Default outbound internet access - Agora - ArcBox - LocalBox

azure_jumpstart_ag/contoso_hypermarket/bicep/clientVm/clientVm.bicep

@@ -124,7 +124,7 @@ resource publicIpAddress 'Microsoft.Network/publicIpAddresses@2023-02-01' = if (
     idleTimeoutInMinutes: 4
   }
   sku: {
-    name: 'Basic'
+    name: 'Standard'
   }
 }
 

azure_jumpstart_ag/contoso_hypermarket/bicep/kubernetes/ubuntuRancher.bicep

@@ -56,7 +56,7 @@ resource publicIpAddresses 'Microsoft.Network/publicIpAddresses@2022-01-01' = [f
     idleTimeoutInMinutes: 4
   }
   sku: {
-    name: 'Basic'
+    name: 'Standard'
   }
 }]
 

azure_jumpstart_ag/contoso_hypermarket/bicep/main.bicep

@@ -93,6 +93,9 @@ param azureOpenAIModel object = {
     apiVersion: '2024-08-01-preview'
 }
 
+@description('Name of the NAT Gateway')
+param natGatewayName string = 'Ag-NatGateway-${namingGuid}'
+
 // @description('Option to deploy GPU-enabled nodes for the K3s Worker nodes.')
 // param deployGPUNodes bool = false
 
@@ -131,6 +134,7 @@ module networkDeployment 'mgmt/network.bicep' = {
     subnetNameCloud: subnetNameCloud
     deployBastion: deployBastion
     location: location
+    natGatewayName: natGatewayName
   }
 }
 

azure_jumpstart_ag/contoso_hypermarket/bicep/mgmt/network.bicep

@@ -24,6 +24,9 @@ param networkSecurityGroupNameCloud string = 'Ag-NSG-Prod'
 @description('Name of the Bastion Network Security Group')
 param bastionNetworkSecurityGroupName string = 'Ag-NSG-Bastion'
 
+@description('Name of the NAT Gateway')
+param natGatewayName string = 'Ag-NatGateway'
+
 var addressPrefixCloud = '10.16.0.0/16'
 var subnetAddressPrefixK3s = '10.16.80.0/21'
 var subnetAddressPrefixCloud = '10.16.64.0/21'
@@ -58,6 +61,10 @@ var cloudK3sSubnet = [
       networkSecurityGroup: {
         id: networkSecurityGroupCloud.id
       }
+      natGateway: {
+        id: natGateway.id
+      }
+      defaultOutboundAccess: false
     }
   }
 ]
@@ -72,11 +79,17 @@ var cloudSubnet = [
       networkSecurityGroup: {
         id: networkSecurityGroupCloud.id
       }
+      natGateway: deployBastion
+        ? {
+            id: natGateway.id
+          }
+        : null
+      defaultOutboundAccess: false
     }
   }
 ]
 
-resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = {
   name: virtualNetworkNameCloud
   location: location
   tags: resourceTags
@@ -106,6 +119,35 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2023-02-01' = if (
   }
 }
 
+resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = {
+  name: '${natGatewayName}-PIP'
+  location: location
+  properties: {
+    publicIPAllocationMethod: 'Static'
+    publicIPAddressVersion: 'IPv4'
+    idleTimeoutInMinutes: 4
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = {
+  name: natGatewayName
+  location: location
+  sku: {
+    name: 'Standard'
+  }
+  properties: {
+    publicIpAddresses: [
+      {
+        id: natGatewayPublicIp.id
+      }
+    ]
+    idleTimeoutInMinutes: 4
+  }
+}
+
 resource networkSecurityGroupCloud 'Microsoft.Network/networkSecurityGroups@2023-02-01' = {
   name: networkSecurityGroupNameCloud
   location: location
@@ -385,41 +427,44 @@ resource bastionHost 'Microsoft.Network/bastionHosts@2023-02-01' = if (deployBas
   }
 }
 
-resource loadBalancerPip 'Microsoft.Network/publicIPAddresses@2024-01-01' = [for (site, i) in sites: {
-  name: 'Ag-LB-Public-IP-${site}'
-  location: location
-  properties: {
-    publicIPAllocationMethod: 'Static'
-    publicIPAddressVersion: 'IPv4'
-    idleTimeoutInMinutes: 4
-  }
-  sku: {
-    name: 'Standard'
+resource loadBalancerPip 'Microsoft.Network/publicIPAddresses@2024-01-01' = [
+  for (site, i) in sites: {
+    name: 'Ag-LB-Public-IP-${site}'
+    location: location
+    properties: {
+      publicIPAllocationMethod: 'Static'
+      publicIPAddressVersion: 'IPv4'
+      idleTimeoutInMinutes: 4
+    }
+    sku: {
+      name: 'Standard'
+    }
   }
-}]
+]
 
-resource loadBalancer 'Microsoft.Network/loadBalancers@2024-01-01' =  [for (site, i) in sites: {
-  name: 'Ag-LoadBalancer-${site}'
-  location: location
-  sku: {
-    name: 'Standard'
-  }
-  properties: {
-    frontendIPConfigurations: [
-      {
-        name: 'Ag-LB-Frontend-${site}'
-        properties: {
-          publicIPAddress: {
-            id: loadBalancerPip[i].id
+resource loadBalancer 'Microsoft.Network/loadBalancers@2024-01-01' = [
+  for (site, i) in sites: {
+    name: 'Ag-LoadBalancer-${site}'
+    location: location
+    sku: {
+      name: 'Standard'
+    }
+    properties: {
+      frontendIPConfigurations: [
+        {
+          name: 'Ag-LB-Frontend-${site}'
+          properties: {
+            publicIPAddress: {
+              id: loadBalancerPip[i].id
+            }
           }
         }
-      }
-    ]
+      ]
+    }
   }
-}]
-
+]
 
 output vnetId string = cloudVirtualNetwork.id
 output k3sSubnetId string = cloudVirtualNetwork.properties.subnets[0].id
 output cloudSubnetId string = cloudVirtualNetwork.properties.subnets[1].id
-output virtualNetworkNameCloud string = cloudVirtualNetwork.name
+output virtualNetworkNameCloud string = cloudVirtualNetwork.name

azure_jumpstart_ag/contoso_motors/bicep/clientVm/clientVm.bicep

@@ -120,7 +120,7 @@ resource publicIpAddress 'Microsoft.Network/publicIpAddresses@2023-02-01' = if (
     idleTimeoutInMinutes: 4
   }
   sku: {
-    name: 'Basic'
+    name: 'Standard'
   }
 }
 

azure_jumpstart_ag/contoso_motors/bicep/main.bicep

@@ -100,6 +100,9 @@ param scenario string = 'contoso_motors'
 @secure()
 param influxDBPassword string = windowsAdminPassword
 
+@description('Name of the NAT Gateway')
+param natGatewayName string = 'Ag-NatGateway-${namingGuid}'
+
 @description('The sku name of the K3s cluster worker nodes.')
 @allowed([
   'Standard_D8s_v5'
@@ -135,9 +138,10 @@ module networkDeployment 'mgmt/network.bicep' = {
   params: {
     virtualNetworkNameCloud: virtualNetworkNameCloud
     subnetNameCloudK3s: subnetNameCloudK3s
-    subnetNameCloud: subnetNameCloud    
+    subnetNameCloud: subnetNameCloud
     deployBastion: deployBastion
     location: location
+    natGatewayName: natGatewayName
   }
 }
 
@@ -225,7 +229,7 @@ module clientVmDeployment 'clientVm/clientVm.bicep' = {
   dependsOn: [
     ubuntuRancherK3sNodesDeployment
     ubuntuRancherK3sDataSvcNodesDeployment
-  ]  
+  ]
   params: {
     windowsAdminUsername: windowsAdminUsername
     windowsAdminPassword: windowsAdminPassword

azure_jumpstart_ag/contoso_motors/bicep/mgmt/network.bicep

@@ -7,7 +7,6 @@ param subnetNameCloudK3s string
 @description('Name of the inner-loop subnet in the cloud virtual network')
 param subnetNameCloud string
 
-
 @description('Azure Region to deploy the Log Analytics Workspace')
 param location string = resourceGroup().location
 
@@ -25,6 +24,9 @@ param networkSecurityGroupNameCloud string = 'Ag-NSG-Prod'
 @description('Name of the Bastion Network Security Group')
 param bastionNetworkSecurityGroupName string = 'Ag-NSG-Bastion'
 
+@description('Name of the NAT Gateway')
+param natGatewayName string = 'Ag-NatGateway'
+
 var addressPrefixCloud = '10.16.0.0/16'
 var subnetAddressPrefixK3s = '10.16.80.0/21'
 var subnetAddressPrefixCloud = '10.16.64.0/21'
@@ -34,7 +36,6 @@ var bastionSubnetRef = '${cloudVirtualNetwork.id}/subnets/${bastionSubnetName}'
 var bastionName = 'Ag-Bastion'
 var bastionPublicIpAddressName = '${bastionName}-PIP'
 
-
 var bastionSubnet = [
   {
     name: 'AzureBastionSubnet'
@@ -56,6 +57,10 @@ var cloudK3sSubnet = [
       networkSecurityGroup: {
         id: networkSecurityGroupCloud.id
       }
+      natGateway: {
+        id: natGateway.id
+      }
+      defaultOutboundAccess: false
     }
   }
 ]
@@ -70,11 +75,17 @@ var cloudSubnet = [
       networkSecurityGroup: {
         id: networkSecurityGroupCloud.id
       }
+      natGateway: deployBastion
+        ? {
+            id: natGateway.id
+          }
+        : null
+      defaultOutboundAccess: false
     }
   }
 ]
 
-resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = {
   name: virtualNetworkNameCloud
   location: location
   tags: resourceTags
@@ -85,8 +96,8 @@ resource cloudVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
       ]
     }
     subnets: (deployBastion == false)
-    ? union(cloudK3sSubnet, cloudSubnet)
-    : union(cloudK3sSubnet, cloudSubnet, bastionSubnet)
+      ? union(cloudK3sSubnet, cloudSubnet)
+      : union(cloudK3sSubnet, cloudSubnet, bastionSubnet)
     //subnets: (deployBastion == false) ? union (cloudAKSDevSubnet,cloudAKSInnerLoopSubnet) : union(cloudAKSDevSubnet,cloudAKSInnerLoopSubnet,bastionSubnet)
   }
 }
@@ -105,6 +116,35 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2023-02-01' = if (
   }
 }
 
+resource natGatewayPublicIp 'Microsoft.Network/publicIPAddresses@2024-07-01' = {
+  name: '${natGatewayName}-PIP'
+  location: location
+  properties: {
+    publicIPAllocationMethod: 'Static'
+    publicIPAddressVersion: 'IPv4'
+    idleTimeoutInMinutes: 4
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource natGateway 'Microsoft.Network/natGateways@2024-07-01' = {
+  name: natGatewayName
+  location: location
+  sku: {
+    name: 'Standard'
+  }
+  properties: {
+    publicIpAddresses: [
+      {
+        id: natGatewayPublicIp.id
+      }
+    ]
+    idleTimeoutInMinutes: 4
+  }
+}
+
 resource networkSecurityGroupCloud 'Microsoft.Network/networkSecurityGroups@2023-02-01' = {
   name: networkSecurityGroupNameCloud
   location: location

azure_jumpstart_ag/contoso_supermarket/bicep/clientVm/clientVm.bicep

@@ -129,7 +129,7 @@ resource publicIpAddress 'Microsoft.Network/publicIpAddresses@2023-02-01' = if (
     idleTimeoutInMinutes: 4
   }
   sku: {
-    name: 'Basic'
+    name: 'Standard'
   }
 }
 

azure_jumpstart_ag/contoso_supermarket/bicep/main.bicep

@@ -83,6 +83,9 @@ param rdpPort string = '3389'
 @description('Enable automatic logon into Virtual Machine')
 param vmAutologon bool = true
 
+@description('Name of the NAT Gateway')
+param natGatewayName string = 'Ag-NatGateway-${namingGuid}'
+
 @description('The agora scenario to be deployed')
 param scenario string = 'contoso_supermarket'
 
@@ -112,6 +115,7 @@ module networkDeployment 'mgmt/network.bicep' = {
     subnetNameCloudAksInnerLoop: subnetNameCloudAksInnerLoop
     deployBastion: deployBastion
     location: location
+    natGatewayName: natGatewayName
   }
 }