From 09417237aaaf1a113b4c1ec0b1dae864138d404d Mon Sep 17 00:00:00 2001 From: "Menghua Chen (WICRESOFT NORTH AMERICA LTD)" Date: Wed, 4 Sep 2024 10:50:19 +0800 Subject: [PATCH 1/7] add .yml --- .../avm.ptn.azd.insights-dashboard.yml | 88 +++++++++++++++++++ .../avm.ptn.azd.ml-hub-dependencies.yml | 88 +++++++++++++++++++ 2 files changed, 176 insertions(+) create mode 100644 .github/workflows/avm.ptn.azd.insights-dashboard.yml create mode 100644 .github/workflows/avm.ptn.azd.ml-hub-dependencies.yml diff --git a/.github/workflows/avm.ptn.azd.insights-dashboard.yml b/.github/workflows/avm.ptn.azd.insights-dashboard.yml new file mode 100644 index 0000000000..a1df3a89d7 --- /dev/null +++ b/.github/workflows/avm.ptn.azd.insights-dashboard.yml @@ -0,0 +1,88 @@ +name: "avm.ptn.azd.insights-dashboard" + +on: + workflow_dispatch: + inputs: + staticValidation: + type: boolean + description: "Execute static validation" + required: false + default: true + deploymentValidation: + type: boolean + description: "Execute deployment validation" + required: false + default: true + removeDeployment: + type: boolean + description: "Remove deployed module" + required: false + default: true + customLocation: + type: string + description: "Default location overwrite (e.g., eastus)" + required: false + push: + branches: + - main + paths: + - ".github/actions/templates/avm-**" + - ".github/workflows/avm.template.module.yml" + - ".github/workflows/avm.ptn.azd.insights-dashboard" + - "avm/ptn/azd/insights-dashboard/**" + - "avm/utilities/pipelines/**" + - "!avm/utilities/pipelines/platform/**" + - "!*/**/README.md" + +env: + modulePath: "avm/ptn/azd/insights-dashboard" + workflowPath: ".github/workflows/avm.ptn.azd.insights-dashboard.yml" + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-latest + name: "Initialize pipeline" + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Set input parameters to output variables" + id: get-workflow-param + uses: ./.github/actions/templates/avm-getWorkflowInput + with: + workflowPath: "${{ env.workflowPath}}" + - name: "Get module test file paths" + id: get-module-test-file-paths + uses: ./.github/actions/templates/avm-getModuleTestFiles + with: + modulePath: "${{ env.modulePath }}" + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} + modulePath: "${{ env.modulePath }}" + + ############################## + # Call reusable workflow # + ############################## + call-workflow-passing-data: + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags + needs: + - job_initialize_pipeline + uses: ./.github/workflows/avm.template.module.yml + with: + workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" + modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/avm.ptn.azd.ml-hub-dependencies.yml b/.github/workflows/avm.ptn.azd.ml-hub-dependencies.yml new file mode 100644 index 0000000000..fc862654f2 --- /dev/null +++ b/.github/workflows/avm.ptn.azd.ml-hub-dependencies.yml @@ -0,0 +1,88 @@ +name: "avm.ptn.azd.ml-hub-dependencies" + +on: + workflow_dispatch: + inputs: + staticValidation: + type: boolean + description: "Execute static validation" + required: false + default: true + deploymentValidation: + type: boolean + description: "Execute deployment validation" + required: false + default: true + removeDeployment: + type: boolean + description: "Remove deployed module" + required: false + default: true + customLocation: + type: string + description: "Default location overwrite (e.g., eastus)" + required: false + push: + branches: + - main + paths: + - ".github/actions/templates/avm-**" + - ".github/workflows/avm.template.module.yml" + - ".github/workflows/avm.ptn.azd.ml-hub-dependencies" + - "avm/ptn/azd/ml-hub-dependencies/**" + - "avm/utilities/pipelines/**" + - "!avm/utilities/pipelines/platform/**" + - "!*/**/README.md" + +env: + modulePath: "avm/ptn/azd/ml-hub-dependencies" + workflowPath: ".github/workflows/avm.ptn.azd.ml-hub-dependencies.yml" + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-latest + name: "Initialize pipeline" + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Set input parameters to output variables" + id: get-workflow-param + uses: ./.github/actions/templates/avm-getWorkflowInput + with: + workflowPath: "${{ env.workflowPath}}" + - name: "Get module test file paths" + id: get-module-test-file-paths + uses: ./.github/actions/templates/avm-getModuleTestFiles + with: + modulePath: "${{ env.modulePath }}" + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} + modulePath: "${{ env.modulePath }}" + + ############################## + # Call reusable workflow # + ############################## + call-workflow-passing-data: + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags + needs: + - job_initialize_pipeline + uses: ./.github/workflows/avm.template.module.yml + with: + workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" + modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" + secrets: inherit \ No newline at end of file From 27dc2291402a78b06888f5e55fc741b47a2cc9d4 Mon Sep 17 00:00:00 2001 From: "Menghua Chen (WICRESOFT NORTH AMERICA LTD)" Date: Tue, 10 Sep 2024 16:26:42 +0800 Subject: [PATCH 2/7] add avm.ptn.azd.ml-project.yml --- .github/workflows/avm.ptn.azd.ml-project.yml | 88 ++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 .github/workflows/avm.ptn.azd.ml-project.yml diff --git a/.github/workflows/avm.ptn.azd.ml-project.yml b/.github/workflows/avm.ptn.azd.ml-project.yml new file mode 100644 index 0000000000..b2d2f60191 --- /dev/null +++ b/.github/workflows/avm.ptn.azd.ml-project.yml @@ -0,0 +1,88 @@ +name: "avm.ptn.azd.ml-project" + +on: + workflow_dispatch: + inputs: + staticValidation: + type: boolean + description: "Execute static validation" + required: false + default: true + deploymentValidation: + type: boolean + description: "Execute deployment validation" + required: false + default: true + removeDeployment: + type: boolean + description: "Remove deployed module" + required: false + default: true + customLocation: + type: string + description: "Default location overwrite (e.g., eastus)" + required: false + push: + branches: + - main + paths: + - ".github/actions/templates/avm-**" + - ".github/workflows/avm.template.module.yml" + - ".github/workflows/avm.ptn.azd.ml-project" + - "avm/ptn/azd/ml-project/**" + - "avm/utilities/pipelines/**" + - "!avm/utilities/pipelines/platform/**" + - "!*/**/README.md" + +env: + modulePath: "avm/ptn/azd/ml-project" + workflowPath: ".github/workflows/avm.ptn.azd.ml-project.yml" + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-latest + name: "Initialize pipeline" + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Set input parameters to output variables" + id: get-workflow-param + uses: ./.github/actions/templates/avm-getWorkflowInput + with: + workflowPath: "${{ env.workflowPath}}" + - name: "Get module test file paths" + id: get-module-test-file-paths + uses: ./.github/actions/templates/avm-getModuleTestFiles + with: + modulePath: "${{ env.modulePath }}" + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} + modulePath: "${{ env.modulePath }}" + + ############################## + # Call reusable workflow # + ############################## + call-workflow-passing-data: + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags + needs: + - job_initialize_pipeline + uses: ./.github/workflows/avm.template.module.yml + with: + workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" + modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" + secrets: inherit \ No newline at end of file From 818d862f6e37f42a3408874891fe5071a994bf73 Mon Sep 17 00:00:00 2001 From: "Menghua Chen (WICRESOFT NORTH AMERICA LTD)" Date: Wed, 11 Sep 2024 15:21:58 +0800 Subject: [PATCH 3/7] add ml-ai-environment yml --- .../avm.ptn.azd.ml-ai-environment.yml | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 .github/workflows/avm.ptn.azd.ml-ai-environment.yml diff --git a/.github/workflows/avm.ptn.azd.ml-ai-environment.yml b/.github/workflows/avm.ptn.azd.ml-ai-environment.yml new file mode 100644 index 0000000000..2bf27870e8 --- /dev/null +++ b/.github/workflows/avm.ptn.azd.ml-ai-environment.yml @@ -0,0 +1,88 @@ +name: "avm.ptn.azd.ml-ai-environment" + +on: + workflow_dispatch: + inputs: + staticValidation: + type: boolean + description: "Execute static validation" + required: false + default: true + deploymentValidation: + type: boolean + description: "Execute deployment validation" + required: false + default: true + removeDeployment: + type: boolean + description: "Remove deployed module" + required: false + default: true + customLocation: + type: string + description: "Default location overwrite (e.g., eastus)" + required: false + push: + branches: + - main + paths: + - ".github/actions/templates/avm-**" + - ".github/workflows/avm.template.module.yml" + - ".github/workflows/avm.ptn.azd.ml-ai-environment" + - "avm/ptn/azd/ml-ai-environment/**" + - "avm/utilities/pipelines/**" + - "!avm/utilities/pipelines/platform/**" + - "!*/**/README.md" + +env: + modulePath: "avm/ptn/azd/ml-ai-environment" + workflowPath: ".github/workflows/avm.ptn.azd.ml-ai-environment.yml" + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-latest + name: "Initialize pipeline" + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Set input parameters to output variables" + id: get-workflow-param + uses: ./.github/actions/templates/avm-getWorkflowInput + with: + workflowPath: "${{ env.workflowPath}}" + - name: "Get module test file paths" + id: get-module-test-file-paths + uses: ./.github/actions/templates/avm-getModuleTestFiles + with: + modulePath: "${{ env.modulePath }}" + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} + modulePath: "${{ env.modulePath }}" + + ############################## + # Call reusable workflow # + ############################## + call-workflow-passing-data: + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags + needs: + - job_initialize_pipeline + uses: ./.github/workflows/avm.template.module.yml + with: + workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" + modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" + secrets: inherit \ No newline at end of file From 6b51ed713f7a51728c9fc3819a3dbaaa261cd5b7 Mon Sep 17 00:00:00 2001 From: "Menghua Chen (WICRESOFT NORTH AMERICA LTD)" Date: Thu, 17 Oct 2024 17:47:29 +0800 Subject: [PATCH 4/7] update azd-aks parameter update azd-aks parameter update azd-aks parameter update azd-aks parameter update azd-aks parameter --- avm/ptn/azd/aks/README.md | 495 +++------------ avm/ptn/azd/aks/main.bicep | 257 ++++---- avm/ptn/azd/aks/main.json | 600 +++++++----------- .../aks/tests/e2e/defaults/dependencies.bicep | 2 +- .../aks/tests/e2e/defaults/main.test.bicep | 21 +- .../azd/aks/tests/e2e/max/dependencies.bicep | 2 +- avm/ptn/azd/aks/tests/e2e/max/main.test.bicep | 13 +- 7 files changed, 432 insertions(+), 958 deletions(-) diff --git a/avm/ptn/azd/aks/README.md b/avm/ptn/azd/aks/README.md index 6e87179a15..3d5d2564f5 100644 --- a/avm/ptn/azd/aks/README.md +++ b/avm/ptn/azd/aks/README.md @@ -65,7 +65,7 @@ module aks 'br/public:avm/ptn/azd/aks:' = { // Required parameters containerRegistryName: '' keyVaultName: '' - logAnalyticsName: '' + monitoringWorkspaceResourceId: '' name: '' principalId: '' // Non-required parameters @@ -94,8 +94,8 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "keyVaultName": { "value": "" }, - "logAnalyticsName": { - "value": "" + "monitoringWorkspaceResourceId": { + "value": "" }, "name": { "value": "" @@ -127,7 +127,7 @@ using 'br/public:avm/ptn/azd/aks:' // Required parameters param containerRegistryName = '' param keyVaultName = '' -param logAnalyticsName = '' +param monitoringWorkspaceResourceId = '' param name = '' param principalId = '' // Non-required parameters @@ -154,22 +154,11 @@ module aks 'br/public:avm/ptn/azd/aks:' = { // Required parameters containerRegistryName: '' keyVaultName: '' - logAnalyticsName: '' + monitoringWorkspaceResourceId: '' name: '' principalId: '' // Non-required parameters acrSku: 'Basic' - agentPools: [ - { - maxPods: 30 - maxSurge: '33%' - mode: 'User' - name: 'npuserpool' - osType: 'Linux' - type: 'VirtualMachineScaleSets' - vmSize: 'standard_a2_v2' - } - ] aksClusterRoleAssignmentName: '' containerRegistryRoleName: '' dnsPrefix: 'dep-dns-paamax' @@ -200,8 +189,8 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "keyVaultName": { "value": "" }, - "logAnalyticsName": { - "value": "" + "monitoringWorkspaceResourceId": { + "value": "" }, "name": { "value": "" @@ -213,19 +202,6 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "acrSku": { "value": "Basic" }, - "agentPools": { - "value": [ - { - "maxPods": 30, - "maxSurge": "33%", - "mode": "User", - "name": "npuserpool", - "osType": "Linux", - "type": "VirtualMachineScaleSets", - "vmSize": "standard_a2_v2" - } - ] - }, "aksClusterRoleAssignmentName": { "value": "" }, @@ -264,22 +240,11 @@ using 'br/public:avm/ptn/azd/aks:' // Required parameters param containerRegistryName = '' param keyVaultName = '' -param logAnalyticsName = '' +param monitoringWorkspaceResourceId = '' param name = '' param principalId = '' // Non-required parameters param acrSku = 'Basic' -param agentPools = [ - { - maxPods: 30 - maxSurge: '33%' - mode: 'User' - name: 'npuserpool' - osType: 'Linux' - type: 'VirtualMachineScaleSets' - vmSize: 'standard_a2_v2' - } -] param aksClusterRoleAssignmentName = '' param containerRegistryRoleName = '' param dnsPrefix = 'dep-dns-paamax' @@ -300,7 +265,7 @@ param webApplicationRoutingEnabled = true | :-- | :-- | :-- | | [`containerRegistryName`](#parameter-containerregistryname) | string | Name of your Azure Container Registry. | | [`keyVaultName`](#parameter-keyvaultname) | string | Name of the Key Vault. Must be globally unique. | -| [`logAnalyticsName`](#parameter-loganalyticsname) | string | The name of the connected log analytics workspace. | +| [`monitoringWorkspaceResourceId`](#parameter-monitoringworkspaceresourceid) | string | Resource ID of the monitoring log analytics workspace. | | [`name`](#parameter-name) | string | The name of the parent managed cluster. Required if the template is used in a standalone deployment. | | [`principalId`](#parameter-principalid) | string | Id of the user or app to assign application roles. | @@ -314,17 +279,20 @@ param webApplicationRoutingEnabled = true | Parameter | Type | Description | | :-- | :-- | :-- | -| [`aadProfileEnableAzureRBAC`](#parameter-aadprofileenableazurerbac) | bool | Specifies whether to enable Azure RBAC for Kubernetes authorization. | | [`acrSku`](#parameter-acrsku) | string | Tier of your Azure container registry. | -| [`agentPools`](#parameter-agentpools) | array | Define one or more secondary/additional agent pools. | +| [`agentPoolConfig`](#parameter-agentpoolconfig) | object | Custom configuration of user node pool. | +| [`agentPoolType`](#parameter-agentpooltype) | string | The User Pool Preset sizing. | | [`aksClusterRoleAssignmentName`](#parameter-aksclusterroleassignmentname) | string | The name (as GUID) of the role assignment. If not provided, a GUID will be generated. | +| [`autoNodeOsUpgradeProfileUpgradeChannel`](#parameter-autonodeosupgradeprofileupgradechannel) | string | Auto-upgrade channel on the Node Os. | | [`containerRegistryRoleName`](#parameter-containerregistryrolename) | string | The name (as GUID) of the role assignment. If not provided, a GUID will be generated. | +| [`disableLocalAccounts`](#parameter-disablelocalaccounts) | bool | If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. | | [`dnsPrefix`](#parameter-dnsprefix) | string | Specifies the DNS prefix specified when creating the managed cluster. | | [`dnsServiceIP`](#parameter-dnsserviceip) | string | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | +| [`enableKeyvaultSecretsProvider`](#parameter-enablekeyvaultsecretsprovider) | bool | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`kubernetesVersion`](#parameter-kubernetesversion) | string | Kubernetes Version. | +| [`loadBalancerSku`](#parameter-loadbalancersku) | string | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. | | [`location`](#parameter-location) | string | Specifies the location of AKS cluster. It picks up Resource Group's location by default. | -| [`monitoringWorkspaceResourceId`](#parameter-monitoringworkspaceresourceid) | string | Resource ID of the monitoring log analytics workspace. | | [`networkDataplane`](#parameter-networkdataplane) | string | Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. | | [`networkPlugin`](#parameter-networkplugin) | string | Network plugin used for building the Kubernetes network. | | [`networkPluginMode`](#parameter-networkpluginmode) | string | Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. | @@ -337,6 +305,8 @@ param webApplicationRoutingEnabled = true | [`serviceCidr`](#parameter-servicecidr) | string | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | | [`skuTier`](#parameter-skutier) | string | Tier of a managed cluster SKU. | | [`sshPublicKey`](#parameter-sshpublickey) | string | Specifies the SSH RSA public key string for the Linux nodes. | +| [`systemPoolConfig`](#parameter-systempoolconfig) | object | Custom configuration of system node pool. | +| [`systemPoolType`](#parameter-systempooltype) | string | The System Pool Preset sizing. | | [`tags`](#parameter-tags) | object | Custom tags to apply to the AKS resources. | | [`webApplicationRoutingEnabled`](#parameter-webapplicationroutingenabled) | bool | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. | @@ -354,9 +324,9 @@ Name of the Key Vault. Must be globally unique. - Required: Yes - Type: string -### Parameter: `logAnalyticsName` +### Parameter: `monitoringWorkspaceResourceId` -The name of the connected log analytics workspace. +Resource ID of the monitoring log analytics workspace. - Required: Yes - Type: string @@ -382,14 +352,6 @@ Specifies the resource ID of connected application gateway. Required if `ingress - Required: No - Type: string -### Parameter: `aadProfileEnableAzureRBAC` - -Specifies whether to enable Azure RBAC for Kubernetes authorization. - -- Required: No -- Type: bool -- Default: `False` - ### Parameter: `acrSku` Tier of your Azure container registry. @@ -406,385 +368,70 @@ Tier of your Azure container registry. ] ``` -### Parameter: `agentPools` - -Define one or more secondary/additional agent pools. - -- Required: No -- Type: array - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`name`](#parameter-agentpoolsname) | string | The name of the agent pool. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`availabilityZones`](#parameter-agentpoolsavailabilityzones) | array | The availability zones of the agent pool. | -| [`count`](#parameter-agentpoolscount) | int | The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | -| [`enableAutoScaling`](#parameter-agentpoolsenableautoscaling) | bool | Whether to enable auto-scaling for the agent pool. | -| [`enableDefaultTelemetry`](#parameter-agentpoolsenabledefaulttelemetry) | bool | The enable default telemetry of the agent pool. | -| [`enableEncryptionAtHost`](#parameter-agentpoolsenableencryptionathost) | bool | Whether to enable encryption at host for the agent pool. | -| [`enableFIPS`](#parameter-agentpoolsenablefips) | bool | Whether to enable FIPS for the agent pool. | -| [`enableNodePublicIP`](#parameter-agentpoolsenablenodepublicip) | bool | Whether to enable node public IP for the agent pool. | -| [`enableUltraSSD`](#parameter-agentpoolsenableultrassd) | bool | Whether to enable Ultra SSD for the agent pool. | -| [`gpuInstanceProfile`](#parameter-agentpoolsgpuinstanceprofile) | string | The GPU instance profile of the agent pool. | -| [`kubeletDiskType`](#parameter-agentpoolskubeletdisktype) | string | The kubelet disk type of the agent pool. | -| [`maxCount`](#parameter-agentpoolsmaxcount) | int | The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | -| [`maxPods`](#parameter-agentpoolsmaxpods) | int | The maximum number of pods that can run on a node. | -| [`maxSurge`](#parameter-agentpoolsmaxsurge) | string | The maximum number of nodes that can be created during an upgrade. | -| [`minCount`](#parameter-agentpoolsmincount) | int | The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | -| [`minPods`](#parameter-agentpoolsminpods) | int | The minimum number of pods that can run on a node. | -| [`mode`](#parameter-agentpoolsmode) | string | The mode of the agent pool. | -| [`nodeLabels`](#parameter-agentpoolsnodelabels) | object | The node labels of the agent pool. | -| [`nodePublicIpPrefixId`](#parameter-agentpoolsnodepublicipprefixid) | string | The node public IP prefix ID of the agent pool. | -| [`nodeTaints`](#parameter-agentpoolsnodetaints) | array | The node taints of the agent pool. | -| [`orchestratorVersion`](#parameter-agentpoolsorchestratorversion) | string | The Kubernetes version of the agent pool. | -| [`osDiskSizeGB`](#parameter-agentpoolsosdisksizegb) | int | The OS disk size in GB of the agent pool. | -| [`osDiskType`](#parameter-agentpoolsosdisktype) | string | The OS disk type of the agent pool. | -| [`osSku`](#parameter-agentpoolsossku) | string | The OS SKU of the agent pool. | -| [`osType`](#parameter-agentpoolsostype) | string | The OS type of the agent pool. | -| [`podSubnetId`](#parameter-agentpoolspodsubnetid) | string | The pod subnet ID of the agent pool. | -| [`proximityPlacementGroupResourceId`](#parameter-agentpoolsproximityplacementgroupresourceid) | string | The proximity placement group resource ID of the agent pool. | -| [`scaleDownMode`](#parameter-agentpoolsscaledownmode) | string | The scale down mode of the agent pool. | -| [`scaleSetEvictionPolicy`](#parameter-agentpoolsscalesetevictionpolicy) | string | The scale set eviction policy of the agent pool. | -| [`scaleSetPriority`](#parameter-agentpoolsscalesetpriority) | string | The scale set priority of the agent pool. | -| [`sourceResourceId`](#parameter-agentpoolssourceresourceid) | string | The source resource ID to create the agent pool from. | -| [`spotMaxPrice`](#parameter-agentpoolsspotmaxprice) | int | The spot max price of the agent pool. | -| [`tags`](#parameter-agentpoolstags) | object | The tags of the agent pool. | -| [`type`](#parameter-agentpoolstype) | string | The type of the agent pool. | -| [`vmSize`](#parameter-agentpoolsvmsize) | string | The VM size of the agent pool. | -| [`vnetSubnetID`](#parameter-agentpoolsvnetsubnetid) | string | The VNet subnet ID of the agent pool. | -| [`workloadRuntime`](#parameter-agentpoolsworkloadruntime) | string | The workload runtime of the agent pool. | - -### Parameter: `agentPools.name` - -The name of the agent pool. - -- Required: Yes -- Type: string - -### Parameter: `agentPools.availabilityZones` - -The availability zones of the agent pool. - -- Required: No -- Type: array - -### Parameter: `agentPools.count` - -The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). - -- Required: No -- Type: int - -### Parameter: `agentPools.enableAutoScaling` - -Whether to enable auto-scaling for the agent pool. - -- Required: No -- Type: bool - -### Parameter: `agentPools.enableDefaultTelemetry` - -The enable default telemetry of the agent pool. - -- Required: No -- Type: bool - -### Parameter: `agentPools.enableEncryptionAtHost` - -Whether to enable encryption at host for the agent pool. - -- Required: No -- Type: bool - -### Parameter: `agentPools.enableFIPS` - -Whether to enable FIPS for the agent pool. - -- Required: No -- Type: bool - -### Parameter: `agentPools.enableNodePublicIP` - -Whether to enable node public IP for the agent pool. - -- Required: No -- Type: bool - -### Parameter: `agentPools.enableUltraSSD` - -Whether to enable Ultra SSD for the agent pool. - -- Required: No -- Type: bool - -### Parameter: `agentPools.gpuInstanceProfile` - -The GPU instance profile of the agent pool. - -- Required: No -- Type: string -- Allowed: - ```Bicep - [ - 'MIG1g' - 'MIG2g' - 'MIG3g' - 'MIG4g' - 'MIG7g' - ] - ``` - -### Parameter: `agentPools.kubeletDiskType` +### Parameter: `agentPoolConfig` -The kubelet disk type of the agent pool. - -- Required: No -- Type: string - -### Parameter: `agentPools.maxCount` - -The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). - -- Required: No -- Type: int - -### Parameter: `agentPools.maxPods` - -The maximum number of pods that can run on a node. - -- Required: No -- Type: int - -### Parameter: `agentPools.maxSurge` - -The maximum number of nodes that can be created during an upgrade. - -- Required: No -- Type: string - -### Parameter: `agentPools.minCount` - -The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). - -- Required: No -- Type: int - -### Parameter: `agentPools.minPods` - -The minimum number of pods that can run on a node. - -- Required: No -- Type: int - -### Parameter: `agentPools.mode` - -The mode of the agent pool. - -- Required: No -- Type: string -- Allowed: - ```Bicep - [ - 'System' - 'User' - ] - ``` - -### Parameter: `agentPools.nodeLabels` - -The node labels of the agent pool. +Custom configuration of user node pool. - Required: No - Type: object +- Default: `{}` -### Parameter: `agentPools.nodePublicIpPrefixId` - -The node public IP prefix ID of the agent pool. - -- Required: No -- Type: string - -### Parameter: `agentPools.nodeTaints` - -The node taints of the agent pool. - -- Required: No -- Type: array - -### Parameter: `agentPools.orchestratorVersion` - -The Kubernetes version of the agent pool. - -- Required: No -- Type: string - -### Parameter: `agentPools.osDiskSizeGB` - -The OS disk size in GB of the agent pool. - -- Required: No -- Type: int - -### Parameter: `agentPools.osDiskType` - -The OS disk type of the agent pool. - -- Required: No -- Type: string - -### Parameter: `agentPools.osSku` - -The OS SKU of the agent pool. - -- Required: No -- Type: string - -### Parameter: `agentPools.osType` - -The OS type of the agent pool. - -- Required: No -- Type: string -- Allowed: - ```Bicep - [ - 'Linux' - 'Windows' - ] - ``` - -### Parameter: `agentPools.podSubnetId` - -The pod subnet ID of the agent pool. - -- Required: No -- Type: string - -### Parameter: `agentPools.proximityPlacementGroupResourceId` - -The proximity placement group resource ID of the agent pool. - -- Required: No -- Type: string - -### Parameter: `agentPools.scaleDownMode` +### Parameter: `agentPoolType` -The scale down mode of the agent pool. +The User Pool Preset sizing. - Required: No - Type: string +- Default: `''` - Allowed: ```Bicep [ - 'Deallocate' - 'Delete' + '' + 'CostOptimised' + 'Custom' + 'HighSpec' + 'Standard' ] ``` -### Parameter: `agentPools.scaleSetEvictionPolicy` +### Parameter: `aksClusterRoleAssignmentName` -The scale set eviction policy of the agent pool. +The name (as GUID) of the role assignment. If not provided, a GUID will be generated. - Required: No - Type: string -- Allowed: - ```Bicep - [ - 'Deallocate' - 'Delete' - ] - ``` -### Parameter: `agentPools.scaleSetPriority` +### Parameter: `autoNodeOsUpgradeProfileUpgradeChannel` -The scale set priority of the agent pool. +Auto-upgrade channel on the Node Os. - Required: No - Type: string +- Default: `'NodeImage'` - Allowed: ```Bicep [ - 'Low' - 'Regular' - 'Spot' + 'NodeImage' + 'None' + 'SecurityPatch' + 'Unmanaged' ] ``` -### Parameter: `agentPools.sourceResourceId` - -The source resource ID to create the agent pool from. - -- Required: No -- Type: string - -### Parameter: `agentPools.spotMaxPrice` - -The spot max price of the agent pool. - -- Required: No -- Type: int - -### Parameter: `agentPools.tags` - -The tags of the agent pool. - -- Required: No -- Type: object - -### Parameter: `agentPools.type` - -The type of the agent pool. - -- Required: No -- Type: string -- Allowed: - ```Bicep - [ - 'AvailabilitySet' - 'VirtualMachineScaleSets' - ] - ``` - -### Parameter: `agentPools.vmSize` - -The VM size of the agent pool. - -- Required: No -- Type: string - -### Parameter: `agentPools.vnetSubnetID` - -The VNet subnet ID of the agent pool. - -- Required: No -- Type: string - -### Parameter: `agentPools.workloadRuntime` - -The workload runtime of the agent pool. - -- Required: No -- Type: string - -### Parameter: `aksClusterRoleAssignmentName` +### Parameter: `containerRegistryRoleName` The name (as GUID) of the role assignment. If not provided, a GUID will be generated. - Required: No - Type: string -### Parameter: `containerRegistryRoleName` +### Parameter: `disableLocalAccounts` -The name (as GUID) of the role assignment. If not provided, a GUID will be generated. +If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. - Required: No -- Type: string +- Type: bool +- Default: `False` ### Parameter: `dnsPrefix` @@ -801,6 +448,14 @@ Specifies the IP address assigned to the Kubernetes DNS service. It must be with - Required: No - Type: string +### Parameter: `enableKeyvaultSecretsProvider` + +Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `enableTelemetry` Enable/Disable usage telemetry for module. @@ -817,20 +472,28 @@ Kubernetes Version. - Type: string - Default: `'1.29'` -### Parameter: `location` +### Parameter: `loadBalancerSku` -Specifies the location of AKS cluster. It picks up Resource Group's location by default. +Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. - Required: No - Type: string -- Default: `[resourceGroup().location]` +- Default: `'standard'` +- Allowed: + ```Bicep + [ + 'basic' + 'standard' + ] + ``` -### Parameter: `monitoringWorkspaceResourceId` +### Parameter: `location` -Resource ID of the monitoring log analytics workspace. +Specifies the location of AKS cluster. It picks up Resource Group's location by default. - Required: No - Type: string +- Default: `[resourceGroup().location]` ### Parameter: `networkDataplane` @@ -1008,6 +671,31 @@ Specifies the SSH RSA public key string for the Linux nodes. - Required: No - Type: string +### Parameter: `systemPoolConfig` + +Custom configuration of system node pool. + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `systemPoolType` + +The System Pool Preset sizing. + +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: + ```Bicep + [ + 'CostOptimised' + 'Custom' + 'HighSpec' + 'Standard' + ] + ``` + ### Parameter: `tags` Custom tags to apply to the AKS resources. @@ -1022,6 +710,7 @@ Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. - Required: No - Type: bool +- Default: `True` ## Outputs @@ -1042,7 +731,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | | `br/public:avm/res/container-registry/registry:0.5.1` | Remote reference | -| `br/public:avm/res/container-service/managed-cluster:0.3.0` | Remote reference | +| `br/public:avm/res/container-service/managed-cluster:0.4.0` | Remote reference | | `br/public:avm/res/key-vault/vault:0.9.0` | Remote reference | ## Data Collection diff --git a/avm/ptn/azd/aks/main.bicep b/avm/ptn/azd/aks/main.bicep index de942be0ab..686de9d215 100644 --- a/avm/ptn/azd/aks/main.bicep +++ b/avm/ptn/azd/aks/main.bicep @@ -12,9 +12,6 @@ param name string @maxLength(50) param containerRegistryName string -@description('Required. The name of the connected log analytics workspace.') -param logAnalyticsName string - @description('Required. Name of the Key Vault. Must be globally unique.') @maxLength(24) param keyVaultName string @@ -85,17 +82,11 @@ param dnsServiceIP string? @description('Optional. Specifies the SSH RSA public key string for the Linux nodes.') param sshPublicKey string? -@description('Optional. Specifies whether to enable Azure RBAC for Kubernetes authorization.') -param aadProfileEnableAzureRBAC bool = false - @description('Conditional. Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`.') param appGatewayResourceId string? -@description('Optional. Resource ID of the monitoring log analytics workspace.') -param monitoringWorkspaceResourceId string? - -@description('Optional. Define one or more secondary/additional agent pools.') -param agentPools agentPoolType +@description('Required. Resource ID of the monitoring log analytics workspace.') +param monitoringWorkspaceResourceId string @description('Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the \'acrSku\' to be \'Premium\'.') @allowed([ @@ -104,11 +95,18 @@ param agentPools agentPoolType ]) param publicNetworkAccess string = 'Enabled' +@description('Optional. Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools.') +@allowed([ + 'basic' + 'standard' +]) +param loadBalancerSku string = 'standard' + @description('Optional. Scope maps setting.') param scopeMaps scopeMapsType @description('Optional. Specifies whether the webApplicationRoutingEnabled add-on is enabled or not.') -param webApplicationRoutingEnabled bool? +param webApplicationRoutingEnabled bool = true @description('Optional. Tier of your Azure container registry.') @allowed([ @@ -124,6 +122,54 @@ param containerRegistryRoleName string? @description('Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated.') param aksClusterRoleAssignmentName string? +@description('Optional. Custom configuration of system node pool.') +param systemPoolConfig object = {} + +@description('Optional. Custom configuration of user node pool.') +param agentPoolConfig object = {} + +@description('Optional. Specifies whether the KeyvaultSecretsProvider add-on is enabled or not.') +param enableKeyvaultSecretsProvider bool = true + +@description('Optional. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled.') +param disableLocalAccounts bool = false + +@allowed([ + 'NodeImage' + 'None' + 'SecurityPatch' + 'Unmanaged' +]) +@description('Optional. Auto-upgrade channel on the Node Os.') +param autoNodeOsUpgradeProfileUpgradeChannel string = 'NodeImage' + +@allowed([ + 'CostOptimised' + 'Standard' + 'HighSpec' + 'Custom' +]) +@description('Optional. The System Pool Preset sizing.') +param systemPoolType string = 'Standard' + +@allowed([ + '' + 'CostOptimised' + 'Standard' + 'HighSpec' + 'Custom' +]) +@description('Optional. The User Pool Preset sizing.') +param agentPoolType string = '' + +var systemPoolSpec = !empty(systemPoolConfig) ? systemPoolConfig : nodePoolPresets[systemPoolType] + +var hasAgentPool = !empty(agentPoolConfig) || !empty(agentPoolType) + +var agentPoolSpec = hasAgentPool && !empty(agentPoolConfig) + ? agentPoolConfig + : empty(agentPoolType) ? {} : nodePoolPresets[agentPoolType] + var aksClusterAdminRole = subscriptionResourceId( 'Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b' @@ -135,16 +181,38 @@ var acrPullRole = subscriptionResourceId( ) var nodePoolPresets = { - vmSize: 'Standard_DS2_v2' - count: 3 - minCount: 3 - maxCount: 5 - enableAutoScaling: true - availabilityZones: [ - '1' - '2' - '3' - ] + CostOptimised: { + vmSize: 'Standard_B4ms' + count: 1 + minCount: 1 + maxCount: 3 + enableAutoScaling: true + availabilityZones: [] + } + Standard: { + vmSize: 'Standard_DS2_v2' + count: 3 + minCount: 3 + maxCount: 5 + enableAutoScaling: true + availabilityZones: [ + '1' + '2' + '3' + ] + } + HighSpec: { + vmSize: 'Standard_D4s_v3' + count: 3 + minCount: 3 + maxCount: 5 + enableAutoScaling: true + availabilityZones: [ + '1' + '2' + '3' + ] + } } var nodePoolBase = { @@ -156,9 +224,7 @@ var nodePoolBase = { } } -var primaryAgentPoolProfile = [ - union({ name: 'npsystem', mode: 'System' }, nodePoolBase, nodePoolPresets) -] +var agentPoolsConfig = hasAgentPool ? [union({ name: 'npuser', mode: 'User' }, nodePoolBase, agentPoolSpec)] : null // ============== // // Resources // @@ -183,11 +249,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' existing = if (!empty(logAnalyticsName)) { - name: logAnalyticsName -} - -module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.3.0' = { +module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.4.0' = { name: '${uniqueString(deployment().name, location)}-managed-cluster' params: { name: name @@ -203,10 +265,15 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.3.0 dnsServiceIP: dnsServiceIP kubernetesVersion: kubernetesVersion sshPublicKey: sshPublicKey - aadProfileEnableAzureRBAC: aadProfileEnableAzureRBAC skuTier: skuTier appGatewayResourceId: appGatewayResourceId monitoringWorkspaceId: monitoringWorkspaceResourceId + publicNetworkAccess: publicNetworkAccess + autoNodeOsUpgradeProfileUpgradeChannel: autoNodeOsUpgradeProfileUpgradeChannel + enableKeyvaultSecretsProvider: enableKeyvaultSecretsProvider + webApplicationRoutingEnabled: webApplicationRoutingEnabled + disableLocalAccounts: disableLocalAccounts + loadBalancerSku: loadBalancerSku managedIdentities: { systemAssigned: true } @@ -230,7 +297,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.3.0 enabled: true } ] - workspaceResourceId: !empty(logAnalyticsName) ? logAnalytics.id : '' + workspaceResourceId: monitoringWorkspaceResourceId metricCategories: [ { category: 'AllMetrics' @@ -239,10 +306,11 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.3.0 ] } ] - webApplicationRoutingEnabled: webApplicationRoutingEnabled - primaryAgentPoolProfile: primaryAgentPoolProfile + primaryAgentPoolProfile: [ + union({ name: 'npsystem', mode: 'System' }, nodePoolBase, systemPoolSpec) + ] dnsPrefix: dnsPrefix - agentPools: agentPools + agentPools: agentPoolsConfig enableTelemetry: enableTelemetry roleAssignments: [ { @@ -277,7 +345,7 @@ module containerRegistry 'br/public:avm/res/container-registry/registry:0.5.1' = enabled: true } ] - workspaceResourceId: !empty(logAnalyticsName) ? logAnalytics.id : '' + workspaceResourceId: monitoringWorkspaceResourceId metricCategories: [ { category: 'AllMetrics' @@ -301,6 +369,10 @@ module keyVault 'br/public:avm/res/key-vault/vault:0.9.0' = { params: { name: keyVaultName enableTelemetry: enableTelemetry + enableRbacAuthorization: false + enableVaultForDeployment: false + enableVaultForTemplateDeployment: false + enablePurgeProtection: false accessPolicies: [ { objectId: managedCluster.outputs.kubeletIdentityObjectId @@ -341,119 +413,6 @@ output containerRegistryLoginServer string = containerRegistry.outputs.loginServ // Definitions // // =============== // -type agentPoolType = { - @description('Required. The name of the agent pool.') - name: string - - @description('Optional. The availability zones of the agent pool.') - availabilityZones: string[]? - - @description('Optional. The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive).') - count: int? - - @description('Optional. The source resource ID to create the agent pool from.') - sourceResourceId: string? - - @description('Optional. Whether to enable auto-scaling for the agent pool.') - enableAutoScaling: bool? - - @description('Optional. Whether to enable encryption at host for the agent pool.') - enableEncryptionAtHost: bool? - - @description('Optional. Whether to enable FIPS for the agent pool.') - enableFIPS: bool? - - @description('Optional. Whether to enable node public IP for the agent pool.') - enableNodePublicIP: bool? - - @description('Optional. Whether to enable Ultra SSD for the agent pool.') - enableUltraSSD: bool? - - @description('Optional. The GPU instance profile of the agent pool.') - gpuInstanceProfile: ('MIG1g' | 'MIG2g' | 'MIG3g' | 'MIG4g' | 'MIG7g')? - - @description('Optional. The kubelet disk type of the agent pool.') - kubeletDiskType: string? - - @description('Optional. The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive).') - maxCount: int? - - @description('Optional. The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive).') - minCount: int? - - @description('Optional. The maximum number of pods that can run on a node.') - maxPods: int? - - @description('Optional. The minimum number of pods that can run on a node.') - minPods: int? - - @description('Optional. The mode of the agent pool.') - mode: ('System' | 'User')? - - @description('Optional. The node labels of the agent pool.') - nodeLabels: object? - - @description('Optional. The node public IP prefix ID of the agent pool.') - nodePublicIpPrefixId: string? - - @description('Optional. The node taints of the agent pool.') - nodeTaints: string[]? - - @description('Optional. The Kubernetes version of the agent pool.') - orchestratorVersion: string? - - @description('Optional. The OS disk size in GB of the agent pool.') - osDiskSizeGB: int? - - @description('Optional. The OS disk type of the agent pool.') - osDiskType: string? - - @description('Optional. The OS SKU of the agent pool.') - osSku: string? - - @description('Optional. The OS type of the agent pool.') - osType: ('Linux' | 'Windows')? - - @description('Optional. The pod subnet ID of the agent pool.') - podSubnetId: string? - - @description('Optional. The proximity placement group resource ID of the agent pool.') - proximityPlacementGroupResourceId: string? - - @description('Optional. The scale down mode of the agent pool.') - scaleDownMode: ('Delete' | 'Deallocate')? - - @description('Optional. The scale set eviction policy of the agent pool.') - scaleSetEvictionPolicy: ('Delete' | 'Deallocate')? - - @description('Optional. The scale set priority of the agent pool.') - scaleSetPriority: ('Low' | 'Regular' | 'Spot')? - - @description('Optional. The spot max price of the agent pool.') - spotMaxPrice: int? - - @description('Optional. The tags of the agent pool.') - tags: object? - - @description('Optional. The type of the agent pool.') - type: ('AvailabilitySet' | 'VirtualMachineScaleSets')? - - @description('Optional. The maximum number of nodes that can be created during an upgrade.') - maxSurge: string? - - @description('Optional. The VM size of the agent pool.') - vmSize: string? - - @description('Optional. The VNet subnet ID of the agent pool.') - vnetSubnetID: string? - - @description('Optional. The workload runtime of the agent pool.') - workloadRuntime: string? - - @description('Optional. The enable default telemetry of the agent pool.') - enableDefaultTelemetry: bool? -}[]? - type scopeMapsType = { @description('Optional. The name of the scope map.') name: string? diff --git a/avm/ptn/azd/aks/main.json b/avm/ptn/azd/aks/main.json index 6986a11e17..1d47ca62cd 100644 --- a/avm/ptn/azd/aks/main.json +++ b/avm/ptn/azd/aks/main.json @@ -6,318 +6,13 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "5631747890720204830" + "templateHash": "10399258682377969561" }, "name": "Azd AKS", "description": "Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool as well as an additional user agent pool.\n\n**Note:** This module is not intended for broad, generic use, as it was designed to cater for the requirements of the AZD CLI product. Feature requests and bug fix requests are welcome if they support the development of the AZD CLI but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case.", "owner": "Azure/module-maintainers" }, "definitions": { - "agentPoolType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the agent pool." - } - }, - "availabilityZones": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The availability zones of the agent pool." - } - }, - "count": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "sourceResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The source resource ID to create the agent pool from." - } - }, - "enableAutoScaling": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable auto-scaling for the agent pool." - } - }, - "enableEncryptionAtHost": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable encryption at host for the agent pool." - } - }, - "enableFIPS": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable FIPS for the agent pool." - } - }, - "enableNodePublicIP": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable node public IP for the agent pool." - } - }, - "enableUltraSSD": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable Ultra SSD for the agent pool." - } - }, - "gpuInstanceProfile": { - "type": "string", - "allowedValues": [ - "MIG1g", - "MIG2g", - "MIG3g", - "MIG4g", - "MIG7g" - ], - "nullable": true, - "metadata": { - "description": "Optional. The GPU instance profile of the agent pool." - } - }, - "kubeletDiskType": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The kubelet disk type of the agent pool." - } - }, - "maxCount": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "minCount": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "maxPods": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of pods that can run on a node." - } - }, - "minPods": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The minimum number of pods that can run on a node." - } - }, - "mode": { - "type": "string", - "allowedValues": [ - "System", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The mode of the agent pool." - } - }, - "nodeLabels": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. The node labels of the agent pool." - } - }, - "nodePublicIpPrefixId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The node public IP prefix ID of the agent pool." - } - }, - "nodeTaints": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The node taints of the agent pool." - } - }, - "orchestratorVersion": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Kubernetes version of the agent pool." - } - }, - "osDiskSizeGB": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The OS disk size in GB of the agent pool." - } - }, - "osDiskType": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The OS disk type of the agent pool." - } - }, - "osSku": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The OS SKU of the agent pool." - } - }, - "osType": { - "type": "string", - "allowedValues": [ - "Linux", - "Windows" - ], - "nullable": true, - "metadata": { - "description": "Optional. The OS type of the agent pool." - } - }, - "podSubnetId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The pod subnet ID of the agent pool." - } - }, - "proximityPlacementGroupResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The proximity placement group resource ID of the agent pool." - } - }, - "scaleDownMode": { - "type": "string", - "allowedValues": [ - "Deallocate", - "Delete" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale down mode of the agent pool." - } - }, - "scaleSetEvictionPolicy": { - "type": "string", - "allowedValues": [ - "Deallocate", - "Delete" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale set eviction policy of the agent pool." - } - }, - "scaleSetPriority": { - "type": "string", - "allowedValues": [ - "Low", - "Regular", - "Spot" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale set priority of the agent pool." - } - }, - "spotMaxPrice": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The spot max price of the agent pool." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. The tags of the agent pool." - } - }, - "type": { - "type": "string", - "allowedValues": [ - "AvailabilitySet", - "VirtualMachineScaleSets" - ], - "nullable": true, - "metadata": { - "description": "Optional. The type of the agent pool." - } - }, - "maxSurge": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of nodes that can be created during an upgrade." - } - }, - "vmSize": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The VM size of the agent pool." - } - }, - "vnetSubnetID": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The VNet subnet ID of the agent pool." - } - }, - "workloadRuntime": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The workload runtime of the agent pool." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. The enable default telemetry of the agent pool." - } - } - } - }, - "nullable": true - }, "scopeMapsType": { "type": "array", "items": { @@ -366,12 +61,6 @@ "description": "Required. Name of your Azure Container Registry." } }, - "logAnalyticsName": { - "type": "string", - "metadata": { - "description": "Required. The name of the connected log analytics workspace." - } - }, "keyVaultName": { "type": "string", "maxLength": 24, @@ -524,13 +213,6 @@ "description": "Optional. Specifies the SSH RSA public key string for the Linux nodes." } }, - "aadProfileEnableAzureRBAC": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Specifies whether to enable Azure RBAC for Kubernetes authorization." - } - }, "appGatewayResourceId": { "type": "string", "nullable": true, @@ -540,15 +222,8 @@ }, "monitoringWorkspaceResourceId": { "type": "string", - "nullable": true, "metadata": { - "description": "Optional. Resource ID of the monitoring log analytics workspace." - } - }, - "agentPools": { - "$ref": "#/definitions/agentPoolType", - "metadata": { - "description": "Optional. Define one or more secondary/additional agent pools." + "description": "Required. Resource ID of the monitoring log analytics workspace." } }, "publicNetworkAccess": { @@ -562,6 +237,17 @@ "description": "Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the 'acrSku' to be 'Premium'." } }, + "loadBalancerSku": { + "type": "string", + "defaultValue": "standard", + "allowedValues": [ + "basic", + "standard" + ], + "metadata": { + "description": "Optional. Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools." + } + }, "scopeMaps": { "$ref": "#/definitions/scopeMapsType", "metadata": { @@ -570,7 +256,7 @@ }, "webApplicationRoutingEnabled": { "type": "bool", - "nullable": true, + "defaultValue": true, "metadata": { "description": "Optional. Specifies whether the webApplicationRoutingEnabled add-on is enabled or not." } @@ -600,22 +286,115 @@ "metadata": { "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." } + }, + "systemPoolConfig": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Custom configuration of system node pool." + } + }, + "agentPoolConfig": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Custom configuration of user node pool." + } + }, + "enableKeyvaultSecretsProvider": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Specifies whether the KeyvaultSecretsProvider add-on is enabled or not." + } + }, + "disableLocalAccounts": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled." + } + }, + "autoNodeOsUpgradeProfileUpgradeChannel": { + "type": "string", + "defaultValue": "NodeImage", + "allowedValues": [ + "NodeImage", + "None", + "SecurityPatch", + "Unmanaged" + ], + "metadata": { + "description": "Optional. Auto-upgrade channel on the Node Os." + } + }, + "systemPoolType": { + "type": "string", + "defaultValue": "Standard", + "allowedValues": [ + "CostOptimised", + "Standard", + "HighSpec", + "Custom" + ], + "metadata": { + "description": "Optional. The System Pool Preset sizing." + } + }, + "agentPoolType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CostOptimised", + "Standard", + "HighSpec", + "Custom" + ], + "metadata": { + "description": "Optional. The User Pool Preset sizing." + } } }, "variables": { + "systemPoolSpec": "[if(not(empty(parameters('systemPoolConfig'))), parameters('systemPoolConfig'), variables('nodePoolPresets')[parameters('systemPoolType')])]", + "hasAgentPool": "[or(not(empty(parameters('agentPoolConfig'))), not(empty(parameters('agentPoolType'))))]", + "agentPoolSpec": "[if(and(variables('hasAgentPool'), not(empty(parameters('agentPoolConfig')))), parameters('agentPoolConfig'), if(empty(parameters('agentPoolType')), createObject(), variables('nodePoolPresets')[parameters('agentPoolType')]))]", "aksClusterAdminRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b')]", "acrPullRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')]", "nodePoolPresets": { - "vmSize": "Standard_DS2_v2", - "count": 3, - "minCount": 3, - "maxCount": 5, - "enableAutoScaling": true, - "availabilityZones": [ - "1", - "2", - "3" - ] + "CostOptimised": { + "vmSize": "Standard_B4ms", + "count": 1, + "minCount": 1, + "maxCount": 3, + "enableAutoScaling": true, + "availabilityZones": [] + }, + "Standard": { + "vmSize": "Standard_DS2_v2", + "count": 3, + "minCount": 3, + "maxCount": 5, + "enableAutoScaling": true, + "availabilityZones": [ + "1", + "2", + "3" + ] + }, + "HighSpec": { + "vmSize": "Standard_D4s_v3", + "count": 3, + "minCount": 3, + "maxCount": 5, + "enableAutoScaling": true, + "availabilityZones": [ + "1", + "2", + "3" + ] + } }, "nodePoolBase": { "osType": "Linux", @@ -625,9 +404,7 @@ "maxSurge": "33%" } }, - "primaryAgentPoolProfile": [ - "[union(createObject('name', 'npsystem', 'mode', 'System'), variables('nodePoolBase'), variables('nodePoolPresets'))]" - ] + "agentPoolsConfig": "[if(variables('hasAgentPool'), createArray(union(createObject('name', 'npuser', 'mode', 'User'), variables('nodePoolBase'), variables('agentPoolSpec'))), null())]" }, "resources": { "avmTelemetry": { @@ -650,13 +427,6 @@ } } }, - "logAnalytics": { - "condition": "[not(empty(parameters('logAnalyticsName')))]", - "existing": true, - "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2021-12-01-preview", - "name": "[parameters('logAnalyticsName')]" - }, "managedCluster": { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -706,9 +476,6 @@ "sshPublicKey": { "value": "[parameters('sshPublicKey')]" }, - "aadProfileEnableAzureRBAC": { - "value": "[parameters('aadProfileEnableAzureRBAC')]" - }, "skuTier": { "value": "[parameters('skuTier')]" }, @@ -718,6 +485,24 @@ "monitoringWorkspaceId": { "value": "[parameters('monitoringWorkspaceResourceId')]" }, + "publicNetworkAccess": { + "value": "[parameters('publicNetworkAccess')]" + }, + "autoNodeOsUpgradeProfileUpgradeChannel": { + "value": "[parameters('autoNodeOsUpgradeProfileUpgradeChannel')]" + }, + "enableKeyvaultSecretsProvider": { + "value": "[parameters('enableKeyvaultSecretsProvider')]" + }, + "webApplicationRoutingEnabled": { + "value": "[parameters('webApplicationRoutingEnabled')]" + }, + "disableLocalAccounts": { + "value": "[parameters('disableLocalAccounts')]" + }, + "loadBalancerSku": { + "value": "[parameters('loadBalancerSku')]" + }, "managedIdentities": { "value": { "systemAssigned": true @@ -744,7 +529,7 @@ "enabled": true } ], - "workspaceResourceId": "[if(not(empty(parameters('logAnalyticsName'))), resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsName')), '')]", + "workspaceResourceId": "[parameters('monitoringWorkspaceResourceId')]", "metricCategories": [ { "category": "AllMetrics", @@ -754,17 +539,16 @@ } ] }, - "webApplicationRoutingEnabled": { - "value": "[parameters('webApplicationRoutingEnabled')]" - }, "primaryAgentPoolProfile": { - "value": "[variables('primaryAgentPoolProfile')]" + "value": [ + "[union(createObject('name', 'npsystem', 'mode', 'System'), variables('nodePoolBase'), variables('systemPoolSpec'))]" + ] }, "dnsPrefix": { "value": "[parameters('dnsPrefix')]" }, "agentPools": { - "value": "[parameters('agentPools')]" + "value": "[variables('agentPoolsConfig')]" }, "enableTelemetry": { "value": "[parameters('enableTelemetry')]" @@ -787,8 +571,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "17708769259435874319" + "version": "0.30.23.60470", + "templateHash": "2657303292894801113" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", @@ -1453,12 +1237,25 @@ "nullable": true }, "maintenanceConfigurationType": { - "type": "object", - "properties": { - "maintenanceWindow": { - "type": "object", - "metadata": { - "description": "Required. Maintenance window for the maintenance configuration." + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "allowedValues": [ + "aksManagedAutoUpgradeSchedule", + "aksManagedNodeOSUpgradeSchedule" + ], + "metadata": { + "description": "Required. Name of maintenance window." + } + }, + "maintenanceWindow": { + "type": "object", + "metadata": { + "description": "Required. Maintenance window for the maintenance configuration." + } } } }, @@ -1767,10 +1564,10 @@ "description": "Optional. Define one or more secondary/additional agent pools." } }, - "maintenanceConfiguration": { + "maintenanceConfigurations": { "$ref": "#/definitions/maintenanceConfigurationType", "metadata": { - "description": "Optional. Whether or not to use AKS Automatic mode." + "description": "Optional. Maintenance Window for Cluster auto upgrade and node OS upgrade." } }, "costAnalysisEnabled": { @@ -2010,6 +1807,19 @@ "description": "Optional. Auto-upgrade channel on the AKS cluster." } }, + "autoNodeOsUpgradeProfileUpgradeChannel": { + "type": "string", + "defaultValue": "Unmanaged", + "allowedValues": [ + "NodeImage", + "None", + "SecurityPatch", + "Unmanaged" + ], + "metadata": { + "description": "Optional. Auto-upgrade channel on the Node Os." + } + }, "podIdentityProfileAllowNetworkPluginKubenet": { "type": "bool", "defaultValue": false, @@ -2200,6 +2010,13 @@ "description": "Optional. Enables Kubernetes Event-driven Autoscaling (KEDA)." } }, + "vpaAddon": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Whether to enable VPA add-on in cluster. Default value is false." + } + }, "customerManagedKey": { "$ref": "#/definitions/customerManagedKeyType", "metadata": { @@ -2305,7 +2122,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.containerservice-managedcluster.{0}.{1}', replace('0.3.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.containerservice-managedcluster.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2400,6 +2217,9 @@ "workloadAutoScalerProfile": { "keda": { "enabled": "[parameters('kedaAddon')]" + }, + "verticalPodAutoscaler": { + "enabled": "[parameters('vpaAddon')]" } }, "networkProfile": { @@ -2448,7 +2268,8 @@ "skip-nodes-with-system-pods": "[toLower(string(parameters('autoScalerProfileSkipNodesWithSystemPods')))]" }, "autoUpgradeProfile": { - "upgradeChannel": "[parameters('autoUpgradeProfileUpgradeChannel')]" + "upgradeChannel": "[parameters('autoUpgradeProfileUpgradeChannel')]", + "nodeOSUpgradeChannel": "[parameters('autoNodeOsUpgradeProfileUpgradeChannel')]" }, "apiServerAccessProfile": { "authorizedIPRanges": "[parameters('authorizedIPRanges')]", @@ -2590,18 +2411,25 @@ ] }, "managedCluster_maintenanceConfigurations": { - "condition": "[not(empty(parameters('maintenanceConfiguration')))]", + "copy": { + "name": "managedCluster_maintenanceConfigurations", + "count": "[length(coalesce(parameters('maintenanceConfigurations'), createArray()))]" + }, + "condition": "[not(empty(coalesce(parameters('maintenanceConfigurations'), createArray())[copyIndex()]))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-ManagedCluster-MaintenanceConfigurations', uniqueString(deployment().name, parameters('location')))]", + "name": "[format('{0}-ManagedCluster-MaintenanceConfigurations-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "name": { + "value": "[coalesce(parameters('maintenanceConfigurations'), createArray())[copyIndex()].name]" + }, "maintenanceWindow": { - "value": "[parameters('maintenanceConfiguration').maintenanceWindow]" + "value": "[coalesce(parameters('maintenanceConfigurations'), createArray())[copyIndex()].maintenanceWindow]" }, "managedClusterName": { "value": "[parameters('name')]" @@ -2613,8 +2441,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "12168542117744033419" + "version": "0.30.23.60470", + "templateHash": "2505380725266419010" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations.", @@ -2810,8 +2638,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "2004205618690542488" + "version": "0.30.23.60470", + "templateHash": "4315564225725874539" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.", @@ -3750,10 +3578,7 @@ } } } - }, - "dependsOn": [ - "logAnalytics" - ] + } }, "containerRegistry": { "type": "Microsoft.Resources/deployments", @@ -3799,7 +3624,7 @@ "enabled": true } ], - "workspaceResourceId": "[if(not(empty(parameters('logAnalyticsName'))), resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsName')), '')]", + "workspaceResourceId": "[parameters('monitoringWorkspaceResourceId')]", "metricCategories": [ { "category": "AllMetrics", @@ -6445,7 +6270,6 @@ } }, "dependsOn": [ - "logAnalytics", "managedCluster" ] }, @@ -6465,6 +6289,18 @@ "enableTelemetry": { "value": "[parameters('enableTelemetry')]" }, + "enableRbacAuthorization": { + "value": false + }, + "enableVaultForDeployment": { + "value": false + }, + "enableVaultForTemplateDeployment": { + "value": false + }, + "enablePurgeProtection": { + "value": false + }, "accessPolicies": { "value": [ { diff --git a/avm/ptn/azd/aks/tests/e2e/defaults/dependencies.bicep b/avm/ptn/azd/aks/tests/e2e/defaults/dependencies.bicep index 9961f0c426..e80828420c 100644 --- a/avm/ptn/azd/aks/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/azd/aks/tests/e2e/defaults/dependencies.bicep @@ -53,4 +53,4 @@ resource app 'Microsoft.Web/sites@2022-09-01' = { output identityPrincipalId string = app.identity.principalId @description('The resource ID of the created Log Analytics Workspace.') -output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.name +output logAnalyticsResourceId string = logAnalyticsWorkspace.id diff --git a/avm/ptn/azd/aks/tests/e2e/defaults/main.test.bicep b/avm/ptn/azd/aks/tests/e2e/defaults/main.test.bicep index 0d0451cc8d..898e697da5 100644 --- a/avm/ptn/azd/aks/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/azd/aks/tests/e2e/defaults/main.test.bicep @@ -11,15 +11,16 @@ metadata description = 'This instance deploys the module with the minimum set of @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-azd-aks-${serviceShort}-rg' -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'paamin' @description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') param namePrefix string = '#_namePrefix_#' +// Enforced location als not all regions have quota available +#disable-next-line no-hardcoded-location +var enforcedLocation = 'northeurope' + // ============ // // Dependencies // // ============ // @@ -28,14 +29,14 @@ param namePrefix string = '#_namePrefix_#' // ================= resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { name: resourceGroupName - location: resourceLocation + location: enforcedLocation } module nestedDependencies 'dependencies.bicep' = { - name: '${uniqueString(deployment().name, resourceLocation)}-test-dependencies' + name: '${uniqueString(deployment().name, enforcedLocation)}-test-dependencies' scope: resourceGroup params: { - location: resourceLocation + location: enforcedLocation appName: 'dep-${namePrefix}-app-${serviceShort}' appServicePlanName: 'dep-${namePrefix}-apps-${serviceShort}' logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' @@ -50,14 +51,14 @@ module nestedDependencies 'dependencies.bicep' = { module testDeployment '../../../main.bicep' = [ for iteration in ['init', 'idem']: { scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + name: '${uniqueString(deployment().name, enforcedLocation)}-test-${serviceShort}-${iteration}' params: { name: 'mc${uniqueString(deployment().name)}-${serviceShort}' - containerRegistryName: '${uniqueString(deployment().name, resourceLocation)}testcontainerregistry${serviceShort}' - logAnalyticsName: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId + containerRegistryName: '${uniqueString(deployment().name, enforcedLocation)}testcontainerregistry${serviceShort}' keyVaultName: 'kv${uniqueString(deployment().name)}-${serviceShort}' - location: resourceLocation + location: enforcedLocation principalId: nestedDependencies.outputs.identityPrincipalId + monitoringWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsResourceId principalType: 'ServicePrincipal' } } diff --git a/avm/ptn/azd/aks/tests/e2e/max/dependencies.bicep b/avm/ptn/azd/aks/tests/e2e/max/dependencies.bicep index 9961f0c426..e80828420c 100644 --- a/avm/ptn/azd/aks/tests/e2e/max/dependencies.bicep +++ b/avm/ptn/azd/aks/tests/e2e/max/dependencies.bicep @@ -53,4 +53,4 @@ resource app 'Microsoft.Web/sites@2022-09-01' = { output identityPrincipalId string = app.identity.principalId @description('The resource ID of the created Log Analytics Workspace.') -output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.name +output logAnalyticsResourceId string = logAnalyticsWorkspace.id diff --git a/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep b/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep index cc61a356d6..3dd7119340 100644 --- a/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep +++ b/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep @@ -63,18 +63,7 @@ module testDeployment '../../../main.bicep' = [ containerRegistryName: '${uniqueString(deployment().name, enforcedLocation)}testcontainerregistry${serviceShort}' skuTier: 'Free' webApplicationRoutingEnabled: true - agentPools: [ - { - name: 'npuserpool' - mode: 'User' - osType: 'Linux' - maxPods: 30 - type: 'VirtualMachineScaleSets' - maxSurge: '33%' - vmSize: 'standard_a2_v2' - } - ] - logAnalyticsName: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId + monitoringWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsResourceId keyVaultName: 'kv${uniqueString(deployment().name)}-${serviceShort}' location: enforcedLocation principalId: nestedDependencies.outputs.identityPrincipalId From 3ce271ecdb6095846b6677d76476cbf5f85c3dc1 Mon Sep 17 00:00:00 2001 From: "Menghua Chen (WICRESOFT NORTH AMERICA LTD)" Date: Mon, 21 Oct 2024 10:40:55 +0800 Subject: [PATCH 5/7] Modify parameters to configurable variables instead of hard-coded --- avm/ptn/azd/aks/README.md | 38 +++++++++++++++++++++++++++++++++++- avm/ptn/azd/aks/main.bicep | 22 ++++++++++++++++----- avm/ptn/azd/aks/main.json | 40 ++++++++++++++++++++++++++++++++------ 3 files changed, 88 insertions(+), 12 deletions(-) diff --git a/avm/ptn/azd/aks/README.md b/avm/ptn/azd/aks/README.md index 3d5d2564f5..a66219ec6b 100644 --- a/avm/ptn/azd/aks/README.md +++ b/avm/ptn/azd/aks/README.md @@ -289,7 +289,11 @@ param webApplicationRoutingEnabled = true | [`dnsPrefix`](#parameter-dnsprefix) | string | Specifies the DNS prefix specified when creating the managed cluster. | | [`dnsServiceIP`](#parameter-dnsserviceip) | string | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | | [`enableKeyvaultSecretsProvider`](#parameter-enablekeyvaultsecretsprovider) | bool | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. | +| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Provide 'true' to enable Key Vault's purge protection feature. | +| [`enableRbacAuthorization`](#parameter-enablerbacauthorization) | bool | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`enableVaultForDeployment`](#parameter-enablevaultfordeployment) | bool | Specifies if the vault is enabled for deployment by script or compute. | +| [`enableVaultForTemplateDeployment`](#parameter-enablevaultfortemplatedeployment) | bool | Specifies if the vault is enabled for a template deployment. | | [`kubernetesVersion`](#parameter-kubernetesversion) | string | Kubernetes Version. | | [`loadBalancerSku`](#parameter-loadbalancersku) | string | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. | | [`location`](#parameter-location) | string | Specifies the location of AKS cluster. It picks up Resource Group's location by default. | @@ -431,7 +435,7 @@ If set to true, getting static credentials will be disabled for this cluster. Th - Required: No - Type: bool -- Default: `False` +- Default: `True` ### Parameter: `dnsPrefix` @@ -456,6 +460,22 @@ Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. - Type: bool - Default: `True` +### Parameter: `enablePurgeProtection` + +Provide 'true' to enable Key Vault's purge protection feature. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableRbacAuthorization` + +Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. + +- Required: No +- Type: bool +- Default: `False` + ### Parameter: `enableTelemetry` Enable/Disable usage telemetry for module. @@ -464,6 +484,22 @@ Enable/Disable usage telemetry for module. - Type: bool - Default: `True` +### Parameter: `enableVaultForDeployment` + +Specifies if the vault is enabled for deployment by script or compute. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableVaultForTemplateDeployment` + +Specifies if the vault is enabled for a template deployment. + +- Required: No +- Type: bool +- Default: `False` + ### Parameter: `kubernetesVersion` Kubernetes Version. diff --git a/avm/ptn/azd/aks/main.bicep b/avm/ptn/azd/aks/main.bicep index 686de9d215..d2e80e12da 100644 --- a/avm/ptn/azd/aks/main.bicep +++ b/avm/ptn/azd/aks/main.bicep @@ -132,7 +132,7 @@ param agentPoolConfig object = {} param enableKeyvaultSecretsProvider bool = true @description('Optional. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled.') -param disableLocalAccounts bool = false +param disableLocalAccounts bool = true @allowed([ 'NodeImage' @@ -162,6 +162,18 @@ param systemPoolType string = 'Standard' @description('Optional. The User Pool Preset sizing.') param agentPoolType string = '' +@description('Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC.') +param enableRbacAuthorization bool = false + +@description('Optional. Provide \'true\' to enable Key Vault\'s purge protection feature.') +param enablePurgeProtection bool = false + +@description('Optional. Specifies if the vault is enabled for deployment by script or compute.') +param enableVaultForDeployment bool = false + +@description('Optional. Specifies if the vault is enabled for a template deployment.') +param enableVaultForTemplateDeployment bool = false + var systemPoolSpec = !empty(systemPoolConfig) ? systemPoolConfig : nodePoolPresets[systemPoolType] var hasAgentPool = !empty(agentPoolConfig) || !empty(agentPoolType) @@ -369,10 +381,10 @@ module keyVault 'br/public:avm/res/key-vault/vault:0.9.0' = { params: { name: keyVaultName enableTelemetry: enableTelemetry - enableRbacAuthorization: false - enableVaultForDeployment: false - enableVaultForTemplateDeployment: false - enablePurgeProtection: false + enableRbacAuthorization: enableRbacAuthorization + enableVaultForDeployment: enableVaultForDeployment + enableVaultForTemplateDeployment: enableVaultForTemplateDeployment + enablePurgeProtection: enablePurgeProtection accessPolicies: [ { objectId: managedCluster.outputs.kubeletIdentityObjectId diff --git a/avm/ptn/azd/aks/main.json b/avm/ptn/azd/aks/main.json index 1d47ca62cd..e11095e7fe 100644 --- a/avm/ptn/azd/aks/main.json +++ b/avm/ptn/azd/aks/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "10399258682377969561" + "templateHash": "7110154178681720169" }, "name": "Azd AKS", "description": "Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool as well as an additional user agent pool.\n\n**Note:** This module is not intended for broad, generic use, as it was designed to cater for the requirements of the AZD CLI product. Feature requests and bug fix requests are welcome if they support the development of the AZD CLI but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case.", @@ -310,7 +310,7 @@ }, "disableLocalAccounts": { "type": "bool", - "defaultValue": false, + "defaultValue": true, "metadata": { "description": "Optional. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled." } @@ -354,6 +354,34 @@ "metadata": { "description": "Optional. The User Pool Preset sizing." } + }, + "enableRbacAuthorization": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC." + } + }, + "enablePurgeProtection": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Provide 'true' to enable Key Vault's purge protection feature." + } + }, + "enableVaultForDeployment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies if the vault is enabled for deployment by script or compute." + } + }, + "enableVaultForTemplateDeployment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies if the vault is enabled for a template deployment." + } } }, "variables": { @@ -6290,16 +6318,16 @@ "value": "[parameters('enableTelemetry')]" }, "enableRbacAuthorization": { - "value": false + "value": "[parameters('enableRbacAuthorization')]" }, "enableVaultForDeployment": { - "value": false + "value": "[parameters('enableVaultForDeployment')]" }, "enableVaultForTemplateDeployment": { - "value": false + "value": "[parameters('enableVaultForTemplateDeployment')]" }, "enablePurgeProtection": { - "value": false + "value": "[parameters('enablePurgeProtection')]" }, "accessPolicies": { "value": [ From c01690889d0c137474808c091a3c88ba88f43265 Mon Sep 17 00:00:00 2001 From: "Menghua Chen (WICRESOFT NORTH AMERICA LTD)" Date: Tue, 22 Oct 2024 14:50:04 +0800 Subject: [PATCH 6/7] update systemPoolConfig and agentPoolConfig parameter update systemPoolConfig and agentPoolConfig parameter update systemPoolConfig and agentPoolConfig parameter update systemPoolConfig and agentPoolConfig parameter update systemPoolConfig and agentPoolConfig parameter --- avm/ptn/azd/aks/README.md | 110 +++++- avm/ptn/azd/aks/main.bicep | 23 +- avm/ptn/azd/aks/main.json | 333 +++++++++++++++++- avm/ptn/azd/aks/tests/e2e/max/main.test.bicep | 28 ++ 4 files changed, 455 insertions(+), 39 deletions(-) diff --git a/avm/ptn/azd/aks/README.md b/avm/ptn/azd/aks/README.md index a66219ec6b..fee62fd617 100644 --- a/avm/ptn/azd/aks/README.md +++ b/avm/ptn/azd/aks/README.md @@ -159,12 +159,40 @@ module aks 'br/public:avm/ptn/azd/aks:' = { principalId: '' // Non-required parameters acrSku: 'Basic' + agentPoolConfig: [ + { + maxPods: 30 + maxSurge: '33%' + mode: 'User' + name: 'npuserpool' + osType: 'Linux' + type: 'VirtualMachineScaleSets' + vmSize: 'standard_a2' + } + ] + agentPoolSize: 'Standard' aksClusterRoleAssignmentName: '' containerRegistryRoleName: '' dnsPrefix: 'dep-dns-paamax' location: '' principalType: 'ServicePrincipal' skuTier: 'Free' + systemPoolConfig: [ + { + availabilityZones: [ + '1' + '2' + '3' + ] + count: 3 + enableAutoScaling: true + maxCount: 5 + minCount: 3 + mode: 'System' + name: 'npsystem' + vmSize: 'Standard_DS2_v2' + } + ] webApplicationRoutingEnabled: true } } @@ -202,6 +230,22 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "acrSku": { "value": "Basic" }, + "agentPoolConfig": { + "value": [ + { + "maxPods": 30, + "maxSurge": "33%", + "mode": "User", + "name": "npuserpool", + "osType": "Linux", + "type": "VirtualMachineScaleSets", + "vmSize": "standard_a2" + } + ] + }, + "agentPoolSize": { + "value": "Standard" + }, "aksClusterRoleAssignmentName": { "value": "" }, @@ -220,6 +264,24 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "skuTier": { "value": "Free" }, + "systemPoolConfig": { + "value": [ + { + "availabilityZones": [ + "1", + "2", + "3" + ], + "count": 3, + "enableAutoScaling": true, + "maxCount": 5, + "minCount": 3, + "mode": "System", + "name": "npsystem", + "vmSize": "Standard_DS2_v2" + } + ] + }, "webApplicationRoutingEnabled": { "value": true } @@ -245,12 +307,40 @@ param name = '' param principalId = '' // Non-required parameters param acrSku = 'Basic' +param agentPoolConfig = [ + { + maxPods: 30 + maxSurge: '33%' + mode: 'User' + name: 'npuserpool' + osType: 'Linux' + type: 'VirtualMachineScaleSets' + vmSize: 'standard_a2' + } +] +param agentPoolSize = 'Standard' param aksClusterRoleAssignmentName = '' param containerRegistryRoleName = '' param dnsPrefix = 'dep-dns-paamax' param location = '' param principalType = 'ServicePrincipal' param skuTier = 'Free' +param systemPoolConfig = [ + { + availabilityZones: [ + '1' + '2' + '3' + ] + count: 3 + enableAutoScaling: true + maxCount: 5 + minCount: 3 + mode: 'System' + name: 'npsystem' + vmSize: 'Standard_DS2_v2' + } +] param webApplicationRoutingEnabled = true ``` @@ -280,8 +370,8 @@ param webApplicationRoutingEnabled = true | Parameter | Type | Description | | :-- | :-- | :-- | | [`acrSku`](#parameter-acrsku) | string | Tier of your Azure container registry. | -| [`agentPoolConfig`](#parameter-agentpoolconfig) | object | Custom configuration of user node pool. | -| [`agentPoolType`](#parameter-agentpooltype) | string | The User Pool Preset sizing. | +| [`agentPoolConfig`](#parameter-agentpoolconfig) | array | Custom configuration of user node pool. | +| [`agentPoolSize`](#parameter-agentpoolsize) | string | The User Pool Preset sizing. | | [`aksClusterRoleAssignmentName`](#parameter-aksclusterroleassignmentname) | string | The name (as GUID) of the role assignment. If not provided, a GUID will be generated. | | [`autoNodeOsUpgradeProfileUpgradeChannel`](#parameter-autonodeosupgradeprofileupgradechannel) | string | Auto-upgrade channel on the Node Os. | | [`containerRegistryRoleName`](#parameter-containerregistryrolename) | string | The name (as GUID) of the role assignment. If not provided, a GUID will be generated. | @@ -309,8 +399,8 @@ param webApplicationRoutingEnabled = true | [`serviceCidr`](#parameter-servicecidr) | string | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | | [`skuTier`](#parameter-skutier) | string | Tier of a managed cluster SKU. | | [`sshPublicKey`](#parameter-sshpublickey) | string | Specifies the SSH RSA public key string for the Linux nodes. | -| [`systemPoolConfig`](#parameter-systempoolconfig) | object | Custom configuration of system node pool. | -| [`systemPoolType`](#parameter-systempooltype) | string | The System Pool Preset sizing. | +| [`systemPoolConfig`](#parameter-systempoolconfig) | array | Custom configuration of system node pool. | +| [`systemPoolSize`](#parameter-systempoolsize) | string | The System Pool Preset sizing. | | [`tags`](#parameter-tags) | object | Custom tags to apply to the AKS resources. | | [`webApplicationRoutingEnabled`](#parameter-webapplicationroutingenabled) | bool | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. | @@ -377,10 +467,10 @@ Tier of your Azure container registry. Custom configuration of user node pool. - Required: No -- Type: object -- Default: `{}` +- Type: array +- Default: `[]` -### Parameter: `agentPoolType` +### Parameter: `agentPoolSize` The User Pool Preset sizing. @@ -712,10 +802,10 @@ Specifies the SSH RSA public key string for the Linux nodes. Custom configuration of system node pool. - Required: No -- Type: object -- Default: `{}` +- Type: array +- Default: `[]` -### Parameter: `systemPoolType` +### Parameter: `systemPoolSize` The System Pool Preset sizing. diff --git a/avm/ptn/azd/aks/main.bicep b/avm/ptn/azd/aks/main.bicep index d2e80e12da..507bbccb91 100644 --- a/avm/ptn/azd/aks/main.bicep +++ b/avm/ptn/azd/aks/main.bicep @@ -122,11 +122,12 @@ param containerRegistryRoleName string? @description('Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated.') param aksClusterRoleAssignmentName string? +import {agentPoolType} from 'br/public:avm/res/container-service/managed-cluster:0.4.1' @description('Optional. Custom configuration of system node pool.') -param systemPoolConfig object = {} +param systemPoolConfig array = [] @description('Optional. Custom configuration of user node pool.') -param agentPoolConfig object = {} +param agentPoolConfig array = [] @description('Optional. Specifies whether the KeyvaultSecretsProvider add-on is enabled or not.') param enableKeyvaultSecretsProvider bool = true @@ -150,7 +151,7 @@ param autoNodeOsUpgradeProfileUpgradeChannel string = 'NodeImage' 'Custom' ]) @description('Optional. The System Pool Preset sizing.') -param systemPoolType string = 'Standard' +param systemPoolSize string = 'Standard' @allowed([ '' @@ -160,7 +161,7 @@ param systemPoolType string = 'Standard' 'Custom' ]) @description('Optional. The User Pool Preset sizing.') -param agentPoolType string = '' +param agentPoolSize string = '' @description('Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC.') param enableRbacAuthorization bool = false @@ -174,13 +175,11 @@ param enableVaultForDeployment bool = false @description('Optional. Specifies if the vault is enabled for a template deployment.') param enableVaultForTemplateDeployment bool = false -var systemPoolSpec = !empty(systemPoolConfig) ? systemPoolConfig : nodePoolPresets[systemPoolType] +var systemPoolSpec = !empty(systemPoolConfig) ? systemPoolConfig : [union({ name: 'npsystem', mode: 'System' }, nodePoolBase, nodePoolPresets[systemPoolSize])] -var hasAgentPool = !empty(agentPoolConfig) || !empty(agentPoolType) +var hasAgentPool = !empty(agentPoolConfig) || !empty(agentPoolSize) -var agentPoolSpec = hasAgentPool && !empty(agentPoolConfig) - ? agentPoolConfig - : empty(agentPoolType) ? {} : nodePoolPresets[agentPoolType] +var agentPoolsConfig = hasAgentPool && !empty(agentPoolConfig) ? agentPoolConfig : empty(agentPoolSize) ? [] : [union({ name: 'npuser', mode: 'User' }, nodePoolBase, nodePoolPresets[agentPoolSize])] var aksClusterAdminRole = subscriptionResourceId( 'Microsoft.Authorization/roleDefinitions', @@ -236,8 +235,6 @@ var nodePoolBase = { } } -var agentPoolsConfig = hasAgentPool ? [union({ name: 'npuser', mode: 'User' }, nodePoolBase, agentPoolSpec)] : null - // ============== // // Resources // // ============== // @@ -318,9 +315,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.4.0 ] } ] - primaryAgentPoolProfile: [ - union({ name: 'npsystem', mode: 'System' }, nodePoolBase, systemPoolSpec) - ] + primaryAgentPoolProfile: systemPoolSpec dnsPrefix: dnsPrefix agentPools: agentPoolsConfig enableTelemetry: enableTelemetry diff --git a/avm/ptn/azd/aks/main.json b/avm/ptn/azd/aks/main.json index e11095e7fe..bcd873c14d 100644 --- a/avm/ptn/azd/aks/main.json +++ b/avm/ptn/azd/aks/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "7110154178681720169" + "templateHash": "8872877172389095214" }, "name": "Azd AKS", "description": "Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool as well as an additional user agent pool.\n\n**Note:** This module is not intended for broad, generic use, as it was designed to cater for the requirements of the AZD CLI product. Feature requests and bug fix requests are welcome if they support the development of the AZD CLI but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case.", @@ -44,6 +44,312 @@ } }, "nullable": true + }, + "agentPoolType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the agent pool." + } + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "int" + }, + "nullable": true, + "metadata": { + "description": "Optional. The availability zones of the agent pool." + } + }, + "count": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "sourceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The source resource ID to create the agent pool from." + } + }, + "enableAutoScaling": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable auto-scaling for the agent pool." + } + }, + "enableEncryptionAtHost": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable encryption at host for the agent pool." + } + }, + "enableFIPS": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable FIPS for the agent pool." + } + }, + "enableNodePublicIP": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable node public IP for the agent pool." + } + }, + "enableUltraSSD": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable Ultra SSD for the agent pool." + } + }, + "gpuInstanceProfile": { + "type": "string", + "allowedValues": [ + "MIG1g", + "MIG2g", + "MIG3g", + "MIG4g", + "MIG7g" + ], + "nullable": true, + "metadata": { + "description": "Optional. The GPU instance profile of the agent pool." + } + }, + "kubeletDiskType": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The kubelet disk type of the agent pool." + } + }, + "maxCount": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "minCount": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "maxPods": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of pods that can run on a node." + } + }, + "minPods": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The minimum number of pods that can run on a node." + } + }, + "mode": { + "type": "string", + "allowedValues": [ + "System", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The mode of the agent pool." + } + }, + "nodeLabels": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The node labels of the agent pool." + } + }, + "nodePublicIpPrefixResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The node public IP prefix ID of the agent pool." + } + }, + "nodeTaints": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The node taints of the agent pool." + } + }, + "orchestratorVersion": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Kubernetes version of the agent pool." + } + }, + "osDiskSizeGB": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The OS disk size in GB of the agent pool." + } + }, + "osDiskType": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The OS disk type of the agent pool." + } + }, + "osSku": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The OS SKU of the agent pool." + } + }, + "osType": { + "type": "string", + "allowedValues": [ + "Linux", + "Windows" + ], + "nullable": true, + "metadata": { + "description": "Optional. The OS type of the agent pool." + } + }, + "podSubnetResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The pod subnet ID of the agent pool." + } + }, + "proximityPlacementGroupResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The proximity placement group resource ID of the agent pool." + } + }, + "scaleDownMode": { + "type": "string", + "allowedValues": [ + "Deallocate", + "Delete" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale down mode of the agent pool." + } + }, + "scaleSetEvictionPolicy": { + "type": "string", + "allowedValues": [ + "Deallocate", + "Delete" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale set eviction policy of the agent pool." + } + }, + "scaleSetPriority": { + "type": "string", + "allowedValues": [ + "Low", + "Regular", + "Spot" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale set priority of the agent pool." + } + }, + "spotMaxPrice": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The spot max price of the agent pool." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The tags of the agent pool." + } + }, + "type": { + "type": "string", + "allowedValues": [ + "AvailabilitySet", + "VirtualMachineScaleSets" + ], + "nullable": true, + "metadata": { + "description": "Optional. The type of the agent pool." + } + }, + "maxSurge": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of nodes that can be created during an upgrade." + } + }, + "vmSize": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The VM size of the agent pool." + } + }, + "vnetSubnetResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The VNet subnet ID of the agent pool." + } + }, + "workloadRuntime": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The workload runtime of the agent pool." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. The enable default telemetry of the agent pool." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/container-service/managed-cluster:0.4.1" + } + } } }, "parameters": { @@ -288,15 +594,15 @@ } }, "systemPoolConfig": { - "type": "object", - "defaultValue": {}, + "type": "array", + "defaultValue": [], "metadata": { "description": "Optional. Custom configuration of system node pool." } }, "agentPoolConfig": { - "type": "object", - "defaultValue": {}, + "type": "array", + "defaultValue": [], "metadata": { "description": "Optional. Custom configuration of user node pool." } @@ -328,7 +634,7 @@ "description": "Optional. Auto-upgrade channel on the Node Os." } }, - "systemPoolType": { + "systemPoolSize": { "type": "string", "defaultValue": "Standard", "allowedValues": [ @@ -341,7 +647,7 @@ "description": "Optional. The System Pool Preset sizing." } }, - "agentPoolType": { + "agentPoolSize": { "type": "string", "defaultValue": "", "allowedValues": [ @@ -385,9 +691,9 @@ } }, "variables": { - "systemPoolSpec": "[if(not(empty(parameters('systemPoolConfig'))), parameters('systemPoolConfig'), variables('nodePoolPresets')[parameters('systemPoolType')])]", - "hasAgentPool": "[or(not(empty(parameters('agentPoolConfig'))), not(empty(parameters('agentPoolType'))))]", - "agentPoolSpec": "[if(and(variables('hasAgentPool'), not(empty(parameters('agentPoolConfig')))), parameters('agentPoolConfig'), if(empty(parameters('agentPoolType')), createObject(), variables('nodePoolPresets')[parameters('agentPoolType')]))]", + "systemPoolSpec": "[if(not(empty(parameters('systemPoolConfig'))), parameters('systemPoolConfig'), createArray(union(createObject('name', 'npsystem', 'mode', 'System'), variables('nodePoolBase'), variables('nodePoolPresets')[parameters('systemPoolSize')])))]", + "hasAgentPool": "[or(not(empty(parameters('agentPoolConfig'))), not(empty(parameters('agentPoolSize'))))]", + "agentPoolsConfig": "[if(and(variables('hasAgentPool'), not(empty(parameters('agentPoolConfig')))), parameters('agentPoolConfig'), if(empty(parameters('agentPoolSize')), createArray(), createArray(union(createObject('name', 'npuser', 'mode', 'User'), variables('nodePoolBase'), variables('nodePoolPresets')[parameters('agentPoolSize')]))))]", "aksClusterAdminRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b')]", "acrPullRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')]", "nodePoolPresets": { @@ -431,8 +737,7 @@ "upgradeSettings": { "maxSurge": "33%" } - }, - "agentPoolsConfig": "[if(variables('hasAgentPool'), createArray(union(createObject('name', 'npuser', 'mode', 'User'), variables('nodePoolBase'), variables('agentPoolSpec'))), null())]" + } }, "resources": { "avmTelemetry": { @@ -568,9 +873,7 @@ ] }, "primaryAgentPoolProfile": { - "value": [ - "[union(createObject('name', 'npsystem', 'mode', 'System'), variables('nodePoolBase'), variables('systemPoolSpec'))]" - ] + "value": "[variables('systemPoolSpec')]" }, "dnsPrefix": { "value": "[parameters('dnsPrefix')]" diff --git a/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep b/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep index 3dd7119340..cb0f03d700 100644 --- a/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep +++ b/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep @@ -72,6 +72,34 @@ module testDeployment '../../../main.bicep' = [ principalType: 'ServicePrincipal' containerRegistryRoleName: containerRegistryRoleName aksClusterRoleAssignmentName: aksClusterRoleAssignmentName + agentPoolConfig: [ + { + name: 'npuserpool' + mode: 'User' + osType: 'Linux' + maxPods: 30 + type: 'VirtualMachineScaleSets' + maxSurge: '33%' + vmSize: 'standard_a2' + } + ] + agentPoolSize: 'Standard' + systemPoolConfig: [ + { + name: 'npsystem' + mode: 'System' + vmSize: 'Standard_DS2_v2' + count: 3 + minCount: 3 + maxCount: 5 + enableAutoScaling: true + availabilityZones: [ + '1' + '2' + '3' + ] + } + ] } } ] From 492779eef921ed49c6b04723f617561c750ececd Mon Sep 17 00:00:00 2001 From: "Menghua Chen (WICRESOFT NORTH AMERICA LTD)" Date: Wed, 23 Oct 2024 11:29:34 +0800 Subject: [PATCH 7/7] update systemPoolConfig and agentPoolConfig update systemPoolConfig and agentPoolConfig update systemPoolConfig and agentPoolConfig update systemPoolConfig and agentPoolConfig --- avm/ptn/azd/aks/README.md | 746 +++++++++++++++- avm/ptn/azd/aks/main.bicep | 22 +- avm/ptn/azd/aks/main.json | 807 +++++++++--------- avm/ptn/azd/aks/tests/e2e/max/main.test.bicep | 8 +- 4 files changed, 1171 insertions(+), 412 deletions(-) diff --git a/avm/ptn/azd/aks/README.md b/avm/ptn/azd/aks/README.md index fee62fd617..be49729f45 100644 --- a/avm/ptn/azd/aks/README.md +++ b/avm/ptn/azd/aks/README.md @@ -167,7 +167,7 @@ module aks 'br/public:avm/ptn/azd/aks:' = { name: 'npuserpool' osType: 'Linux' type: 'VirtualMachineScaleSets' - vmSize: 'standard_a2' + vmSize: 'Standard_DS2_v2' } ] agentPoolSize: 'Standard' @@ -180,9 +180,9 @@ module aks 'br/public:avm/ptn/azd/aks:' = { systemPoolConfig: [ { availabilityZones: [ - '1' - '2' - '3' + 1 + 2 + 3 ] count: 3 enableAutoScaling: true @@ -239,7 +239,7 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "name": "npuserpool", "osType": "Linux", "type": "VirtualMachineScaleSets", - "vmSize": "standard_a2" + "vmSize": "Standard_DS2_v2" } ] }, @@ -268,9 +268,9 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "value": [ { "availabilityZones": [ - "1", - "2", - "3" + 1, + 2, + 3 ], "count": 3, "enableAutoScaling": true, @@ -315,7 +315,7 @@ param agentPoolConfig = [ name: 'npuserpool' osType: 'Linux' type: 'VirtualMachineScaleSets' - vmSize: 'standard_a2' + vmSize: 'Standard_DS2_v2' } ] param agentPoolSize = 'Standard' @@ -328,9 +328,9 @@ param skuTier = 'Free' param systemPoolConfig = [ { availabilityZones: [ - '1' - '2' - '3' + 1 + 2 + 3 ] count: 3 enableAutoScaling: true @@ -468,7 +468,365 @@ Custom configuration of user node pool. - Required: No - Type: array -- Default: `[]` + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-agentpoolconfigname) | string | The name of the agent pool. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`availabilityZones`](#parameter-agentpoolconfigavailabilityzones) | array | The availability zones of the agent pool. | +| [`count`](#parameter-agentpoolconfigcount) | int | The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`enableAutoScaling`](#parameter-agentpoolconfigenableautoscaling) | bool | Whether to enable auto-scaling for the agent pool. | +| [`enableDefaultTelemetry`](#parameter-agentpoolconfigenabledefaulttelemetry) | bool | The enable default telemetry of the agent pool. | +| [`enableEncryptionAtHost`](#parameter-agentpoolconfigenableencryptionathost) | bool | Whether to enable encryption at host for the agent pool. | +| [`enableFIPS`](#parameter-agentpoolconfigenablefips) | bool | Whether to enable FIPS for the agent pool. | +| [`enableNodePublicIP`](#parameter-agentpoolconfigenablenodepublicip) | bool | Whether to enable node public IP for the agent pool. | +| [`enableUltraSSD`](#parameter-agentpoolconfigenableultrassd) | bool | Whether to enable Ultra SSD for the agent pool. | +| [`gpuInstanceProfile`](#parameter-agentpoolconfiggpuinstanceprofile) | string | The GPU instance profile of the agent pool. | +| [`kubeletDiskType`](#parameter-agentpoolconfigkubeletdisktype) | string | The kubelet disk type of the agent pool. | +| [`maxCount`](#parameter-agentpoolconfigmaxcount) | int | The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`maxPods`](#parameter-agentpoolconfigmaxpods) | int | The maximum number of pods that can run on a node. | +| [`maxSurge`](#parameter-agentpoolconfigmaxsurge) | string | The maximum number of nodes that can be created during an upgrade. | +| [`minCount`](#parameter-agentpoolconfigmincount) | int | The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`minPods`](#parameter-agentpoolconfigminpods) | int | The minimum number of pods that can run on a node. | +| [`mode`](#parameter-agentpoolconfigmode) | string | The mode of the agent pool. | +| [`nodeLabels`](#parameter-agentpoolconfignodelabels) | object | The node labels of the agent pool. | +| [`nodePublicIpPrefixResourceId`](#parameter-agentpoolconfignodepublicipprefixresourceid) | string | The node public IP prefix ID of the agent pool. | +| [`nodeTaints`](#parameter-agentpoolconfignodetaints) | array | The node taints of the agent pool. | +| [`orchestratorVersion`](#parameter-agentpoolconfigorchestratorversion) | string | The Kubernetes version of the agent pool. | +| [`osDiskSizeGB`](#parameter-agentpoolconfigosdisksizegb) | int | The OS disk size in GB of the agent pool. | +| [`osDiskType`](#parameter-agentpoolconfigosdisktype) | string | The OS disk type of the agent pool. | +| [`osSku`](#parameter-agentpoolconfigossku) | string | The OS SKU of the agent pool. | +| [`osType`](#parameter-agentpoolconfigostype) | string | The OS type of the agent pool. | +| [`podSubnetResourceId`](#parameter-agentpoolconfigpodsubnetresourceid) | string | The pod subnet ID of the agent pool. | +| [`proximityPlacementGroupResourceId`](#parameter-agentpoolconfigproximityplacementgroupresourceid) | string | The proximity placement group resource ID of the agent pool. | +| [`scaleDownMode`](#parameter-agentpoolconfigscaledownmode) | string | The scale down mode of the agent pool. | +| [`scaleSetEvictionPolicy`](#parameter-agentpoolconfigscalesetevictionpolicy) | string | The scale set eviction policy of the agent pool. | +| [`scaleSetPriority`](#parameter-agentpoolconfigscalesetpriority) | string | The scale set priority of the agent pool. | +| [`sourceResourceId`](#parameter-agentpoolconfigsourceresourceid) | string | The source resource ID to create the agent pool from. | +| [`spotMaxPrice`](#parameter-agentpoolconfigspotmaxprice) | int | The spot max price of the agent pool. | +| [`tags`](#parameter-agentpoolconfigtags) | object | The tags of the agent pool. | +| [`type`](#parameter-agentpoolconfigtype) | string | The type of the agent pool. | +| [`vmSize`](#parameter-agentpoolconfigvmsize) | string | The VM size of the agent pool. | +| [`vnetSubnetResourceId`](#parameter-agentpoolconfigvnetsubnetresourceid) | string | The VNet subnet ID of the agent pool. | +| [`workloadRuntime`](#parameter-agentpoolconfigworkloadruntime) | string | The workload runtime of the agent pool. | + +### Parameter: `agentPoolConfig.name` + +The name of the agent pool. + +- Required: Yes +- Type: string + +### Parameter: `agentPoolConfig.availabilityZones` + +The availability zones of the agent pool. + +- Required: No +- Type: array + +### Parameter: `agentPoolConfig.count` + +The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). + +- Required: No +- Type: int + +### Parameter: `agentPoolConfig.enableAutoScaling` + +Whether to enable auto-scaling for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `agentPoolConfig.enableDefaultTelemetry` + +The enable default telemetry of the agent pool. + +- Required: No +- Type: bool + +### Parameter: `agentPoolConfig.enableEncryptionAtHost` + +Whether to enable encryption at host for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `agentPoolConfig.enableFIPS` + +Whether to enable FIPS for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `agentPoolConfig.enableNodePublicIP` + +Whether to enable node public IP for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `agentPoolConfig.enableUltraSSD` + +Whether to enable Ultra SSD for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `agentPoolConfig.gpuInstanceProfile` + +The GPU instance profile of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'MIG1g' + 'MIG2g' + 'MIG3g' + 'MIG4g' + 'MIG7g' + ] + ``` + +### Parameter: `agentPoolConfig.kubeletDiskType` + +The kubelet disk type of the agent pool. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.maxCount` + +The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). + +- Required: No +- Type: int + +### Parameter: `agentPoolConfig.maxPods` + +The maximum number of pods that can run on a node. + +- Required: No +- Type: int + +### Parameter: `agentPoolConfig.maxSurge` + +The maximum number of nodes that can be created during an upgrade. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.minCount` + +The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). + +- Required: No +- Type: int + +### Parameter: `agentPoolConfig.minPods` + +The minimum number of pods that can run on a node. + +- Required: No +- Type: int + +### Parameter: `agentPoolConfig.mode` + +The mode of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'System' + 'User' + ] + ``` + +### Parameter: `agentPoolConfig.nodeLabels` + +The node labels of the agent pool. + +- Required: No +- Type: object + +### Parameter: `agentPoolConfig.nodePublicIpPrefixResourceId` + +The node public IP prefix ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.nodeTaints` + +The node taints of the agent pool. + +- Required: No +- Type: array + +### Parameter: `agentPoolConfig.orchestratorVersion` + +The Kubernetes version of the agent pool. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.osDiskSizeGB` + +The OS disk size in GB of the agent pool. + +- Required: No +- Type: int + +### Parameter: `agentPoolConfig.osDiskType` + +The OS disk type of the agent pool. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.osSku` + +The OS SKU of the agent pool. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.osType` + +The OS type of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Linux' + 'Windows' + ] + ``` + +### Parameter: `agentPoolConfig.podSubnetResourceId` + +The pod subnet ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.proximityPlacementGroupResourceId` + +The proximity placement group resource ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.scaleDownMode` + +The scale down mode of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Deallocate' + 'Delete' + ] + ``` + +### Parameter: `agentPoolConfig.scaleSetEvictionPolicy` + +The scale set eviction policy of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Deallocate' + 'Delete' + ] + ``` + +### Parameter: `agentPoolConfig.scaleSetPriority` + +The scale set priority of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Low' + 'Regular' + 'Spot' + ] + ``` + +### Parameter: `agentPoolConfig.sourceResourceId` + +The source resource ID to create the agent pool from. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.spotMaxPrice` + +The spot max price of the agent pool. + +- Required: No +- Type: int + +### Parameter: `agentPoolConfig.tags` + +The tags of the agent pool. + +- Required: No +- Type: object + +### Parameter: `agentPoolConfig.type` + +The type of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'AvailabilitySet' + 'VirtualMachineScaleSets' + ] + ``` + +### Parameter: `agentPoolConfig.vmSize` + +The VM size of the agent pool. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.vnetSubnetResourceId` + +The VNet subnet ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `agentPoolConfig.workloadRuntime` + +The workload runtime of the agent pool. + +- Required: No +- Type: string ### Parameter: `agentPoolSize` @@ -803,7 +1161,365 @@ Custom configuration of system node pool. - Required: No - Type: array -- Default: `[]` + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-systempoolconfigname) | string | The name of the agent pool. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`availabilityZones`](#parameter-systempoolconfigavailabilityzones) | array | The availability zones of the agent pool. | +| [`count`](#parameter-systempoolconfigcount) | int | The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`enableAutoScaling`](#parameter-systempoolconfigenableautoscaling) | bool | Whether to enable auto-scaling for the agent pool. | +| [`enableDefaultTelemetry`](#parameter-systempoolconfigenabledefaulttelemetry) | bool | The enable default telemetry of the agent pool. | +| [`enableEncryptionAtHost`](#parameter-systempoolconfigenableencryptionathost) | bool | Whether to enable encryption at host for the agent pool. | +| [`enableFIPS`](#parameter-systempoolconfigenablefips) | bool | Whether to enable FIPS for the agent pool. | +| [`enableNodePublicIP`](#parameter-systempoolconfigenablenodepublicip) | bool | Whether to enable node public IP for the agent pool. | +| [`enableUltraSSD`](#parameter-systempoolconfigenableultrassd) | bool | Whether to enable Ultra SSD for the agent pool. | +| [`gpuInstanceProfile`](#parameter-systempoolconfiggpuinstanceprofile) | string | The GPU instance profile of the agent pool. | +| [`kubeletDiskType`](#parameter-systempoolconfigkubeletdisktype) | string | The kubelet disk type of the agent pool. | +| [`maxCount`](#parameter-systempoolconfigmaxcount) | int | The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`maxPods`](#parameter-systempoolconfigmaxpods) | int | The maximum number of pods that can run on a node. | +| [`maxSurge`](#parameter-systempoolconfigmaxsurge) | string | The maximum number of nodes that can be created during an upgrade. | +| [`minCount`](#parameter-systempoolconfigmincount) | int | The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`minPods`](#parameter-systempoolconfigminpods) | int | The minimum number of pods that can run on a node. | +| [`mode`](#parameter-systempoolconfigmode) | string | The mode of the agent pool. | +| [`nodeLabels`](#parameter-systempoolconfignodelabels) | object | The node labels of the agent pool. | +| [`nodePublicIpPrefixResourceId`](#parameter-systempoolconfignodepublicipprefixresourceid) | string | The node public IP prefix ID of the agent pool. | +| [`nodeTaints`](#parameter-systempoolconfignodetaints) | array | The node taints of the agent pool. | +| [`orchestratorVersion`](#parameter-systempoolconfigorchestratorversion) | string | The Kubernetes version of the agent pool. | +| [`osDiskSizeGB`](#parameter-systempoolconfigosdisksizegb) | int | The OS disk size in GB of the agent pool. | +| [`osDiskType`](#parameter-systempoolconfigosdisktype) | string | The OS disk type of the agent pool. | +| [`osSku`](#parameter-systempoolconfigossku) | string | The OS SKU of the agent pool. | +| [`osType`](#parameter-systempoolconfigostype) | string | The OS type of the agent pool. | +| [`podSubnetResourceId`](#parameter-systempoolconfigpodsubnetresourceid) | string | The pod subnet ID of the agent pool. | +| [`proximityPlacementGroupResourceId`](#parameter-systempoolconfigproximityplacementgroupresourceid) | string | The proximity placement group resource ID of the agent pool. | +| [`scaleDownMode`](#parameter-systempoolconfigscaledownmode) | string | The scale down mode of the agent pool. | +| [`scaleSetEvictionPolicy`](#parameter-systempoolconfigscalesetevictionpolicy) | string | The scale set eviction policy of the agent pool. | +| [`scaleSetPriority`](#parameter-systempoolconfigscalesetpriority) | string | The scale set priority of the agent pool. | +| [`sourceResourceId`](#parameter-systempoolconfigsourceresourceid) | string | The source resource ID to create the agent pool from. | +| [`spotMaxPrice`](#parameter-systempoolconfigspotmaxprice) | int | The spot max price of the agent pool. | +| [`tags`](#parameter-systempoolconfigtags) | object | The tags of the agent pool. | +| [`type`](#parameter-systempoolconfigtype) | string | The type of the agent pool. | +| [`vmSize`](#parameter-systempoolconfigvmsize) | string | The VM size of the agent pool. | +| [`vnetSubnetResourceId`](#parameter-systempoolconfigvnetsubnetresourceid) | string | The VNet subnet ID of the agent pool. | +| [`workloadRuntime`](#parameter-systempoolconfigworkloadruntime) | string | The workload runtime of the agent pool. | + +### Parameter: `systemPoolConfig.name` + +The name of the agent pool. + +- Required: Yes +- Type: string + +### Parameter: `systemPoolConfig.availabilityZones` + +The availability zones of the agent pool. + +- Required: No +- Type: array + +### Parameter: `systemPoolConfig.count` + +The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.enableAutoScaling` + +Whether to enable auto-scaling for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.enableDefaultTelemetry` + +The enable default telemetry of the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.enableEncryptionAtHost` + +Whether to enable encryption at host for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.enableFIPS` + +Whether to enable FIPS for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.enableNodePublicIP` + +Whether to enable node public IP for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.enableUltraSSD` + +Whether to enable Ultra SSD for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.gpuInstanceProfile` + +The GPU instance profile of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'MIG1g' + 'MIG2g' + 'MIG3g' + 'MIG4g' + 'MIG7g' + ] + ``` + +### Parameter: `systemPoolConfig.kubeletDiskType` + +The kubelet disk type of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.maxCount` + +The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.maxPods` + +The maximum number of pods that can run on a node. + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.maxSurge` + +The maximum number of nodes that can be created during an upgrade. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.minCount` + +The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.minPods` + +The minimum number of pods that can run on a node. + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.mode` + +The mode of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'System' + 'User' + ] + ``` + +### Parameter: `systemPoolConfig.nodeLabels` + +The node labels of the agent pool. + +- Required: No +- Type: object + +### Parameter: `systemPoolConfig.nodePublicIpPrefixResourceId` + +The node public IP prefix ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.nodeTaints` + +The node taints of the agent pool. + +- Required: No +- Type: array + +### Parameter: `systemPoolConfig.orchestratorVersion` + +The Kubernetes version of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.osDiskSizeGB` + +The OS disk size in GB of the agent pool. + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.osDiskType` + +The OS disk type of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.osSku` + +The OS SKU of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.osType` + +The OS type of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Linux' + 'Windows' + ] + ``` + +### Parameter: `systemPoolConfig.podSubnetResourceId` + +The pod subnet ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.proximityPlacementGroupResourceId` + +The proximity placement group resource ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.scaleDownMode` + +The scale down mode of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Deallocate' + 'Delete' + ] + ``` + +### Parameter: `systemPoolConfig.scaleSetEvictionPolicy` + +The scale set eviction policy of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Deallocate' + 'Delete' + ] + ``` + +### Parameter: `systemPoolConfig.scaleSetPriority` + +The scale set priority of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Low' + 'Regular' + 'Spot' + ] + ``` + +### Parameter: `systemPoolConfig.sourceResourceId` + +The source resource ID to create the agent pool from. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.spotMaxPrice` + +The spot max price of the agent pool. + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.tags` + +The tags of the agent pool. + +- Required: No +- Type: object + +### Parameter: `systemPoolConfig.type` + +The type of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'AvailabilitySet' + 'VirtualMachineScaleSets' + ] + ``` + +### Parameter: `systemPoolConfig.vmSize` + +The VM size of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.vnetSubnetResourceId` + +The VNet subnet ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.workloadRuntime` + +The workload runtime of the agent pool. + +- Required: No +- Type: string ### Parameter: `systemPoolSize` @@ -857,7 +1573,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | | `br/public:avm/res/container-registry/registry:0.5.1` | Remote reference | -| `br/public:avm/res/container-service/managed-cluster:0.4.0` | Remote reference | +| `br/public:avm/res/container-service/managed-cluster:0.4.1` | Remote reference | | `br/public:avm/res/key-vault/vault:0.9.0` | Remote reference | ## Data Collection diff --git a/avm/ptn/azd/aks/main.bicep b/avm/ptn/azd/aks/main.bicep index 507bbccb91..6ca5ee2d38 100644 --- a/avm/ptn/azd/aks/main.bicep +++ b/avm/ptn/azd/aks/main.bicep @@ -124,10 +124,10 @@ param aksClusterRoleAssignmentName string? import {agentPoolType} from 'br/public:avm/res/container-service/managed-cluster:0.4.1' @description('Optional. Custom configuration of system node pool.') -param systemPoolConfig array = [] +param systemPoolConfig agentPoolType[]? @description('Optional. Custom configuration of user node pool.') -param agentPoolConfig array = [] +param agentPoolConfig agentPoolType[]? @description('Optional. Specifies whether the KeyvaultSecretsProvider add-on is enabled or not.') param enableKeyvaultSecretsProvider bool = true @@ -175,11 +175,9 @@ param enableVaultForDeployment bool = false @description('Optional. Specifies if the vault is enabled for a template deployment.') param enableVaultForTemplateDeployment bool = false -var systemPoolSpec = !empty(systemPoolConfig) ? systemPoolConfig : [union({ name: 'npsystem', mode: 'System' }, nodePoolBase, nodePoolPresets[systemPoolSize])] +var systemPoolsConfig = !empty(systemPoolConfig) ? systemPoolConfig : [union({ name: 'npsystem', mode: 'System' }, nodePoolBase, nodePoolPresets[systemPoolSize])] -var hasAgentPool = !empty(agentPoolConfig) || !empty(agentPoolSize) - -var agentPoolsConfig = hasAgentPool && !empty(agentPoolConfig) ? agentPoolConfig : empty(agentPoolSize) ? [] : [union({ name: 'npuser', mode: 'User' }, nodePoolBase, nodePoolPresets[agentPoolSize])] +var agentPoolsConfig = !empty(agentPoolConfig) ? agentPoolConfig : empty(agentPoolSize) ? null : [union({ name: 'npuser', mode: 'User' }, nodePoolBase, nodePoolPresets[agentPoolSize])] var aksClusterAdminRole = subscriptionResourceId( 'Microsoft.Authorization/roleDefinitions', @@ -207,9 +205,9 @@ var nodePoolPresets = { maxCount: 5 enableAutoScaling: true availabilityZones: [ - '1' - '2' - '3' + 1 + 2 + 3 ] } HighSpec: { @@ -258,7 +256,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.4.0' = { +module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.4.1' = { name: '${uniqueString(deployment().name, location)}-managed-cluster' params: { name: name @@ -276,7 +274,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.4.0 sshPublicKey: sshPublicKey skuTier: skuTier appGatewayResourceId: appGatewayResourceId - monitoringWorkspaceId: monitoringWorkspaceResourceId + monitoringWorkspaceResourceId: monitoringWorkspaceResourceId publicNetworkAccess: publicNetworkAccess autoNodeOsUpgradeProfileUpgradeChannel: autoNodeOsUpgradeProfileUpgradeChannel enableKeyvaultSecretsProvider: enableKeyvaultSecretsProvider @@ -315,7 +313,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.4.0 ] } ] - primaryAgentPoolProfile: systemPoolSpec + primaryAgentPoolProfiles: systemPoolsConfig dnsPrefix: dnsPrefix agentPools: agentPoolsConfig enableTelemetry: enableTelemetry diff --git a/avm/ptn/azd/aks/main.json b/avm/ptn/azd/aks/main.json index bcd873c14d..4b3cf60a73 100644 --- a/avm/ptn/azd/aks/main.json +++ b/avm/ptn/azd/aks/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "8872877172389095214" + "templateHash": "10995240226253882039" }, "name": "Azd AKS", "description": "Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool as well as an additional user agent pool.\n\n**Note:** This module is not intended for broad, generic use, as it was designed to cater for the requirements of the AZD CLI product. Feature requests and bug fix requests are welcome if they support the development of the AZD CLI but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case.", @@ -595,14 +595,20 @@ }, "systemPoolConfig": { "type": "array", - "defaultValue": [], + "items": { + "$ref": "#/definitions/agentPoolType" + }, + "nullable": true, "metadata": { "description": "Optional. Custom configuration of system node pool." } }, "agentPoolConfig": { "type": "array", - "defaultValue": [], + "items": { + "$ref": "#/definitions/agentPoolType" + }, + "nullable": true, "metadata": { "description": "Optional. Custom configuration of user node pool." } @@ -691,9 +697,8 @@ } }, "variables": { - "systemPoolSpec": "[if(not(empty(parameters('systemPoolConfig'))), parameters('systemPoolConfig'), createArray(union(createObject('name', 'npsystem', 'mode', 'System'), variables('nodePoolBase'), variables('nodePoolPresets')[parameters('systemPoolSize')])))]", - "hasAgentPool": "[or(not(empty(parameters('agentPoolConfig'))), not(empty(parameters('agentPoolSize'))))]", - "agentPoolsConfig": "[if(and(variables('hasAgentPool'), not(empty(parameters('agentPoolConfig')))), parameters('agentPoolConfig'), if(empty(parameters('agentPoolSize')), createArray(), createArray(union(createObject('name', 'npuser', 'mode', 'User'), variables('nodePoolBase'), variables('nodePoolPresets')[parameters('agentPoolSize')]))))]", + "systemPoolsConfig": "[if(not(empty(parameters('systemPoolConfig'))), parameters('systemPoolConfig'), createArray(union(createObject('name', 'npsystem', 'mode', 'System'), variables('nodePoolBase'), variables('nodePoolPresets')[parameters('systemPoolSize')])))]", + "agentPoolsConfig": "[if(not(empty(parameters('agentPoolConfig'))), parameters('agentPoolConfig'), if(empty(parameters('agentPoolSize')), null(), createArray(union(createObject('name', 'npuser', 'mode', 'User'), variables('nodePoolBase'), variables('nodePoolPresets')[parameters('agentPoolSize')]))))]", "aksClusterAdminRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b')]", "acrPullRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')]", "nodePoolPresets": { @@ -712,9 +717,9 @@ "maxCount": 5, "enableAutoScaling": true, "availabilityZones": [ - "1", - "2", - "3" + 1, + 2, + 3 ] }, "HighSpec": { @@ -815,7 +820,7 @@ "appGatewayResourceId": { "value": "[parameters('appGatewayResourceId')]" }, - "monitoringWorkspaceId": { + "monitoringWorkspaceResourceId": { "value": "[parameters('monitoringWorkspaceResourceId')]" }, "publicNetworkAccess": { @@ -872,8 +877,8 @@ } ] }, - "primaryAgentPoolProfile": { - "value": "[variables('systemPoolSpec')]" + "primaryAgentPoolProfiles": { + "value": "[variables('systemPoolsConfig')]" }, "dnsPrefix": { "value": "[parameters('dnsPrefix')]" @@ -903,7 +908,7 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "2657303292894801113" + "templateHash": "9290728353306822069" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", @@ -911,310 +916,308 @@ }, "definitions": { "agentPoolType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Required. The name of the agent pool." - } - }, - "availabilityZones": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The availability zones of the agent pool." - } - }, - "count": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "sourceResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The source resource ID to create the agent pool from." - } - }, - "enableAutoScaling": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable auto-scaling for the agent pool." - } - }, - "enableEncryptionAtHost": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable encryption at host for the agent pool." - } - }, - "enableFIPS": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable FIPS for the agent pool." - } - }, - "enableNodePublicIP": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable node public IP for the agent pool." - } - }, - "enableUltraSSD": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable Ultra SSD for the agent pool." - } - }, - "gpuInstanceProfile": { - "type": "string", - "allowedValues": [ - "MIG1g", - "MIG2g", - "MIG3g", - "MIG4g", - "MIG7g" - ], - "nullable": true, - "metadata": { - "description": "Optional. The GPU instance profile of the agent pool." - } - }, - "kubeletDiskType": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The kubelet disk type of the agent pool." - } - }, - "maxCount": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "minCount": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "maxPods": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of pods that can run on a node." - } - }, - "minPods": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The minimum number of pods that can run on a node." - } - }, - "mode": { - "type": "string", - "allowedValues": [ - "System", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The mode of the agent pool." - } - }, - "nodeLabels": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. The node labels of the agent pool." - } - }, - "nodePublicIpPrefixId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The node public IP prefix ID of the agent pool." - } - }, - "nodeTaints": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The node taints of the agent pool." - } - }, - "orchestratorVersion": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Kubernetes version of the agent pool." - } - }, - "osDiskSizeGB": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The OS disk size in GB of the agent pool." - } - }, - "osDiskType": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The OS disk type of the agent pool." - } - }, - "osSku": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The OS SKU of the agent pool." - } - }, - "osType": { - "type": "string", - "allowedValues": [ - "Linux", - "Windows" - ], - "nullable": true, - "metadata": { - "description": "Optional. The OS type of the agent pool." - } - }, - "podSubnetId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The pod subnet ID of the agent pool." - } - }, - "proximityPlacementGroupResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The proximity placement group resource ID of the agent pool." - } - }, - "scaleDownMode": { - "type": "string", - "allowedValues": [ - "Deallocate", - "Delete" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale down mode of the agent pool." - } - }, - "scaleSetEvictionPolicy": { - "type": "string", - "allowedValues": [ - "Deallocate", - "Delete" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale set eviction policy of the agent pool." - } - }, - "scaleSetPriority": { - "type": "string", - "allowedValues": [ - "Low", - "Regular", - "Spot" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale set priority of the agent pool." - } - }, - "spotMaxPrice": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The spot max price of the agent pool." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. The tags of the agent pool." - } - }, - "type": { - "type": "string", - "allowedValues": [ - "AvailabilitySet", - "VirtualMachineScaleSets" - ], - "nullable": true, - "metadata": { - "description": "Optional. The type of the agent pool." - } - }, - "maxSurge": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of nodes that can be created during an upgrade." - } - }, - "vmSize": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The VM size of the agent pool." - } - }, - "vnetSubnetID": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The VNet subnet ID of the agent pool." - } + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the agent pool." + } + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "int" }, - "workloadRuntime": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The workload runtime of the agent pool." - } + "nullable": true, + "metadata": { + "description": "Optional. The availability zones of the agent pool." + } + }, + "count": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "sourceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The source resource ID to create the agent pool from." + } + }, + "enableAutoScaling": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable auto-scaling for the agent pool." + } + }, + "enableEncryptionAtHost": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable encryption at host for the agent pool." + } + }, + "enableFIPS": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable FIPS for the agent pool." + } + }, + "enableNodePublicIP": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable node public IP for the agent pool." + } + }, + "enableUltraSSD": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable Ultra SSD for the agent pool." + } + }, + "gpuInstanceProfile": { + "type": "string", + "allowedValues": [ + "MIG1g", + "MIG2g", + "MIG3g", + "MIG4g", + "MIG7g" + ], + "nullable": true, + "metadata": { + "description": "Optional. The GPU instance profile of the agent pool." + } + }, + "kubeletDiskType": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The kubelet disk type of the agent pool." + } + }, + "maxCount": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "minCount": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "maxPods": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of pods that can run on a node." + } + }, + "minPods": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The minimum number of pods that can run on a node." + } + }, + "mode": { + "type": "string", + "allowedValues": [ + "System", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The mode of the agent pool." + } + }, + "nodeLabels": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The node labels of the agent pool." + } + }, + "nodePublicIpPrefixResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The node public IP prefix ID of the agent pool." + } + }, + "nodeTaints": { + "type": "array", + "items": { + "type": "string" }, - "enableDefaultTelemetry": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. The enable default telemetry of the agent pool." - } + "nullable": true, + "metadata": { + "description": "Optional. The node taints of the agent pool." + } + }, + "orchestratorVersion": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Kubernetes version of the agent pool." + } + }, + "osDiskSizeGB": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The OS disk size in GB of the agent pool." + } + }, + "osDiskType": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The OS disk type of the agent pool." + } + }, + "osSku": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The OS SKU of the agent pool." + } + }, + "osType": { + "type": "string", + "allowedValues": [ + "Linux", + "Windows" + ], + "nullable": true, + "metadata": { + "description": "Optional. The OS type of the agent pool." + } + }, + "podSubnetResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The pod subnet ID of the agent pool." + } + }, + "proximityPlacementGroupResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The proximity placement group resource ID of the agent pool." + } + }, + "scaleDownMode": { + "type": "string", + "allowedValues": [ + "Deallocate", + "Delete" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale down mode of the agent pool." + } + }, + "scaleSetEvictionPolicy": { + "type": "string", + "allowedValues": [ + "Deallocate", + "Delete" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale set eviction policy of the agent pool." + } + }, + "scaleSetPriority": { + "type": "string", + "allowedValues": [ + "Low", + "Regular", + "Spot" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale set priority of the agent pool." + } + }, + "spotMaxPrice": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The spot max price of the agent pool." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The tags of the agent pool." + } + }, + "type": { + "type": "string", + "allowedValues": [ + "AvailabilitySet", + "VirtualMachineScaleSets" + ], + "nullable": true, + "metadata": { + "description": "Optional. The type of the agent pool." + } + }, + "maxSurge": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of nodes that can be created during an upgrade." + } + }, + "vmSize": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The VM size of the agent pool." + } + }, + "vnetSubnetResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The VNet subnet ID of the agent pool." + } + }, + "workloadRuntime": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The workload runtime of the agent pool." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. The enable default telemetry of the agent pool." } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "managedIdentitiesType": { "type": "object", @@ -1237,7 +1240,9 @@ } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "lockType": { "type": "object", @@ -1262,7 +1267,10 @@ } } }, - "nullable": true + "nullable": true, + "metadata": { + "__bicep_export!": true + } }, "roleAssignmentType": { "type": "array", @@ -1335,7 +1343,10 @@ } } }, - "nullable": true + "nullable": true, + "metadata": { + "__bicep_export!": true + } }, "diagnosticSettingType": { "type": "array", @@ -1455,7 +1466,10 @@ } } }, - "nullable": true + "nullable": true, + "metadata": { + "__bicep_export!": true + } }, "fluxConfigurationProtectedSettingsType": { "type": "object", @@ -1468,7 +1482,9 @@ } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "extensionType": { "type": "object", @@ -1530,7 +1546,9 @@ } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "customerManagedKeyType": { "type": "object", @@ -1565,32 +1583,33 @@ } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "maintenanceConfigurationType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "allowedValues": [ - "aksManagedAutoUpgradeSchedule", - "aksManagedNodeOSUpgradeSchedule" - ], - "metadata": { - "description": "Required. Name of maintenance window." - } - }, - "maintenanceWindow": { - "type": "object", - "metadata": { - "description": "Required. Maintenance window for the maintenance configuration." - } + "type": "object", + "properties": { + "name": { + "type": "string", + "allowedValues": [ + "aksManagedAutoUpgradeSchedule", + "aksManagedNodeOSUpgradeSchedule" + ], + "metadata": { + "description": "Required. Name of maintenance window." + } + }, + "maintenanceWindow": { + "type": "object", + "metadata": { + "description": "Required. Maintenance window for the maintenance configuration." } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } } }, "parameters": { @@ -1616,6 +1635,7 @@ }, "managedIdentities": { "$ref": "#/definitions/managedIdentitiesType", + "nullable": true, "metadata": { "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." } @@ -1796,6 +1816,9 @@ }, "aadProfileAdminGroupObjectIDs": { "type": "array", + "items": { + "type": "string" + }, "nullable": true, "metadata": { "description": "Optional. Specifies the AAD group object IDs that will have admin role of the cluster." @@ -1824,7 +1847,7 @@ }, "disableLocalAccounts": { "type": "bool", - "defaultValue": false, + "defaultValue": true, "metadata": { "description": "Optional. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled." } @@ -1838,6 +1861,9 @@ }, "authorizedIPRanges": { "type": "array", + "items": { + "type": "string" + }, "nullable": true, "metadata": { "description": "Optional. IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer." @@ -1883,22 +1909,33 @@ "description": "Optional. Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone." } }, - "primaryAgentPoolProfile": { + "primaryAgentPoolProfiles": { "type": "array", + "items": { + "$ref": "#/definitions/agentPoolType" + }, "metadata": { "description": "Required. Properties of the primary agent pool." } }, "agentPools": { - "$ref": "#/definitions/agentPoolType", + "type": "array", + "items": { + "$ref": "#/definitions/agentPoolType" + }, + "nullable": true, "metadata": { "description": "Optional. Define one or more secondary/additional agent pools." } }, "maintenanceConfigurations": { - "$ref": "#/definitions/maintenanceConfigurationType", + "type": "array", + "items": { + "$ref": "#/definitions/maintenanceConfigurationType" + }, + "nullable": true, "metadata": { - "description": "Optional. Maintenance Window for Cluster auto upgrade and node OS upgrade." + "description": "Optional. Whether or not to use AKS Automatic mode." } }, "costAnalysisEnabled": { @@ -2049,8 +2086,8 @@ } }, "autoScalerProfileMaxGracefulTerminationSec": { - "type": "string", - "defaultValue": "600", + "type": "int", + "defaultValue": 600, "metadata": { "description": "Optional. Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster." } @@ -2076,8 +2113,8 @@ } }, "autoScalerProfileMaxEmptyBulkDelete": { - "type": "string", - "defaultValue": "10", + "type": "int", + "defaultValue": 10, "metadata": { "description": "Optional. Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster." } @@ -2090,8 +2127,8 @@ } }, "autoScalerProfileMaxTotalUnreadyPercentage": { - "type": "string", - "defaultValue": "45", + "type": "int", + "defaultValue": 45, "metadata": { "description": "Optional. Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0." } @@ -2104,8 +2141,8 @@ } }, "autoScalerProfileOkTotalUnreadyCount": { - "type": "string", - "defaultValue": "3", + "type": "int", + "defaultValue": 3, "metadata": { "description": "Optional. Specifies the OK total unready count for the auto-scaler of the AKS cluster." } @@ -2274,7 +2311,7 @@ "description": "Optional. Specifies whether the OMS agent is enabled." } }, - "monitoringWorkspaceId": { + "monitoringWorkspaceResourceId": { "type": "string", "nullable": true, "metadata": { @@ -2316,6 +2353,7 @@ }, "fluxExtension": { "$ref": "#/definitions/extensionType", + "nullable": true, "metadata": { "description": "Optional. Settings and configurations for the flux extension." } @@ -2350,6 +2388,7 @@ }, "customerManagedKey": { "$ref": "#/definitions/customerManagedKeyType", + "nullable": true, "metadata": { "description": "Optional. The customer managed key definition." } @@ -2453,7 +2492,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.containerservice-managedcluster.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.containerservice-managedcluster.{0}.{1}', replace('0.4.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2490,12 +2529,12 @@ "tier": "[parameters('skuTier')]" }, "properties": { + "agentPoolProfiles": "[map(parameters('primaryAgentPoolProfiles'), lambda('profile', createObject('name', lambdaVariables('profile').name, 'count', coalesce(lambdaVariables('profile').count, 1), 'availabilityZones', map(coalesce(tryGet(lambdaVariables('profile'), 'availabilityZones'), createArray(1, 2, 3)), lambda('zone', format('{0}', lambdaVariables('zone')))), 'creationData', if(not(empty(tryGet(lambdaVariables('profile'), 'sourceResourceId'))), createObject('sourceResourceId', lambdaVariables('profile').sourceResourceId), null()), 'enableAutoScaling', coalesce(tryGet(lambdaVariables('profile'), 'enableAutoScaling'), false()), 'enableEncryptionAtHost', coalesce(tryGet(lambdaVariables('profile'), 'enableEncryptionAtHost'), false()), 'enableFIPS', coalesce(tryGet(lambdaVariables('profile'), 'enableFIPS'), false()), 'enableNodePublicIP', coalesce(tryGet(lambdaVariables('profile'), 'enableNodePublicIP'), false()), 'enableUltraSSD', coalesce(tryGet(lambdaVariables('profile'), 'enableUltraSSD'), false()), 'gpuInstanceProfile', tryGet(lambdaVariables('profile'), 'gpuInstanceProfile'), 'kubeletDiskType', tryGet(lambdaVariables('profile'), 'kubeletDiskType'), 'maxCount', tryGet(lambdaVariables('profile'), 'maxCount'), 'maxPods', tryGet(lambdaVariables('profile'), 'maxPods'), 'minCount', tryGet(lambdaVariables('profile'), 'minCount'), 'mode', tryGet(lambdaVariables('profile'), 'mode'), 'nodeLabels', tryGet(lambdaVariables('profile'), 'nodeLabels'), 'nodePublicIPPrefixID', tryGet(lambdaVariables('profile'), 'nodePublicIpPrefixResourceId'), 'nodeTaints', tryGet(lambdaVariables('profile'), 'nodeTaints'), 'orchestratorVersion', tryGet(lambdaVariables('profile'), 'orchestratorVersion'), 'osDiskSizeGB', tryGet(lambdaVariables('profile'), 'osDiskSizeGB'), 'osDiskType', tryGet(lambdaVariables('profile'), 'osDiskType'), 'osType', coalesce(tryGet(lambdaVariables('profile'), 'osType'), 'Linux'), 'podSubnetID', tryGet(lambdaVariables('profile'), 'podSubnetResourceId'), 'proximityPlacementGroupID', tryGet(lambdaVariables('profile'), 'proximityPlacementGroupResourceId'), 'scaleDownMode', coalesce(tryGet(lambdaVariables('profile'), 'scaleDownMode'), 'Delete'), 'scaleSetEvictionPolicy', coalesce(tryGet(lambdaVariables('profile'), 'scaleSetEvictionPolicy'), 'Delete'), 'scaleSetPriority', tryGet(lambdaVariables('profile'), 'scaleSetPriority'), 'spotMaxPrice', tryGet(lambdaVariables('profile'), 'spotMaxPrice'), 'tags', tryGet(lambdaVariables('profile'), 'tags'), 'type', tryGet(lambdaVariables('profile'), 'type'), 'upgradeSettings', createObject('maxSurge', tryGet(lambdaVariables('profile'), 'maxSurge')), 'vmSize', coalesce(tryGet(lambdaVariables('profile'), 'vmSize'), 'Standard_D2s_v3'), 'vnetSubnetID', tryGet(lambdaVariables('profile'), 'vnetSubnetResourceId'), 'workloadRuntime', tryGet(lambdaVariables('profile'), 'workloadRuntime'))))]", "httpProxyConfig": "[parameters('httpProxyConfig')]", "identityProfile": "[parameters('identityProfile')]", "diskEncryptionSetID": "[parameters('diskEncryptionSetResourceId')]", "kubernetesVersion": "[parameters('kubernetesVersion')]", "dnsPrefix": "[parameters('dnsPrefix')]", - "agentPoolProfiles": "[parameters('primaryAgentPoolProfile')]", "linuxProfile": "[if(not(empty(parameters('sshPublicKey'))), createObject('adminUsername', parameters('adminUsername'), 'ssh', createObject('publicKeys', createArray(createObject('keyData', coalesce(parameters('sshPublicKey'), ''))))), null())]", "servicePrincipalProfile": "[parameters('aksServicePrincipalProfile')]", "metricsProfile": { @@ -2518,8 +2557,8 @@ "config": "[if(and(parameters('ingressApplicationGatewayEnabled'), not(empty(parameters('appGatewayResourceId')))), createObject('applicationGatewayId', parameters('appGatewayResourceId'), 'effectiveApplicationGatewayId', parameters('appGatewayResourceId')), null())]" }, "omsagent": { - "enabled": "[and(parameters('omsAgentEnabled'), not(empty(parameters('monitoringWorkspaceId'))))]", - "config": "[if(and(parameters('omsAgentEnabled'), not(empty(parameters('monitoringWorkspaceId')))), createObject('logAnalyticsWorkspaceResourceID', parameters('monitoringWorkspaceId')), null())]" + "enabled": "[and(parameters('omsAgentEnabled'), not(empty(parameters('monitoringWorkspaceResourceId'))))]", + "config": "[if(and(parameters('omsAgentEnabled'), not(empty(parameters('monitoringWorkspaceResourceId')))), createObject('logAnalyticsWorkspaceResourceID', parameters('monitoringWorkspaceResourceId')), null())]" }, "aciConnectorLinux": { "enabled": "[parameters('aciConnectorLinuxEnabled')]" @@ -2582,12 +2621,12 @@ "autoScalerProfile": { "balance-similar-node-groups": "[toLower(string(parameters('autoScalerProfileBalanceSimilarNodeGroups')))]", "expander": "[parameters('autoScalerProfileExpander')]", - "max-empty-bulk-delete": "[parameters('autoScalerProfileMaxEmptyBulkDelete')]", - "max-graceful-termination-sec": "[parameters('autoScalerProfileMaxGracefulTerminationSec')]", + "max-empty-bulk-delete": "[format('{0}', parameters('autoScalerProfileMaxEmptyBulkDelete'))]", + "max-graceful-termination-sec": "[format('{0}', parameters('autoScalerProfileMaxGracefulTerminationSec'))]", "max-node-provision-time": "[parameters('autoScalerProfileMaxNodeProvisionTime')]", - "max-total-unready-percentage": "[parameters('autoScalerProfileMaxTotalUnreadyPercentage')]", + "max-total-unready-percentage": "[format('{0}', parameters('autoScalerProfileMaxTotalUnreadyPercentage'))]", "new-pod-scale-up-delay": "[parameters('autoScalerProfileNewPodScaleUpDelay')]", - "ok-total-unready-count": "[parameters('autoScalerProfileOkTotalUnreadyCount')]", + "ok-total-unready-count": "[format('{0}', parameters('autoScalerProfileOkTotalUnreadyCount'))]", "scale-down-delay-after-add": "[parameters('autoScalerProfileScaleDownDelayAfterAdd')]", "scale-down-delay-after-delete": "[parameters('autoScalerProfileScaleDownDelayAfterDelete')]", "scale-down-delay-after-failure": "[parameters('autoScalerProfileScaleDownDelayAfterFailure')]", @@ -2610,7 +2649,7 @@ "privateDNSZone": "[parameters('privateDNSZone')]" }, "azureMonitorProfile": { - "containerInsights": "[if(parameters('enableContainerInsights'), createObject('enabled', parameters('enableContainerInsights'), 'logAnalyticsWorkspaceResourceId', if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), null()), 'disableCustomMetrics', parameters('disableCustomMetrics'), 'disablePrometheusMetricsScraping', parameters('disablePrometheusMetricsScraping'), 'syslogPort', parameters('syslogPort')), null())]", + "containerInsights": "[if(parameters('enableContainerInsights'), createObject('enabled', parameters('enableContainerInsights'), 'logAnalyticsWorkspaceResourceId', if(not(empty(parameters('monitoringWorkspaceResourceId'))), parameters('monitoringWorkspaceResourceId'), null()), 'disableCustomMetrics', parameters('disableCustomMetrics'), 'disablePrometheusMetricsScraping', parameters('disablePrometheusMetricsScraping'), 'syslogPort', parameters('syslogPort')), null())]", "metrics": "[if(parameters('enableAzureMonitorProfileMetrics'), createObject('enabled', parameters('enableAzureMonitorProfileMetrics'), 'kubeStateMetrics', createObject('metricLabelsAllowlist', parameters('metricLabelsAllowlist'), 'metricAnnotationsAllowList', parameters('metricAnnotationsAllowList'))), null())]" }, "podIdentityProfile": { @@ -2620,7 +2659,7 @@ "userAssignedIdentityExceptions": "[parameters('podIdentityProfileUserAssignedIdentityExceptions')]" }, "securityProfile": { - "defender": "[if(parameters('enableAzureDefender'), createObject('securityMonitoring', createObject('enabled', parameters('enableAzureDefender')), 'logAnalyticsWorkspaceResourceId', parameters('monitoringWorkspaceId')), null())]", + "defender": "[if(parameters('enableAzureDefender'), createObject('securityMonitoring', createObject('enabled', parameters('enableAzureDefender')), 'logAnalyticsWorkspaceResourceId', parameters('monitoringWorkspaceResourceId')), null())]", "workloadIdentity": "[if(parameters('enableWorkloadIdentity'), createObject('enabled', parameters('enableWorkloadIdentity')), null())]", "imageCleaner": "[if(parameters('enableImageCleaner'), createObject('enabled', parameters('enableImageCleaner'), 'intervalHours', parameters('imageCleanerIntervalHours')), null())]" }, @@ -2746,10 +2785,9 @@ "name": "managedCluster_maintenanceConfigurations", "count": "[length(coalesce(parameters('maintenanceConfigurations'), createArray()))]" }, - "condition": "[not(empty(coalesce(parameters('maintenanceConfigurations'), createArray())[copyIndex()]))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-ManagedCluster-MaintenanceConfigurations-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-ManagedCluster-MaintenanceConfiguration-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2904,8 +2942,8 @@ "nodeLabels": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'nodeLabels')]" }, - "nodePublicIpPrefixId": { - "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'nodePublicIpPrefixId')]" + "nodePublicIpPrefixResourceId": { + "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'nodePublicIpPrefixResourceId')]" }, "nodeTaints": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'nodeTaints')]" @@ -2925,8 +2963,8 @@ "osType": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'osType')]" }, - "podSubnetId": { - "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'podSubnetId')]" + "podSubnetResourceId": { + "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'podSubnetResourceId')]" }, "proximityPlacementGroupResourceId": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'proximityPlacementGroupResourceId')]" @@ -2955,8 +2993,8 @@ "vmSize": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'vmSize')]" }, - "vnetSubnetId": { - "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'vnetSubnetId')]" + "vnetSubnetResourceId": { + "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'vnetSubnetResourceId')]" }, "workloadRuntime": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'workloadRuntime')]" @@ -2970,7 +3008,7 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "4315564225725874539" + "templateHash": "13856766172443517827" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.", @@ -2991,7 +3029,14 @@ }, "availabilityZones": { "type": "array", - "nullable": true, + "items": { + "type": "int" + }, + "defaultValue": [ + 1, + 2, + 3 + ], "metadata": { "description": "Optional. The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is \"VirtualMachineScaleSets\"." } @@ -3103,7 +3148,7 @@ "description": "Optional. The node labels to be persisted across all nodes in agent pool." } }, - "nodePublicIpPrefixId": { + "nodePublicIpPrefixResourceId": { "type": "string", "nullable": true, "metadata": { @@ -3167,11 +3212,11 @@ "description": "Optional. The operating system type. The default is Linux." } }, - "podSubnetId": { + "podSubnetResourceId": { "type": "string", "nullable": true, "metadata": { - "description": "Optional. Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}." + "description": "Optional. Subnet resource ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}." } }, "proximityPlacementGroupResourceId": { @@ -3249,7 +3294,7 @@ "description": "Optional. VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions." } }, - "vnetSubnetId": { + "vnetSubnetResourceId": { "type": "string", "nullable": true, "metadata": { @@ -3276,7 +3321,7 @@ "apiVersion": "2023-07-02-preview", "name": "[format('{0}/{1}', parameters('managedClusterName'), parameters('name'))]", "properties": { - "availabilityZones": "[parameters('availabilityZones')]", + "availabilityZones": "[map(coalesce(parameters('availabilityZones'), createArray()), lambda('zone', format('{0}', lambdaVariables('zone'))))]", "count": "[parameters('count')]", "creationData": "[if(not(empty(parameters('sourceResourceId'))), createObject('sourceResourceId', parameters('sourceResourceId')), null())]", "enableAutoScaling": "[parameters('enableAutoScaling')]", @@ -3291,14 +3336,14 @@ "minCount": "[parameters('minCount')]", "mode": "[parameters('mode')]", "nodeLabels": "[parameters('nodeLabels')]", - "nodePublicIPPrefixID": "[parameters('nodePublicIpPrefixId')]", + "nodePublicIPPrefixID": "[parameters('nodePublicIpPrefixResourceId')]", "nodeTaints": "[parameters('nodeTaints')]", "orchestratorVersion": "[parameters('orchestratorVersion')]", "osDiskSizeGB": "[parameters('osDiskSizeGB')]", "osDiskType": "[parameters('osDiskType')]", "osSKU": "[parameters('osSku')]", "osType": "[parameters('osType')]", - "podSubnetID": "[parameters('podSubnetId')]", + "podSubnetID": "[parameters('podSubnetResourceId')]", "proximityPlacementGroupID": "[parameters('proximityPlacementGroupResourceId')]", "scaleDownMode": "[parameters('scaleDownMode')]", "scaleSetEvictionPolicy": "[parameters('scaleSetEvictionPolicy')]", @@ -3310,7 +3355,7 @@ "maxSurge": "[parameters('maxSurge')]" }, "vmSize": "[parameters('vmSize')]", - "vnetSubnetID": "[parameters('vnetSubnetId')]", + "vnetSubnetID": "[parameters('vnetSubnetResourceId')]", "workloadRuntime": "[parameters('workloadRuntime')]" }, "dependsOn": [ diff --git a/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep b/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep index cb0f03d700..baf7bef490 100644 --- a/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep +++ b/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep @@ -80,7 +80,7 @@ module testDeployment '../../../main.bicep' = [ maxPods: 30 type: 'VirtualMachineScaleSets' maxSurge: '33%' - vmSize: 'standard_a2' + vmSize: 'Standard_DS2_v2' } ] agentPoolSize: 'Standard' @@ -94,9 +94,9 @@ module testDeployment '../../../main.bicep' = [ maxCount: 5 enableAutoScaling: true availabilityZones: [ - '1' - '2' - '3' + 1 + 2 + 3 ] } ]