: {
|
66
|
+
instrumentationKey: applicationInsights.properties.InstrumentationKey
|
67
|
+
}
|
68
|
+
description: 'Logger to Azure Application Insights'
|
69
|
+
isBuffered: false
|
70
|
+
loggerType: 'applicationInsights'
|
71
|
+
resourceId: applicationInsights.id
|
72
|
+
}
|
73
|
+
}
|
74
|
+
|
75
|
+
resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) {
|
76
|
+
name: applicationInsightsName
|
77
|
+
}
|
78
|
+
|
79
|
+
output apimServiceName string = apimService.name
|
@@ -0,0 +1,18 @@
|
|
1
|
+
metadata description = 'Adds an agent pool to an Azure Kubernetes Service (AKS) cluster.'
|
2
|
+
param clusterName string
|
3
|
+
|
4
|
+
@description('The agent pool name')
|
5
|
+
param name string
|
6
|
+
|
7
|
+
@description('The agent pool configuration')
|
8
|
+
param config object
|
9
|
+
|
10
|
+
resource aksCluster 'Microsoft.ContainerService/managedClusters@2023-10-02-preview' existing = {
|
11
|
+
name: clusterName
|
12
|
+
}
|
13
|
+
|
14
|
+
resource nodePool 'Microsoft.ContainerService/managedClusters/agentPools@2023-10-02-preview' = {
|
15
|
+
parent: aksCluster
|
16
|
+
name: name
|
17
|
+
properties: config
|
18
|
+
}
|
@@ -0,0 +1,140 @@
|
|
1
|
+
metadata description = 'Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool.'
|
2
|
+
@description('The name for the AKS managed cluster')
|
3
|
+
param name string
|
4
|
+
|
5
|
+
@description('The name of the resource group for the managed resources of the AKS cluster')
|
6
|
+
param nodeResourceGroupName string = ''
|
7
|
+
|
8
|
+
@description('The Azure region/location for the AKS resources')
|
9
|
+
param location string = resourceGroup().location
|
10
|
+
|
11
|
+
@description('Custom tags to apply to the AKS resources')
|
12
|
+
param tags object = {}
|
13
|
+
|
14
|
+
@description('Kubernetes Version')
|
15
|
+
param kubernetesVersion string = '1.27.7'
|
16
|
+
|
17
|
+
@description('Whether RBAC is enabled for local accounts')
|
18
|
+
param enableRbac bool = true
|
19
|
+
|
20
|
+
// Add-ons
|
21
|
+
@description('Whether web app routing (preview) add-on is enabled')
|
22
|
+
param webAppRoutingAddon bool = true
|
23
|
+
|
24
|
+
// AAD Integration
|
25
|
+
@description('Enable Azure Active Directory integration')
|
26
|
+
param enableAad bool = false
|
27
|
+
|
28
|
+
@description('Enable RBAC using AAD')
|
29
|
+
param enableAzureRbac bool = false
|
30
|
+
|
31
|
+
@description('The Tenant ID associated to the Azure Active Directory')
|
32
|
+
param aadTenantId string = tenant().tenantId
|
33
|
+
|
34
|
+
@description('The load balancer SKU to use for ingress into the AKS cluster')
|
35
|
+
@allowed([ 'basic', 'standard' ])
|
36
|
+
param loadBalancerSku string = 'standard'
|
37
|
+
|
38
|
+
@description('Network plugin used for building the Kubernetes network.')
|
39
|
+
@allowed([ 'azure', 'kubenet', 'none' ])
|
40
|
+
param networkPlugin string = 'azure'
|
41
|
+
|
42
|
+
@description('Network policy used for building the Kubernetes network.')
|
43
|
+
@allowed([ 'azure', 'calico' ])
|
44
|
+
param networkPolicy string = 'azure'
|
45
|
+
|
46
|
+
@description('If set to true, getting static credentials will be disabled for this cluster.')
|
47
|
+
param disableLocalAccounts bool = false
|
48
|
+
|
49
|
+
@description('The managed cluster SKU.')
|
50
|
+
@allowed([ 'Free', 'Paid', 'Standard' ])
|
51
|
+
param sku string = 'Free'
|
52
|
+
|
53
|
+
@description('Configuration of AKS add-ons')
|
54
|
+
param addOns object = {}
|
55
|
+
|
56
|
+
@description('The log analytics workspace id used for logging & monitoring')
|
57
|
+
param workspaceId string = ''
|
58
|
+
|
59
|
+
@description('The node pool configuration for the System agent pool')
|
60
|
+
param systemPoolConfig object
|
61
|
+
|
62
|
+
@description('The DNS prefix to associate with the AKS cluster')
|
63
|
+
param dnsPrefix string = ''
|
64
|
+
|
65
|
+
resource aks 'Microsoft.ContainerService/managedClusters@2023-10-02-preview' = {
|
66
|
+
name: name
|
67
|
+
location: location
|
68
|
+
tags: tags
|
69
|
+
identity: {
|
70
|
+
type: 'SystemAssigned'
|
71
|
+
}
|
72
|
+
sku: {
|
73
|
+
name: 'Base'
|
74
|
+
tier: sku
|
75
|
+
}
|
76
|
+
properties: {
|
77
|
+
nodeResourceGroup: !empty(nodeResourceGroupName) ? nodeResourceGroupName : 'rg-mc-${name}'
|
78
|
+
kubernetesVersion: kubernetesVersion
|
79
|
+
dnsPrefix: empty(dnsPrefix) ? '${name}-dns' : dnsPrefix
|
80
|
+
enableRBAC: enableRbac
|
81
|
+
aadProfile: enableAad ? {
|
82
|
+
managed: true
|
83
|
+
enableAzureRBAC: enableAzureRbac
|
84
|
+
tenantID: aadTenantId
|
85
|
+
} : null
|
86
|
+
agentPoolProfiles: [
|
87
|
+
systemPoolConfig
|
88
|
+
]
|
89
|
+
networkProfile: {
|
90
|
+
loadBalancerSku: loadBalancerSku
|
91
|
+
networkPlugin: networkPlugin
|
92
|
+
networkPolicy: networkPolicy
|
93
|
+
}
|
94
|
+
disableLocalAccounts: disableLocalAccounts && enableAad
|
95
|
+
addonProfiles: addOns
|
96
|
+
ingressProfile: {
|
97
|
+
webAppRouting: {
|
98
|
+
enabled: webAppRoutingAddon
|
99
|
+
}
|
100
|
+
}
|
101
|
+
}
|
102
|
+
}
|
103
|
+
|
104
|
+
var aksDiagCategories = [
|
105
|
+
'cluster-autoscaler'
|
106
|
+
'kube-controller-manager'
|
107
|
+
'kube-audit-admin'
|
108
|
+
'guard'
|
109
|
+
]
|
110
|
+
|
111
|
+
// TODO: Update diagnostics to be its own module
|
112
|
+
// Blocking issue: https://github.com/Azure/bicep/issues/622
|
113
|
+
// Unable to pass in a `resource` scope or unable to use string interpolation in resource types
|
114
|
+
resource diagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(workspaceId)) {
|
115
|
+
name: 'aks-diagnostics'
|
116
|
+
scope: aks
|
117
|
+
properties: {
|
118
|
+
workspaceId: workspaceId
|
119
|
+
logs: [for category in aksDiagCategories: {
|
120
|
+
category: category
|
121
|
+
enabled: true
|
122
|
+
}]
|
123
|
+
metrics: [
|
124
|
+
{
|
125
|
+
category: 'AllMetrics'
|
126
|
+
enabled: true
|
127
|
+
}
|
128
|
+
]
|
129
|
+
}
|
130
|
+
}
|
131
|
+
|
132
|
+
@description('The resource name of the AKS cluster')
|
133
|
+
output clusterName string = aks.name
|
134
|
+
|
135
|
+
@description('The AKS cluster identity')
|
136
|
+
output clusterIdentity object = {
|
137
|
+
clientId: aks.properties.identityProfile.kubeletidentity.clientId
|
138
|
+
objectId: aks.properties.identityProfile.kubeletidentity.objectId
|
139
|
+
resourceId: aks.properties.identityProfile.kubeletidentity.resourceId
|
140
|
+
}
|