- Added branch variable to allow workflows to build off current branch for PRs

- Reverted AKS API version to 2024-01-01

Author: pjlewisuk

.github/workflows/StandardCI.yml

@@ -31,7 +31,8 @@ on:
     - cron: "0 23 * * 2"
 env:
   RG: "AksBicepAcc-Ci-BasicCluster" #The resource group we're deploying to.
-  ParamFilePath: "https://raw.githubusercontent.com/Azure/AKS-Construction/main/.github/workflows_dep/AksDeploy-Basic.parameters.json" # ".github/workflows_dep/AksDeploy-Basic.parameters.json" #Path to parameter file
+  BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+  ParamFilePath: "https://raw.githubusercontent.com/Azure/AKS-Construction/${{ BRANCH_NAME }}/.github/workflows_dep/AksDeploy-Basic.parameters.json" # ".github/workflows_dep/AksDeploy-Basic.parameters.json" #Path to parameter file
   RESNAME: "AksStan" #Used in Azure Resource Naming, overrides the default in the parameter file
   DEPNAME: "Dep${{ github.run_number }}" #Deployment Name
   AZCLIVERSION: 2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest

bicep/aksagentpool.bicep

@@ -63,11 +63,11 @@ var spotProperties = {
 // Default OS Disk Size in GB for Linux is 30, for Windows is 100
 var defaultOsDiskSizeGB = osType == 'Linux' ? 30 : 100
 
-resource aks 'Microsoft.ContainerService/managedClusters@2023-11-01' existing = {
+resource aks 'Microsoft.ContainerService/managedClusters@2024-01-01' existing = {
   name: AksName
 }
 
-resource userNodepool 'Microsoft.ContainerService/managedClusters/agentPools@2023-11-01' = {
+resource userNodepool 'Microsoft.ContainerService/managedClusters/agentPools@2024-01-01' = {
   parent: aks
   name: PoolName
   properties: union({

bicep/automationrunbook/aksRbac.bicep

@@ -1,7 +1,7 @@
 param principalId string
 param aksName string
 
-resource aks 'Microsoft.ContainerService/managedClusters@2023-11-01' existing = {
+resource aks 'Microsoft.ContainerService/managedClusters@2024-01-01' existing = {
   name: aksName
 }
 

bicep/main.bicep

@@ -1337,7 +1337,7 @@ keyVaultKmsCreateAndPrereqs || !empty(keyVaultKmsByoKeyId) ? azureKeyVaultKms :
 !empty(serviceMeshProfile) ? { serviceMeshProfile: serviceMeshProfileObj } : {}
 )
 
-resource aks 'Microsoft.ContainerService/managedClusters@2023-11-01' = {
+resource aks 'Microsoft.ContainerService/managedClusters@2024-01-01' = {
   name: 'aks-${resourceName}'
   location: location
   properties: aksProperties

samples/SampleAppMain.json

@@ -1243,7 +1243,7 @@
               "properties": {
                 "roleDefinitionId": "[variables('AcrPullRole')]",
                 "principalType": "ServicePrincipal",
-                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').identityProfile.kubeletidentity.objectId]"
+                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').identityProfile.kubeletidentity.objectId]"
               },
               "dependsOn": [
                 "[resourceId('Microsoft.ContainerRegistry/registries', variables('acrName'))]",
@@ -1316,7 +1316,7 @@
               "properties": {
                 "roleDefinitionId": "[variables('contributor')]",
                 "principalType": "ServicePrincipal",
-                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').addonProfiles.ingressApplicationGateway.identity.objectId]"
+                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').addonProfiles.ingressApplicationGateway.identity.objectId]"
               },
               "dependsOn": [
                 "[resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName')))]",
@@ -1331,7 +1331,7 @@
               "properties": {
                 "roleDefinitionId": "[variables('reader')]",
                 "principalType": "ServicePrincipal",
-                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').addonProfiles.ingressApplicationGateway.identity.objectId]"
+                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').addonProfiles.ingressApplicationGateway.identity.objectId]"
               },
               "dependsOn": [
                 "[resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName')))]"
@@ -1346,7 +1346,7 @@
               "properties": {
                 "roleDefinitionId": "[variables('managedIdentityOperator')]",
                 "principalType": "ServicePrincipal",
-                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').addonProfiles.ingressApplicationGateway.identity.objectId]"
+                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').addonProfiles.ingressApplicationGateway.identity.objectId]"
               },
               "dependsOn": [
                 "[resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName')))]",
@@ -1656,7 +1656,7 @@
               "name": "[guid(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), 'omsagent', variables('MonitoringMetricsPublisherRole'))]",
               "properties": {
                 "roleDefinitionId": "[variables('MonitoringMetricsPublisherRole')]",
-                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').addonProfiles.omsagent.identity.objectId]",
+                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').addonProfiles.omsagent.identity.objectId]",
                 "principalType": "ServicePrincipal"
               },
               "dependsOn": [
@@ -5442,7 +5442,7 @@
                   },
                   "vnetId": "[if(variables('isDnsZonePrivate'), if(not(empty(parameters('byoAKSSubnetId'))), createObject('value', split(parameters('byoAKSSubnetId'), '/subnets')[0]), if(parameters('custom_vnet'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.vnetId.value), createObject('value', ''))), createObject('value', ''))]",
                   "principalId": {
-                    "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').identityProfile.kubeletidentity.objectId]"
+                    "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').identityProfile.kubeletidentity.objectId]"
                   }
                 },
                 "template": {
@@ -5765,7 +5765,7 @@
                 "parameters": {
                   "keyVaultName": "[if(parameters('keyVaultCreate'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultApps', deployment().name), 64)), '2022-09-01').outputs.keyVaultName.value), createObject('value', ''))]",
                   "rbacSecretUserSps": {
-                    "value": "[union(createArray(if(and(variables('deployAppGw'), parameters('appgwKVIntegration')), reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-appgw-{0}', parameters('resourceName'))), '2023-01-31').principalId, '')), createArray(if(parameters('keyVaultAksCSI'), reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').addonProfiles.azureKeyvaultSecretsProvider.identity.objectId, '')))]"
+                    "value": "[union(createArray(if(and(variables('deployAppGw'), parameters('appgwKVIntegration')), reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-appgw-{0}', parameters('resourceName'))), '2023-01-31').principalId, '')), createArray(if(parameters('keyVaultAksCSI'), reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').addonProfiles.azureKeyvaultSecretsProvider.identity.objectId, '')))]"
                   },
                   "rbacSecretOfficerSps": "[if(and(not(empty(parameters('keyVaultOfficerRolePrincipalId'))), parameters('automatedDeployment')), createObject('value', variables('keyVaultOfficerRolePrincipalIds')), createObject('value', createArray()))]",
                   "rbacCertOfficerSps": "[if(and(not(empty(parameters('keyVaultOfficerRolePrincipalId'))), parameters('automatedDeployment')), createObject('value', variables('keyVaultOfficerRolePrincipalIds')), createObject('value', createArray()))]",
@@ -7821,7 +7821,7 @@
                   "resources": [
                     {
                       "type": "Microsoft.ContainerService/managedClusters/agentPools",
-                      "apiVersion": "2023-11-01",
+                      "apiVersion": "2024-01-01",
                       "name": "[format('{0}/{1}', parameters('AksName'), parameters('PoolName'))]",
                       "properties": {
                         "mode": "User",
@@ -8918,27 +8918,27 @@
             },
             "privateFQDN": {
               "type": "string",
-              "value": "[if(and(parameters('enablePrivateCluster'), not(equals(parameters('privateClusterDnsMethod'), 'none'))), reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').privateFQDN, '')]"
+              "value": "[if(and(parameters('enablePrivateCluster'), not(equals(parameters('privateClusterDnsMethod'), 'none'))), reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').privateFQDN, '')]"
             },
             "aksPrivateDnsZoneName": {
               "type": "string",
-              "value": "[if(and(parameters('enablePrivateCluster'), not(equals(parameters('privateClusterDnsMethod'), 'none'))), join(skip(split(reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').privateFQDN, '.'), 1), '.'), '')]"
+              "value": "[if(and(parameters('enablePrivateCluster'), not(equals(parameters('privateClusterDnsMethod'), 'none'))), join(skip(split(reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').privateFQDN, '.'), 1), '.'), '')]"
             },
             "aksClusterName": {
               "type": "string",
               "value": "[format('aks-{0}', parameters('resourceName'))]"
             },
             "aksOidcIssuerUrl": {
               "type": "string",
-              "value": "[if(parameters('oidcIssuer'), reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').oidcIssuerProfile.issuerURL, '')]"
+              "value": "[if(parameters('oidcIssuer'), reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').oidcIssuerProfile.issuerURL, '')]"
             },
             "aksOidcFedIdentityProperties": {
               "type": "object",
               "metadata": {
                 "description": "This output can be directly leveraged when creating a ManagedId Federated Identity"
               },
               "value": {
-                "issuer": "[if(parameters('oidcIssuer'), reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').oidcIssuerProfile.issuerURL, '')]",
+                "issuer": "[if(parameters('oidcIssuer'), reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').oidcIssuerProfile.issuerURL, '')]",
                 "audiences": [
                   "api://AzureADTokenExchange"
                 ],
@@ -8950,7 +8950,7 @@
               "metadata": {
                 "description": "The name of the managed resource group AKS uses"
               },
-              "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').nodeResourceGroup]"
+              "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').nodeResourceGroup]"
             },
             "aksResourceId": {
               "type": "string",

samples/SystemPresetExample.json

@@ -6,7 +6,7 @@ param acrName string
 var AcrPullRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')
 var KubeletObjectId = any(aks.properties.identityProfile.kubeletidentity).objectId
 
-resource aks 'Microsoft.ContainerService/managedClusters@2023-11-01' existing = {
+resource aks 'Microsoft.ContainerService/managedClusters@2024-01-01' existing = {
   name: aksName
 }
 

samples/deploy-stages/stage3-acrrbac.bicep

@@ -6,7 +6,7 @@ param aadUserObjectId string = ''
 
 var rbacClusterAdmin = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b')
 
-resource aks 'Microsoft.ContainerService/managedClusters@2023-11-01' existing = {
+resource aks 'Microsoft.ContainerService/managedClusters@2024-01-01' existing = {
   name: aksName
 }
 

samples/deploy-stages/stage4-aksrbac.bicep

@@ -2,7 +2,7 @@ param aksName string
 
 param aksFluxAddOnReleaseNamespace string = 'flux-system'
 
-resource aks 'Microsoft.ContainerService/managedClusters@2023-11-01' existing = {
+resource aks 'Microsoft.ContainerService/managedClusters@2024-01-01' existing = {
   name: aksName
 }
 

samples/flux/configpatterns/fluxConfig-InfraAndApps.bicep

@@ -2,7 +2,7 @@ param aksName string
 
 param aksFluxAddOnReleaseNamespace string = 'flux-system'
 
-resource aks 'Microsoft.ContainerService/managedClusters@2023-11-01' existing = {
+resource aks 'Microsoft.ContainerService/managedClusters@2024-01-01' existing = {
   name: aksName
 }
 

samples/flux/configpatterns/fluxConfig-Unified.bicep

@@ -8,7 +8,7 @@ resource acr 'Microsoft.ContainerRegistry/registries@2021-06-01-preview' existin
 }
 
 //Create a reference to the existing AKS
-resource aks 'Microsoft.ContainerService/managedClusters@2023-11-01' existing = {
+resource aks 'Microsoft.ContainerService/managedClusters@2024-01-01' existing = {
   name: aksName
   scope: resourceGroup(aksResourceGroup)
 }

samples/shared-acr/acr-rbac.bicep

@@ -1269,7 +1269,7 @@
               "properties": {
                 "roleDefinitionId": "[variables('AcrPullRole')]",
                 "principalType": "ServicePrincipal",
-                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2023-11-01').identityProfile.kubeletidentity.objectId]"
+                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', format('aks-{0}', parameters('resourceName'))), '2024-01-01').identityProfile.kubeletidentity.objectId]"
               },
               "dependsOn": [
                 "[resourceId('Microsoft.ContainerRegistry/registries', variables('acrName'))]",