diff --git a/azure_jumpstart_ag/contoso_hypermarket/bicep/clientVm/clientVm.bicep b/azure_jumpstart_ag/contoso_hypermarket/bicep/clientVm/clientVm.bicep index 42cfd50d2a..99660fed5e 100644 --- a/azure_jumpstart_ag/contoso_hypermarket/bicep/clientVm/clientVm.bicep +++ b/azure_jumpstart_ag/contoso_hypermarket/bicep/clientVm/clientVm.bicep @@ -124,7 +124,7 @@ resource publicIpAddress 'Microsoft.Network/publicIpAddresses@2023-02-01' = if ( idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' } } diff --git a/azure_jumpstart_ag/contoso_hypermarket/bicep/kubernetes/ubuntuRancher.bicep b/azure_jumpstart_ag/contoso_hypermarket/bicep/kubernetes/ubuntuRancher.bicep index a3f084e75b..04590983cf 100644 --- a/azure_jumpstart_ag/contoso_hypermarket/bicep/kubernetes/ubuntuRancher.bicep +++ b/azure_jumpstart_ag/contoso_hypermarket/bicep/kubernetes/ubuntuRancher.bicep @@ -56,7 +56,7 @@ resource publicIpAddresses 'Microsoft.Network/publicIpAddresses@2022-01-01' = [f idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' } }] diff --git a/azure_jumpstart_ag/contoso_hypermarket/bicep/main.bicep b/azure_jumpstart_ag/contoso_hypermarket/bicep/main.bicep index cfafcf0342..e8fcab8ea9 100644 --- a/azure_jumpstart_ag/contoso_hypermarket/bicep/main.bicep +++ b/azure_jumpstart_ag/contoso_hypermarket/bicep/main.bicep @@ -93,6 +93,9 @@ param azureOpenAIModel object = { apiVersion: '2024-08-01-preview' } +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway-${namingGuid}' + // @description('Option to deploy GPU-enabled nodes for the K3s Worker nodes.') // param deployGPUNodes bool = false @@ -131,6 +134,7 @@ module networkDeployment 'mgmt/network.bicep' = { subnetNameCloud: subnetNameCloud deployBastion: deployBastion location: location + natGatewayName: natGatewayName } } diff --git a/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep b/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep index d1b68a748d..34cf5a910e 100644 --- a/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep +++ b/azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep @@ -24,6 +24,9 @@ param networkSecurityGroupNameCloud string = 'Ag-NSG-Prod' @description('Name of the Bastion Network Security Group') param bastionNetworkSecurityGroupName string = 'Ag-NSG-Bastion' +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway' + var addressPrefixCloud = '10.16.0.0/16' var subnetAddressPrefixK3s = '10.16.80.0/21' var subnetAddressPrefixCloud = '10.16.64.0/21' @@ -58,6 +61,10 @@ var cloudK3sSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: { + id: natGateway.id + } + defaultOutboundAccess: false } } ] @@ -72,11 +79,17 @@ var cloudSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: deployBastion + ? { + id: natGateway.id + } + : null + defaultOutboundAccess: false } } ] -resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = { +resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: virtualNetworkNameCloud location: location tags: resourceTags @@ -106,6 +119,35 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2023-02-01' = if ( } } +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = { + name: '${natGatewayName}-PIP' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } +} + +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = { + name: natGatewayName + location: location + sku: { + name: 'Standard' + } + properties: { + publicIpAddresses: [ + { + id: natGatewayPublicIp.id + } + ] + idleTimeoutInMinutes: 4 + } +} + resource networkSecurityGroupCloud 'Microsoft.Network/networkSecurityGroups@2023-02-01' = { name: networkSecurityGroupNameCloud location: location @@ -385,41 +427,44 @@ resource bastionHost 'Microsoft.Network/bastionHosts@2023-02-01' = if (deployBas } } -resource loadBalancerPip 'Microsoft.Network/publicIPAddresses@2024-01-01' = [for (site, i) in sites: { - name: 'Ag-LB-Public-IP-${site}' - location: location - properties: { - publicIPAllocationMethod: 'Static' - publicIPAddressVersion: 'IPv4' - idleTimeoutInMinutes: 4 - } - sku: { - name: 'Standard' +resource loadBalancerPip 'Microsoft.Network/publicIPAddresses@2024-01-01' = [ + for (site, i) in sites: { + name: 'Ag-LB-Public-IP-${site}' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } } -}] +] -resource loadBalancer 'Microsoft.Network/loadBalancers@2024-01-01' = [for (site, i) in sites: { - name: 'Ag-LoadBalancer-${site}' - location: location - sku: { - name: 'Standard' - } - properties: { - frontendIPConfigurations: [ - { - name: 'Ag-LB-Frontend-${site}' - properties: { - publicIPAddress: { - id: loadBalancerPip[i].id +resource loadBalancer 'Microsoft.Network/loadBalancers@2024-01-01' = [ + for (site, i) in sites: { + name: 'Ag-LoadBalancer-${site}' + location: location + sku: { + name: 'Standard' + } + properties: { + frontendIPConfigurations: [ + { + name: 'Ag-LB-Frontend-${site}' + properties: { + publicIPAddress: { + id: loadBalancerPip[i].id + } } } - } - ] + ] + } } -}] - +] output vnetId string = cloudVirtualNetwork.id output k3sSubnetId string = cloudVirtualNetwork.properties.subnets[0].id output cloudSubnetId string = cloudVirtualNetwork.properties.subnets[1].id -output virtualNetworkNameCloud string = cloudVirtualNetwork.name \ No newline at end of file +output virtualNetworkNameCloud string = cloudVirtualNetwork.name diff --git a/azure_jumpstart_ag/contoso_motors/bicep/clientVm/clientVm.bicep b/azure_jumpstart_ag/contoso_motors/bicep/clientVm/clientVm.bicep index 08727ff682..b948c2861f 100644 --- a/azure_jumpstart_ag/contoso_motors/bicep/clientVm/clientVm.bicep +++ b/azure_jumpstart_ag/contoso_motors/bicep/clientVm/clientVm.bicep @@ -120,7 +120,7 @@ resource publicIpAddress 'Microsoft.Network/publicIpAddresses@2023-02-01' = if ( idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' } } diff --git a/azure_jumpstart_ag/contoso_motors/bicep/main.bicep b/azure_jumpstart_ag/contoso_motors/bicep/main.bicep index 16636b8cb6..9a019f4850 100644 --- a/azure_jumpstart_ag/contoso_motors/bicep/main.bicep +++ b/azure_jumpstart_ag/contoso_motors/bicep/main.bicep @@ -100,6 +100,9 @@ param scenario string = 'contoso_motors' @secure() param influxDBPassword string = windowsAdminPassword +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway-${namingGuid}' + @description('The sku name of the K3s cluster worker nodes.') @allowed([ 'Standard_D8s_v5' @@ -135,9 +138,10 @@ module networkDeployment 'mgmt/network.bicep' = { params: { virtualNetworkNameCloud: virtualNetworkNameCloud subnetNameCloudK3s: subnetNameCloudK3s - subnetNameCloud: subnetNameCloud + subnetNameCloud: subnetNameCloud deployBastion: deployBastion location: location + natGatewayName: natGatewayName } } @@ -225,7 +229,7 @@ module clientVmDeployment 'clientVm/clientVm.bicep' = { dependsOn: [ ubuntuRancherK3sNodesDeployment ubuntuRancherK3sDataSvcNodesDeployment - ] + ] params: { windowsAdminUsername: windowsAdminUsername windowsAdminPassword: windowsAdminPassword diff --git a/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep b/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep index 7712cc6fc6..190cb2384c 100644 --- a/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep +++ b/azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep @@ -7,7 +7,6 @@ param subnetNameCloudK3s string @description('Name of the inner-loop subnet in the cloud virtual network') param subnetNameCloud string - @description('Azure Region to deploy the Log Analytics Workspace') param location string = resourceGroup().location @@ -25,6 +24,9 @@ param networkSecurityGroupNameCloud string = 'Ag-NSG-Prod' @description('Name of the Bastion Network Security Group') param bastionNetworkSecurityGroupName string = 'Ag-NSG-Bastion' +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway' + var addressPrefixCloud = '10.16.0.0/16' var subnetAddressPrefixK3s = '10.16.80.0/21' var subnetAddressPrefixCloud = '10.16.64.0/21' @@ -34,7 +36,6 @@ var bastionSubnetRef = '${cloudVirtualNetwork.id}/subnets/${bastionSubnetName}' var bastionName = 'Ag-Bastion' var bastionPublicIpAddressName = '${bastionName}-PIP' - var bastionSubnet = [ { name: 'AzureBastionSubnet' @@ -56,6 +57,10 @@ var cloudK3sSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: { + id: natGateway.id + } + defaultOutboundAccess: false } } ] @@ -70,11 +75,17 @@ var cloudSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: deployBastion + ? { + id: natGateway.id + } + : null + defaultOutboundAccess: false } } ] -resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = { +resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: virtualNetworkNameCloud location: location tags: resourceTags @@ -85,8 +96,8 @@ resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = { ] } subnets: (deployBastion == false) - ? union(cloudK3sSubnet, cloudSubnet) - : union(cloudK3sSubnet, cloudSubnet, bastionSubnet) + ? union(cloudK3sSubnet, cloudSubnet) + : union(cloudK3sSubnet, cloudSubnet, bastionSubnet) //subnets: (deployBastion == false) ? union (cloudAKSDevSubnet,cloudAKSInnerLoopSubnet) : union(cloudAKSDevSubnet,cloudAKSInnerLoopSubnet,bastionSubnet) } } @@ -105,6 +116,35 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2023-02-01' = if ( } } +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = { + name: '${natGatewayName}-PIP' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } +} + +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = { + name: natGatewayName + location: location + sku: { + name: 'Standard' + } + properties: { + publicIpAddresses: [ + { + id: natGatewayPublicIp.id + } + ] + idleTimeoutInMinutes: 4 + } +} + resource networkSecurityGroupCloud 'Microsoft.Network/networkSecurityGroups@2023-02-01' = { name: networkSecurityGroupNameCloud location: location diff --git a/azure_jumpstart_ag/contoso_supermarket/bicep/clientVm/clientVm.bicep b/azure_jumpstart_ag/contoso_supermarket/bicep/clientVm/clientVm.bicep index 91bc966730..2d7cc3d8ab 100644 --- a/azure_jumpstart_ag/contoso_supermarket/bicep/clientVm/clientVm.bicep +++ b/azure_jumpstart_ag/contoso_supermarket/bicep/clientVm/clientVm.bicep @@ -129,7 +129,7 @@ resource publicIpAddress 'Microsoft.Network/publicIpAddresses@2023-02-01' = if ( idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' } } diff --git a/azure_jumpstart_ag/contoso_supermarket/bicep/main.bicep b/azure_jumpstart_ag/contoso_supermarket/bicep/main.bicep index 9fe619c3b0..d317730dc0 100644 --- a/azure_jumpstart_ag/contoso_supermarket/bicep/main.bicep +++ b/azure_jumpstart_ag/contoso_supermarket/bicep/main.bicep @@ -83,6 +83,9 @@ param rdpPort string = '3389' @description('Enable automatic logon into Virtual Machine') param vmAutologon bool = true +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway-${namingGuid}' + @description('The agora scenario to be deployed') param scenario string = 'contoso_supermarket' @@ -112,6 +115,7 @@ module networkDeployment 'mgmt/network.bicep' = { subnetNameCloudAksInnerLoop: subnetNameCloudAksInnerLoop deployBastion: deployBastion location: location + natGatewayName: natGatewayName } } diff --git a/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep b/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep index 240c524d74..084415925b 100644 --- a/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep +++ b/azure_jumpstart_ag/contoso_supermarket/bicep/mgmt/network.bicep @@ -15,6 +15,9 @@ param resourceTags object = { Project: 'Jumpstart_Agora' } +@description('Name of the NAT Gateway') +param natGatewayName string = 'Ag-NatGateway' + @description('Choice to deploy Bastion to connect to the client VM') param deployBastion bool = false @@ -33,7 +36,6 @@ var bastionSubnetRef = '${cloudVirtualNetwork.id}/subnets/${bastionSubnetName}' var bastionName = 'Ag-Bastion' var bastionPublicIpAddressName = '${bastionName}-PIP' - var bastionSubnet = [ { name: 'AzureBastionSubnet' @@ -55,6 +57,10 @@ var cloudAKSDevSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: { + id: natGateway.id + } + defaultOutboundAccess: false } } ] @@ -69,11 +75,17 @@ var cloudAKSInnerLoopSubnet = [ networkSecurityGroup: { id: networkSecurityGroupCloud.id } + natGateway: deployBastion + ? { + id: natGateway.id + } + : null + defaultOutboundAccess: false } } ] -resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = { +resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: virtualNetworkNameCloud location: location tags: resourceTags @@ -83,7 +95,38 @@ resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = { addressPrefixCloud ] } - subnets: (deployBastion == false) ? union (cloudAKSDevSubnet,cloudAKSInnerLoopSubnet) : union(cloudAKSDevSubnet,cloudAKSInnerLoopSubnet,bastionSubnet) + subnets: (deployBastion == false) + ? union(cloudAKSDevSubnet, cloudAKSInnerLoopSubnet) + : union(cloudAKSDevSubnet, cloudAKSInnerLoopSubnet, bastionSubnet) + } +} + +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = { + name: '${natGatewayName}-PIP' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } +} + +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = { + name: natGatewayName + location: location + sku: { + name: 'Standard' + } + properties: { + publicIpAddresses: [ + { + id: natGatewayPublicIp.id + } + ] + idleTimeoutInMinutes: 4 } } diff --git a/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep b/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep index a04c243779..9df290fb8d 100644 --- a/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep +++ b/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep @@ -64,7 +64,7 @@ resource publicIpAddresses 'Microsoft.Network/publicIPAddresses@2024-05-01' = [f idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' } }] diff --git a/azure_jumpstart_arcbox/bicep/main.bicep b/azure_jumpstart_arcbox/bicep/main.bicep index 0df5f9c6f9..7591129b24 100644 --- a/azure_jumpstart_arcbox/bicep/main.bicep +++ b/azure_jumpstart_arcbox/bicep/main.bicep @@ -79,6 +79,9 @@ param resourceTags object = { Solution: 'jumpstart_arcbox_${toLower(flavor)}' } +@description('Name of the NAT Gateway') +param natGatewayName string = '${namingPrefix}-NatGateway' + @maxLength(7) @description('The naming prefix for the nested virtual machines and all Azure resources deployed. The maximum length for the naming prefix is 7 characters,example: `ArcBox-Win2k19`') param namingPrefix string = 'ArcBox' @@ -240,6 +243,7 @@ module mgmtArtifactsAndPolicyDeployment 'mgmt/mgmtArtifacts.bicep' = { namingPrefix: namingPrefix windowsAdminPassword: windowsAdminPassword registryPassword: registryPassword + natGatewayName: natGatewayName } } diff --git a/azure_jumpstart_arcbox/bicep/mgmt/addsVm.bicep b/azure_jumpstart_arcbox/bicep/mgmt/addsVm.bicep index 81a866af65..d4fbbd68b8 100644 --- a/azure_jumpstart_arcbox/bicep/mgmt/addsVm.bicep +++ b/azure_jumpstart_arcbox/bicep/mgmt/addsVm.bicep @@ -74,7 +74,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2024-05-01' = if ( idleTimeoutInMinutes: 4 } sku: { - name: 'Basic' + name: 'Standard' tier: 'Regional' } } diff --git a/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep b/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep index 6f81651e5d..ab4f75ec38 100644 --- a/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep +++ b/azure_jumpstart_arcbox/bicep/mgmt/mgmtArtifacts.bicep @@ -16,6 +16,9 @@ param drVirtualNetworkName string = '${namingPrefix}-DR-VNet' @description('Name of the DR subnet in the DR virtual network') param drSubnetName string = '${namingPrefix}-DR-Subnet' +@description('Name of the NAT Gateway') +param natGatewayName string = '${namingPrefix}-NatGateway' + @description('Name for your log analytics workspace') param workspaceName string @@ -89,6 +92,7 @@ var bastionSubnetRef = '${arcVirtualNetwork.id}/subnets/${bastionSubnetName}' var bastionName = '${namingPrefix}-Bastion' var bastionSubnetIpPrefix = '10.16.3.64/26' var bastionPublicIpAddressName = '${bastionName}-PIP' + var primarySubnet = [ { name: subnetName @@ -99,20 +103,26 @@ var primarySubnet = [ networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: { + id: natGateway.id + } + defaultOutboundAccess: false } } ] -var bastionSubnet = bastionSku != 'Developer' ? [ - { - name: 'AzureBastionSubnet' - properties: { - addressPrefix: bastionSubnetIpPrefix - networkSecurityGroup: { - id: bastionNetworkSecurityGroup.id +var bastionSubnet = bastionSku != 'Developer' + ? [ + { + name: 'AzureBastionSubnet' + properties: { + addressPrefix: bastionSubnetIpPrefix + networkSecurityGroup: { + id: bastionNetworkSecurityGroup.id + } + } } - } - } -] : [] + ] + : [] var dataOpsSubnets = [ { name: aksSubnetName @@ -123,6 +133,10 @@ var dataOpsSubnets = [ networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: { + id: natGateway.id + } + defaultOutboundAccess: false } } { @@ -134,11 +148,17 @@ var dataOpsSubnets = [ networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: deployBastion + ? { + id: natGateway.id + } + : null + defaultOutboundAccess: false } } ] -resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = { +resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: virtualNetworkName location: location dependsOn: [ @@ -153,11 +173,19 @@ resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = { dhcpOptions: { dnsServers: dnsServers } - subnets: (deployBastion == false && flavor != 'DataOps') ? primarySubnet : (deployBastion == false && flavor == 'DataOps') ? union(primarySubnet,dataOpsSubnets) : (deployBastion == true && flavor != 'DataOps') ? union(primarySubnet,bastionSubnet) : (deployBastion == true && flavor == 'DataOps') ? union(primarySubnet,bastionSubnet,dataOpsSubnets) : primarySubnet + subnets: (deployBastion == false && flavor != 'DataOps') + ? primarySubnet + : (deployBastion == false && flavor == 'DataOps') + ? union(primarySubnet, dataOpsSubnets) + : (deployBastion == true && flavor != 'DataOps') + ? union(primarySubnet, bastionSubnet) + : (deployBastion == true && flavor == 'DataOps') + ? union(primarySubnet, bastionSubnet, dataOpsSubnets) + : primarySubnet } } -resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = if (flavor == 'DataOps') { +resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = if (flavor == 'DataOps') { name: drVirtualNetworkName location: location dependsOn: [ @@ -180,13 +208,46 @@ resource drVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = if (f networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: { + id: natGateway.id + } + defaultOutboundAccess: false } } ] } } -resource virtualNetworkName_peering_to_DR_vnet 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-05-01' = if (flavor == 'DataOps') { +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = { + name: '${natGatewayName}-PIP' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } +} + +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = { + name: natGatewayName + location: location + sku: { + name: 'Standard' + } + properties: { + publicIpAddresses: [ + { + id: natGatewayPublicIp.id + } + ] + idleTimeoutInMinutes: 4 + } +} + +resource virtualNetworkName_peering_to_DR_vnet 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-07-01' = if (flavor == 'DataOps') { parent: arcVirtualNetwork name: 'peering-to-DR-vnet' dependsOn: [ @@ -203,7 +264,7 @@ resource virtualNetworkName_peering_to_DR_vnet 'Microsoft.Network/virtualNetwork } } -resource drVirtualNetworkName_peering_to_primary_vnet 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-05-01' = if (flavor == 'DataOps') { +resource drVirtualNetworkName_peering_to_primary_vnet 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-07-01' = if (flavor == 'DataOps') { parent: drVirtualNetwork name: 'peering-to-primary-vnet' dependsOn: [ @@ -464,7 +525,6 @@ resource bastionNetworkSecurityGroup 'Microsoft.Network/networkSecurityGroups@20 } } - resource workspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { name: workspaceName location: location @@ -516,22 +576,26 @@ resource bastionHost 'Microsoft.Network/bastionHosts@2024-05-01' = if (deployBas name: bastionSku } properties: { - virtualNetwork: bastionSku == 'Developer' ? { - id: arcVirtualNetwork.id - } : null - ipConfigurations: bastionSku != 'Developer' ? [ - { - name: 'IpConf' - properties: { - publicIPAddress: { - id: publicIpAddress.id - } - subnet: { - id: bastionSubnetRef - } + virtualNetwork: bastionSku == 'Developer' + ? { + id: arcVirtualNetwork.id } - } - ] : null + : null + ipConfigurations: bastionSku != 'Developer' + ? [ + { + name: 'IpConf' + properties: { + publicIPAddress: { + id: publicIpAddress.id + } + subnet: { + id: bastionSubnetRef + } + } + } + ] + : null } } diff --git a/azure_jumpstart_localbox/bicep/main.bicep b/azure_jumpstart_localbox/bicep/main.bicep index b98e02d45c..50c9029be2 100644 --- a/azure_jumpstart_localbox/bicep/main.bicep +++ b/azure_jumpstart_localbox/bicep/main.bicep @@ -43,6 +43,9 @@ param autoUpgradeClusterResource bool = false @description('Enable automatic logon into LocalBox Virtual Machine') param vmAutologon bool = true +@description('Name of the NAT Gateway') +param natGatewayName string = 'LocalBox-NatGateway' + @description('The size of the Virtual Machine') @allowed([ 'Standard_E32s_v5' @@ -99,6 +102,7 @@ module networkDeployment 'network/network.bicep' = { deployBastion: deployBastion location: location resourceTags: resourceTags + natGatewayName: natGatewayName } } diff --git a/azure_jumpstart_localbox/bicep/network/network.bicep b/azure_jumpstart_localbox/bicep/network/network.bicep index 1a18331ad3..1756336a97 100644 --- a/azure_jumpstart_localbox/bicep/network/network.bicep +++ b/azure_jumpstart_localbox/bicep/network/network.bicep @@ -10,6 +10,9 @@ param location string = resourceGroup().location @description('Choice to deploy Bastion to connect to the client VM') param deployBastion bool = false +@description('Name of the NAT Gateway') +param natGatewayName string = 'LocalBox-NatGateway' + @description('Name of the Network Security Group') param networkSecurityGroupName string = 'LocalBox-NSG' @@ -26,7 +29,7 @@ var bastionName = 'LocalBox-Bastion' var bastionSubnetIpPrefix = '172.16.3.64/26' var bastionPublicIpAddressName = '${bastionName}-PIP' -resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { +resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: virtualNetworkName location: location properties: { @@ -45,6 +48,10 @@ resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null + defaultOutboundAccess: false } } { @@ -66,6 +73,10 @@ resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { networkSecurityGroup: { id: networkSecurityGroup.id } + natGateway: deployBastion ? { + id: natGateway.id + } : null + defaultOutboundAccess: false } } ] @@ -73,6 +84,35 @@ resource arcVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { tags: resourceTags } +resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = if (deployBastion == true) { + name: '${natGatewayName}-PIP' + location: location + properties: { + publicIPAllocationMethod: 'Static' + publicIPAddressVersion: 'IPv4' + idleTimeoutInMinutes: 4 + } + sku: { + name: 'Standard' + } +} + +resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = if (deployBastion == true) { + name: natGatewayName + location: location + sku: { + name: 'Standard' + } + properties: { + publicIpAddresses: [ + { + id: natGatewayPublicIp.id + } + ] + idleTimeoutInMinutes: 4 + } +} + resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-03-01' = { name: networkSecurityGroupName location: location