From 1e763a5729d38c01d3362ef59ae9bfd22a020a04 Mon Sep 17 00:00:00 2001 From: "Menghua Chen (MSFT)" <111940661+Menghua1@users.noreply.github.com> Date: Sat, 26 Oct 2024 01:16:42 +0800 Subject: [PATCH] fix: Update `ptn/azd/aks` parameter (#3589) ## Description Updated some aks parameters. ## Pipeline Reference | Pipeline | | -------- | | [![avm.ptn.azd.aks](https://github.com/Menghua1/bicep-registry-modules/actions/workflows/avm.ptn.azd.aks.yml/badge.svg?branch=update-ptn-azd-aks)](https://github.com/Menghua1/bicep-registry-modules/actions/workflows/avm.ptn.azd.aks.yml) | ## Type of Change - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [x] My corresponding pipelines / checks run clean and green without any errors or warnings @jongio and @AlexanderSehr for notification. --- avm/ptn/azd/aks/README.md | 753 ++++++- avm/ptn/azd/aks/main.bicep | 266 +-- avm/ptn/azd/aks/main.json | 1860 +++++++++-------- .../aks/tests/e2e/defaults/dependencies.bicep | 2 +- .../aks/tests/e2e/defaults/main.test.bicep | 21 +- .../azd/aks/tests/e2e/max/dependencies.bicep | 2 +- avm/ptn/azd/aks/tests/e2e/max/main.test.bicep | 39 +- 7 files changed, 1834 insertions(+), 1109 deletions(-) diff --git a/avm/ptn/azd/aks/README.md b/avm/ptn/azd/aks/README.md index 6e87179a15..be49729f45 100644 --- a/avm/ptn/azd/aks/README.md +++ b/avm/ptn/azd/aks/README.md @@ -65,7 +65,7 @@ module aks 'br/public:avm/ptn/azd/aks:' = { // Required parameters containerRegistryName: '' keyVaultName: '' - logAnalyticsName: '' + monitoringWorkspaceResourceId: '' name: '' principalId: '' // Non-required parameters @@ -94,8 +94,8 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "keyVaultName": { "value": "" }, - "logAnalyticsName": { - "value": "" + "monitoringWorkspaceResourceId": { + "value": "" }, "name": { "value": "" @@ -127,7 +127,7 @@ using 'br/public:avm/ptn/azd/aks:' // Required parameters param containerRegistryName = '' param keyVaultName = '' -param logAnalyticsName = '' +param monitoringWorkspaceResourceId = '' param name = '' param principalId = '' // Non-required parameters @@ -154,12 +154,12 @@ module aks 'br/public:avm/ptn/azd/aks:' = { // Required parameters containerRegistryName: '' keyVaultName: '' - logAnalyticsName: '' + monitoringWorkspaceResourceId: '' name: '' principalId: '' // Non-required parameters acrSku: 'Basic' - agentPools: [ + agentPoolConfig: [ { maxPods: 30 maxSurge: '33%' @@ -167,15 +167,32 @@ module aks 'br/public:avm/ptn/azd/aks:' = { name: 'npuserpool' osType: 'Linux' type: 'VirtualMachineScaleSets' - vmSize: 'standard_a2_v2' + vmSize: 'Standard_DS2_v2' } ] + agentPoolSize: 'Standard' aksClusterRoleAssignmentName: '' containerRegistryRoleName: '' dnsPrefix: 'dep-dns-paamax' location: '' principalType: 'ServicePrincipal' skuTier: 'Free' + systemPoolConfig: [ + { + availabilityZones: [ + 1 + 2 + 3 + ] + count: 3 + enableAutoScaling: true + maxCount: 5 + minCount: 3 + mode: 'System' + name: 'npsystem' + vmSize: 'Standard_DS2_v2' + } + ] webApplicationRoutingEnabled: true } } @@ -200,8 +217,8 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "keyVaultName": { "value": "" }, - "logAnalyticsName": { - "value": "" + "monitoringWorkspaceResourceId": { + "value": "" }, "name": { "value": "" @@ -213,7 +230,7 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "acrSku": { "value": "Basic" }, - "agentPools": { + "agentPoolConfig": { "value": [ { "maxPods": 30, @@ -222,10 +239,13 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "name": "npuserpool", "osType": "Linux", "type": "VirtualMachineScaleSets", - "vmSize": "standard_a2_v2" + "vmSize": "Standard_DS2_v2" } ] }, + "agentPoolSize": { + "value": "Standard" + }, "aksClusterRoleAssignmentName": { "value": "" }, @@ -244,6 +264,24 @@ module aks 'br/public:avm/ptn/azd/aks:' = { "skuTier": { "value": "Free" }, + "systemPoolConfig": { + "value": [ + { + "availabilityZones": [ + 1, + 2, + 3 + ], + "count": 3, + "enableAutoScaling": true, + "maxCount": 5, + "minCount": 3, + "mode": "System", + "name": "npsystem", + "vmSize": "Standard_DS2_v2" + } + ] + }, "webApplicationRoutingEnabled": { "value": true } @@ -264,12 +302,12 @@ using 'br/public:avm/ptn/azd/aks:' // Required parameters param containerRegistryName = '' param keyVaultName = '' -param logAnalyticsName = '' +param monitoringWorkspaceResourceId = '' param name = '' param principalId = '' // Non-required parameters param acrSku = 'Basic' -param agentPools = [ +param agentPoolConfig = [ { maxPods: 30 maxSurge: '33%' @@ -277,15 +315,32 @@ param agentPools = [ name: 'npuserpool' osType: 'Linux' type: 'VirtualMachineScaleSets' - vmSize: 'standard_a2_v2' + vmSize: 'Standard_DS2_v2' } ] +param agentPoolSize = 'Standard' param aksClusterRoleAssignmentName = '' param containerRegistryRoleName = '' param dnsPrefix = 'dep-dns-paamax' param location = '' param principalType = 'ServicePrincipal' param skuTier = 'Free' +param systemPoolConfig = [ + { + availabilityZones: [ + 1 + 2 + 3 + ] + count: 3 + enableAutoScaling: true + maxCount: 5 + minCount: 3 + mode: 'System' + name: 'npsystem' + vmSize: 'Standard_DS2_v2' + } +] param webApplicationRoutingEnabled = true ``` @@ -300,7 +355,7 @@ param webApplicationRoutingEnabled = true | :-- | :-- | :-- | | [`containerRegistryName`](#parameter-containerregistryname) | string | Name of your Azure Container Registry. | | [`keyVaultName`](#parameter-keyvaultname) | string | Name of the Key Vault. Must be globally unique. | -| [`logAnalyticsName`](#parameter-loganalyticsname) | string | The name of the connected log analytics workspace. | +| [`monitoringWorkspaceResourceId`](#parameter-monitoringworkspaceresourceid) | string | Resource ID of the monitoring log analytics workspace. | | [`name`](#parameter-name) | string | The name of the parent managed cluster. Required if the template is used in a standalone deployment. | | [`principalId`](#parameter-principalid) | string | Id of the user or app to assign application roles. | @@ -314,17 +369,24 @@ param webApplicationRoutingEnabled = true | Parameter | Type | Description | | :-- | :-- | :-- | -| [`aadProfileEnableAzureRBAC`](#parameter-aadprofileenableazurerbac) | bool | Specifies whether to enable Azure RBAC for Kubernetes authorization. | | [`acrSku`](#parameter-acrsku) | string | Tier of your Azure container registry. | -| [`agentPools`](#parameter-agentpools) | array | Define one or more secondary/additional agent pools. | +| [`agentPoolConfig`](#parameter-agentpoolconfig) | array | Custom configuration of user node pool. | +| [`agentPoolSize`](#parameter-agentpoolsize) | string | The User Pool Preset sizing. | | [`aksClusterRoleAssignmentName`](#parameter-aksclusterroleassignmentname) | string | The name (as GUID) of the role assignment. If not provided, a GUID will be generated. | +| [`autoNodeOsUpgradeProfileUpgradeChannel`](#parameter-autonodeosupgradeprofileupgradechannel) | string | Auto-upgrade channel on the Node Os. | | [`containerRegistryRoleName`](#parameter-containerregistryrolename) | string | The name (as GUID) of the role assignment. If not provided, a GUID will be generated. | +| [`disableLocalAccounts`](#parameter-disablelocalaccounts) | bool | If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. | | [`dnsPrefix`](#parameter-dnsprefix) | string | Specifies the DNS prefix specified when creating the managed cluster. | | [`dnsServiceIP`](#parameter-dnsserviceip) | string | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | +| [`enableKeyvaultSecretsProvider`](#parameter-enablekeyvaultsecretsprovider) | bool | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. | +| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Provide 'true' to enable Key Vault's purge protection feature. | +| [`enableRbacAuthorization`](#parameter-enablerbacauthorization) | bool | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`enableVaultForDeployment`](#parameter-enablevaultfordeployment) | bool | Specifies if the vault is enabled for deployment by script or compute. | +| [`enableVaultForTemplateDeployment`](#parameter-enablevaultfortemplatedeployment) | bool | Specifies if the vault is enabled for a template deployment. | | [`kubernetesVersion`](#parameter-kubernetesversion) | string | Kubernetes Version. | +| [`loadBalancerSku`](#parameter-loadbalancersku) | string | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. | | [`location`](#parameter-location) | string | Specifies the location of AKS cluster. It picks up Resource Group's location by default. | -| [`monitoringWorkspaceResourceId`](#parameter-monitoringworkspaceresourceid) | string | Resource ID of the monitoring log analytics workspace. | | [`networkDataplane`](#parameter-networkdataplane) | string | Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. | | [`networkPlugin`](#parameter-networkplugin) | string | Network plugin used for building the Kubernetes network. | | [`networkPluginMode`](#parameter-networkpluginmode) | string | Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. | @@ -337,6 +399,8 @@ param webApplicationRoutingEnabled = true | [`serviceCidr`](#parameter-servicecidr) | string | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | | [`skuTier`](#parameter-skutier) | string | Tier of a managed cluster SKU. | | [`sshPublicKey`](#parameter-sshpublickey) | string | Specifies the SSH RSA public key string for the Linux nodes. | +| [`systemPoolConfig`](#parameter-systempoolconfig) | array | Custom configuration of system node pool. | +| [`systemPoolSize`](#parameter-systempoolsize) | string | The System Pool Preset sizing. | | [`tags`](#parameter-tags) | object | Custom tags to apply to the AKS resources. | | [`webApplicationRoutingEnabled`](#parameter-webapplicationroutingenabled) | bool | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. | @@ -354,9 +418,9 @@ Name of the Key Vault. Must be globally unique. - Required: Yes - Type: string -### Parameter: `logAnalyticsName` +### Parameter: `monitoringWorkspaceResourceId` -The name of the connected log analytics workspace. +Resource ID of the monitoring log analytics workspace. - Required: Yes - Type: string @@ -382,14 +446,6 @@ Specifies the resource ID of connected application gateway. Required if `ingress - Required: No - Type: string -### Parameter: `aadProfileEnableAzureRBAC` - -Specifies whether to enable Azure RBAC for Kubernetes authorization. - -- Required: No -- Type: bool -- Default: `False` - ### Parameter: `acrSku` Tier of your Azure container registry. @@ -406,9 +462,9 @@ Tier of your Azure container registry. ] ``` -### Parameter: `agentPools` +### Parameter: `agentPoolConfig` -Define one or more secondary/additional agent pools. +Custom configuration of user node pool. - Required: No - Type: array @@ -417,113 +473,113 @@ Define one or more secondary/additional agent pools. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`name`](#parameter-agentpoolsname) | string | The name of the agent pool. | +| [`name`](#parameter-agentpoolconfigname) | string | The name of the agent pool. | **Optional parameters** | Parameter | Type | Description | | :-- | :-- | :-- | -| [`availabilityZones`](#parameter-agentpoolsavailabilityzones) | array | The availability zones of the agent pool. | -| [`count`](#parameter-agentpoolscount) | int | The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | -| [`enableAutoScaling`](#parameter-agentpoolsenableautoscaling) | bool | Whether to enable auto-scaling for the agent pool. | -| [`enableDefaultTelemetry`](#parameter-agentpoolsenabledefaulttelemetry) | bool | The enable default telemetry of the agent pool. | -| [`enableEncryptionAtHost`](#parameter-agentpoolsenableencryptionathost) | bool | Whether to enable encryption at host for the agent pool. | -| [`enableFIPS`](#parameter-agentpoolsenablefips) | bool | Whether to enable FIPS for the agent pool. | -| [`enableNodePublicIP`](#parameter-agentpoolsenablenodepublicip) | bool | Whether to enable node public IP for the agent pool. | -| [`enableUltraSSD`](#parameter-agentpoolsenableultrassd) | bool | Whether to enable Ultra SSD for the agent pool. | -| [`gpuInstanceProfile`](#parameter-agentpoolsgpuinstanceprofile) | string | The GPU instance profile of the agent pool. | -| [`kubeletDiskType`](#parameter-agentpoolskubeletdisktype) | string | The kubelet disk type of the agent pool. | -| [`maxCount`](#parameter-agentpoolsmaxcount) | int | The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | -| [`maxPods`](#parameter-agentpoolsmaxpods) | int | The maximum number of pods that can run on a node. | -| [`maxSurge`](#parameter-agentpoolsmaxsurge) | string | The maximum number of nodes that can be created during an upgrade. | -| [`minCount`](#parameter-agentpoolsmincount) | int | The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | -| [`minPods`](#parameter-agentpoolsminpods) | int | The minimum number of pods that can run on a node. | -| [`mode`](#parameter-agentpoolsmode) | string | The mode of the agent pool. | -| [`nodeLabels`](#parameter-agentpoolsnodelabels) | object | The node labels of the agent pool. | -| [`nodePublicIpPrefixId`](#parameter-agentpoolsnodepublicipprefixid) | string | The node public IP prefix ID of the agent pool. | -| [`nodeTaints`](#parameter-agentpoolsnodetaints) | array | The node taints of the agent pool. | -| [`orchestratorVersion`](#parameter-agentpoolsorchestratorversion) | string | The Kubernetes version of the agent pool. | -| [`osDiskSizeGB`](#parameter-agentpoolsosdisksizegb) | int | The OS disk size in GB of the agent pool. | -| [`osDiskType`](#parameter-agentpoolsosdisktype) | string | The OS disk type of the agent pool. | -| [`osSku`](#parameter-agentpoolsossku) | string | The OS SKU of the agent pool. | -| [`osType`](#parameter-agentpoolsostype) | string | The OS type of the agent pool. | -| [`podSubnetId`](#parameter-agentpoolspodsubnetid) | string | The pod subnet ID of the agent pool. | -| [`proximityPlacementGroupResourceId`](#parameter-agentpoolsproximityplacementgroupresourceid) | string | The proximity placement group resource ID of the agent pool. | -| [`scaleDownMode`](#parameter-agentpoolsscaledownmode) | string | The scale down mode of the agent pool. | -| [`scaleSetEvictionPolicy`](#parameter-agentpoolsscalesetevictionpolicy) | string | The scale set eviction policy of the agent pool. | -| [`scaleSetPriority`](#parameter-agentpoolsscalesetpriority) | string | The scale set priority of the agent pool. | -| [`sourceResourceId`](#parameter-agentpoolssourceresourceid) | string | The source resource ID to create the agent pool from. | -| [`spotMaxPrice`](#parameter-agentpoolsspotmaxprice) | int | The spot max price of the agent pool. | -| [`tags`](#parameter-agentpoolstags) | object | The tags of the agent pool. | -| [`type`](#parameter-agentpoolstype) | string | The type of the agent pool. | -| [`vmSize`](#parameter-agentpoolsvmsize) | string | The VM size of the agent pool. | -| [`vnetSubnetID`](#parameter-agentpoolsvnetsubnetid) | string | The VNet subnet ID of the agent pool. | -| [`workloadRuntime`](#parameter-agentpoolsworkloadruntime) | string | The workload runtime of the agent pool. | - -### Parameter: `agentPools.name` +| [`availabilityZones`](#parameter-agentpoolconfigavailabilityzones) | array | The availability zones of the agent pool. | +| [`count`](#parameter-agentpoolconfigcount) | int | The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`enableAutoScaling`](#parameter-agentpoolconfigenableautoscaling) | bool | Whether to enable auto-scaling for the agent pool. | +| [`enableDefaultTelemetry`](#parameter-agentpoolconfigenabledefaulttelemetry) | bool | The enable default telemetry of the agent pool. | +| [`enableEncryptionAtHost`](#parameter-agentpoolconfigenableencryptionathost) | bool | Whether to enable encryption at host for the agent pool. | +| [`enableFIPS`](#parameter-agentpoolconfigenablefips) | bool | Whether to enable FIPS for the agent pool. | +| [`enableNodePublicIP`](#parameter-agentpoolconfigenablenodepublicip) | bool | Whether to enable node public IP for the agent pool. | +| [`enableUltraSSD`](#parameter-agentpoolconfigenableultrassd) | bool | Whether to enable Ultra SSD for the agent pool. | +| [`gpuInstanceProfile`](#parameter-agentpoolconfiggpuinstanceprofile) | string | The GPU instance profile of the agent pool. | +| [`kubeletDiskType`](#parameter-agentpoolconfigkubeletdisktype) | string | The kubelet disk type of the agent pool. | +| [`maxCount`](#parameter-agentpoolconfigmaxcount) | int | The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`maxPods`](#parameter-agentpoolconfigmaxpods) | int | The maximum number of pods that can run on a node. | +| [`maxSurge`](#parameter-agentpoolconfigmaxsurge) | string | The maximum number of nodes that can be created during an upgrade. | +| [`minCount`](#parameter-agentpoolconfigmincount) | int | The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`minPods`](#parameter-agentpoolconfigminpods) | int | The minimum number of pods that can run on a node. | +| [`mode`](#parameter-agentpoolconfigmode) | string | The mode of the agent pool. | +| [`nodeLabels`](#parameter-agentpoolconfignodelabels) | object | The node labels of the agent pool. | +| [`nodePublicIpPrefixResourceId`](#parameter-agentpoolconfignodepublicipprefixresourceid) | string | The node public IP prefix ID of the agent pool. | +| [`nodeTaints`](#parameter-agentpoolconfignodetaints) | array | The node taints of the agent pool. | +| [`orchestratorVersion`](#parameter-agentpoolconfigorchestratorversion) | string | The Kubernetes version of the agent pool. | +| [`osDiskSizeGB`](#parameter-agentpoolconfigosdisksizegb) | int | The OS disk size in GB of the agent pool. | +| [`osDiskType`](#parameter-agentpoolconfigosdisktype) | string | The OS disk type of the agent pool. | +| [`osSku`](#parameter-agentpoolconfigossku) | string | The OS SKU of the agent pool. | +| [`osType`](#parameter-agentpoolconfigostype) | string | The OS type of the agent pool. | +| [`podSubnetResourceId`](#parameter-agentpoolconfigpodsubnetresourceid) | string | The pod subnet ID of the agent pool. | +| [`proximityPlacementGroupResourceId`](#parameter-agentpoolconfigproximityplacementgroupresourceid) | string | The proximity placement group resource ID of the agent pool. | +| [`scaleDownMode`](#parameter-agentpoolconfigscaledownmode) | string | The scale down mode of the agent pool. | +| [`scaleSetEvictionPolicy`](#parameter-agentpoolconfigscalesetevictionpolicy) | string | The scale set eviction policy of the agent pool. | +| [`scaleSetPriority`](#parameter-agentpoolconfigscalesetpriority) | string | The scale set priority of the agent pool. | +| [`sourceResourceId`](#parameter-agentpoolconfigsourceresourceid) | string | The source resource ID to create the agent pool from. | +| [`spotMaxPrice`](#parameter-agentpoolconfigspotmaxprice) | int | The spot max price of the agent pool. | +| [`tags`](#parameter-agentpoolconfigtags) | object | The tags of the agent pool. | +| [`type`](#parameter-agentpoolconfigtype) | string | The type of the agent pool. | +| [`vmSize`](#parameter-agentpoolconfigvmsize) | string | The VM size of the agent pool. | +| [`vnetSubnetResourceId`](#parameter-agentpoolconfigvnetsubnetresourceid) | string | The VNet subnet ID of the agent pool. | +| [`workloadRuntime`](#parameter-agentpoolconfigworkloadruntime) | string | The workload runtime of the agent pool. | + +### Parameter: `agentPoolConfig.name` The name of the agent pool. - Required: Yes - Type: string -### Parameter: `agentPools.availabilityZones` +### Parameter: `agentPoolConfig.availabilityZones` The availability zones of the agent pool. - Required: No - Type: array -### Parameter: `agentPools.count` +### Parameter: `agentPoolConfig.count` The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). - Required: No - Type: int -### Parameter: `agentPools.enableAutoScaling` +### Parameter: `agentPoolConfig.enableAutoScaling` Whether to enable auto-scaling for the agent pool. - Required: No - Type: bool -### Parameter: `agentPools.enableDefaultTelemetry` +### Parameter: `agentPoolConfig.enableDefaultTelemetry` The enable default telemetry of the agent pool. - Required: No - Type: bool -### Parameter: `agentPools.enableEncryptionAtHost` +### Parameter: `agentPoolConfig.enableEncryptionAtHost` Whether to enable encryption at host for the agent pool. - Required: No - Type: bool -### Parameter: `agentPools.enableFIPS` +### Parameter: `agentPoolConfig.enableFIPS` Whether to enable FIPS for the agent pool. - Required: No - Type: bool -### Parameter: `agentPools.enableNodePublicIP` +### Parameter: `agentPoolConfig.enableNodePublicIP` Whether to enable node public IP for the agent pool. - Required: No - Type: bool -### Parameter: `agentPools.enableUltraSSD` +### Parameter: `agentPoolConfig.enableUltraSSD` Whether to enable Ultra SSD for the agent pool. - Required: No - Type: bool -### Parameter: `agentPools.gpuInstanceProfile` +### Parameter: `agentPoolConfig.gpuInstanceProfile` The GPU instance profile of the agent pool. @@ -540,49 +596,49 @@ The GPU instance profile of the agent pool. ] ``` -### Parameter: `agentPools.kubeletDiskType` +### Parameter: `agentPoolConfig.kubeletDiskType` The kubelet disk type of the agent pool. - Required: No - Type: string -### Parameter: `agentPools.maxCount` +### Parameter: `agentPoolConfig.maxCount` The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). - Required: No - Type: int -### Parameter: `agentPools.maxPods` +### Parameter: `agentPoolConfig.maxPods` The maximum number of pods that can run on a node. - Required: No - Type: int -### Parameter: `agentPools.maxSurge` +### Parameter: `agentPoolConfig.maxSurge` The maximum number of nodes that can be created during an upgrade. - Required: No - Type: string -### Parameter: `agentPools.minCount` +### Parameter: `agentPoolConfig.minCount` The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). - Required: No - Type: int -### Parameter: `agentPools.minPods` +### Parameter: `agentPoolConfig.minPods` The minimum number of pods that can run on a node. - Required: No - Type: int -### Parameter: `agentPools.mode` +### Parameter: `agentPoolConfig.mode` The mode of the agent pool. @@ -596,56 +652,56 @@ The mode of the agent pool. ] ``` -### Parameter: `agentPools.nodeLabels` +### Parameter: `agentPoolConfig.nodeLabels` The node labels of the agent pool. - Required: No - Type: object -### Parameter: `agentPools.nodePublicIpPrefixId` +### Parameter: `agentPoolConfig.nodePublicIpPrefixResourceId` The node public IP prefix ID of the agent pool. - Required: No - Type: string -### Parameter: `agentPools.nodeTaints` +### Parameter: `agentPoolConfig.nodeTaints` The node taints of the agent pool. - Required: No - Type: array -### Parameter: `agentPools.orchestratorVersion` +### Parameter: `agentPoolConfig.orchestratorVersion` The Kubernetes version of the agent pool. - Required: No - Type: string -### Parameter: `agentPools.osDiskSizeGB` +### Parameter: `agentPoolConfig.osDiskSizeGB` The OS disk size in GB of the agent pool. - Required: No - Type: int -### Parameter: `agentPools.osDiskType` +### Parameter: `agentPoolConfig.osDiskType` The OS disk type of the agent pool. - Required: No - Type: string -### Parameter: `agentPools.osSku` +### Parameter: `agentPoolConfig.osSku` The OS SKU of the agent pool. - Required: No - Type: string -### Parameter: `agentPools.osType` +### Parameter: `agentPoolConfig.osType` The OS type of the agent pool. @@ -659,21 +715,21 @@ The OS type of the agent pool. ] ``` -### Parameter: `agentPools.podSubnetId` +### Parameter: `agentPoolConfig.podSubnetResourceId` The pod subnet ID of the agent pool. - Required: No - Type: string -### Parameter: `agentPools.proximityPlacementGroupResourceId` +### Parameter: `agentPoolConfig.proximityPlacementGroupResourceId` The proximity placement group resource ID of the agent pool. - Required: No - Type: string -### Parameter: `agentPools.scaleDownMode` +### Parameter: `agentPoolConfig.scaleDownMode` The scale down mode of the agent pool. @@ -687,7 +743,7 @@ The scale down mode of the agent pool. ] ``` -### Parameter: `agentPools.scaleSetEvictionPolicy` +### Parameter: `agentPoolConfig.scaleSetEvictionPolicy` The scale set eviction policy of the agent pool. @@ -701,7 +757,7 @@ The scale set eviction policy of the agent pool. ] ``` -### Parameter: `agentPools.scaleSetPriority` +### Parameter: `agentPoolConfig.scaleSetPriority` The scale set priority of the agent pool. @@ -716,28 +772,28 @@ The scale set priority of the agent pool. ] ``` -### Parameter: `agentPools.sourceResourceId` +### Parameter: `agentPoolConfig.sourceResourceId` The source resource ID to create the agent pool from. - Required: No - Type: string -### Parameter: `agentPools.spotMaxPrice` +### Parameter: `agentPoolConfig.spotMaxPrice` The spot max price of the agent pool. - Required: No - Type: int -### Parameter: `agentPools.tags` +### Parameter: `agentPoolConfig.tags` The tags of the agent pool. - Required: No - Type: object -### Parameter: `agentPools.type` +### Parameter: `agentPoolConfig.type` The type of the agent pool. @@ -751,27 +807,45 @@ The type of the agent pool. ] ``` -### Parameter: `agentPools.vmSize` +### Parameter: `agentPoolConfig.vmSize` The VM size of the agent pool. - Required: No - Type: string -### Parameter: `agentPools.vnetSubnetID` +### Parameter: `agentPoolConfig.vnetSubnetResourceId` The VNet subnet ID of the agent pool. - Required: No - Type: string -### Parameter: `agentPools.workloadRuntime` +### Parameter: `agentPoolConfig.workloadRuntime` The workload runtime of the agent pool. - Required: No - Type: string +### Parameter: `agentPoolSize` + +The User Pool Preset sizing. + +- Required: No +- Type: string +- Default: `''` +- Allowed: + ```Bicep + [ + '' + 'CostOptimised' + 'Custom' + 'HighSpec' + 'Standard' + ] + ``` + ### Parameter: `aksClusterRoleAssignmentName` The name (as GUID) of the role assignment. If not provided, a GUID will be generated. @@ -779,6 +853,23 @@ The name (as GUID) of the role assignment. If not provided, a GUID will be gener - Required: No - Type: string +### Parameter: `autoNodeOsUpgradeProfileUpgradeChannel` + +Auto-upgrade channel on the Node Os. + +- Required: No +- Type: string +- Default: `'NodeImage'` +- Allowed: + ```Bicep + [ + 'NodeImage' + 'None' + 'SecurityPatch' + 'Unmanaged' + ] + ``` + ### Parameter: `containerRegistryRoleName` The name (as GUID) of the role assignment. If not provided, a GUID will be generated. @@ -786,6 +877,14 @@ The name (as GUID) of the role assignment. If not provided, a GUID will be gener - Required: No - Type: string +### Parameter: `disableLocalAccounts` + +If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `dnsPrefix` Specifies the DNS prefix specified when creating the managed cluster. @@ -801,6 +900,30 @@ Specifies the IP address assigned to the Kubernetes DNS service. It must be with - Required: No - Type: string +### Parameter: `enableKeyvaultSecretsProvider` + +Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enablePurgeProtection` + +Provide 'true' to enable Key Vault's purge protection feature. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableRbacAuthorization` + +Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. + +- Required: No +- Type: bool +- Default: `False` + ### Parameter: `enableTelemetry` Enable/Disable usage telemetry for module. @@ -809,6 +932,22 @@ Enable/Disable usage telemetry for module. - Type: bool - Default: `True` +### Parameter: `enableVaultForDeployment` + +Specifies if the vault is enabled for deployment by script or compute. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableVaultForTemplateDeployment` + +Specifies if the vault is enabled for a template deployment. + +- Required: No +- Type: bool +- Default: `False` + ### Parameter: `kubernetesVersion` Kubernetes Version. @@ -817,20 +956,28 @@ Kubernetes Version. - Type: string - Default: `'1.29'` -### Parameter: `location` +### Parameter: `loadBalancerSku` -Specifies the location of AKS cluster. It picks up Resource Group's location by default. +Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. - Required: No - Type: string -- Default: `[resourceGroup().location]` +- Default: `'standard'` +- Allowed: + ```Bicep + [ + 'basic' + 'standard' + ] + ``` -### Parameter: `monitoringWorkspaceResourceId` +### Parameter: `location` -Resource ID of the monitoring log analytics workspace. +Specifies the location of AKS cluster. It picks up Resource Group's location by default. - Required: No - Type: string +- Default: `[resourceGroup().location]` ### Parameter: `networkDataplane` @@ -1008,6 +1155,389 @@ Specifies the SSH RSA public key string for the Linux nodes. - Required: No - Type: string +### Parameter: `systemPoolConfig` + +Custom configuration of system node pool. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-systempoolconfigname) | string | The name of the agent pool. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`availabilityZones`](#parameter-systempoolconfigavailabilityzones) | array | The availability zones of the agent pool. | +| [`count`](#parameter-systempoolconfigcount) | int | The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`enableAutoScaling`](#parameter-systempoolconfigenableautoscaling) | bool | Whether to enable auto-scaling for the agent pool. | +| [`enableDefaultTelemetry`](#parameter-systempoolconfigenabledefaulttelemetry) | bool | The enable default telemetry of the agent pool. | +| [`enableEncryptionAtHost`](#parameter-systempoolconfigenableencryptionathost) | bool | Whether to enable encryption at host for the agent pool. | +| [`enableFIPS`](#parameter-systempoolconfigenablefips) | bool | Whether to enable FIPS for the agent pool. | +| [`enableNodePublicIP`](#parameter-systempoolconfigenablenodepublicip) | bool | Whether to enable node public IP for the agent pool. | +| [`enableUltraSSD`](#parameter-systempoolconfigenableultrassd) | bool | Whether to enable Ultra SSD for the agent pool. | +| [`gpuInstanceProfile`](#parameter-systempoolconfiggpuinstanceprofile) | string | The GPU instance profile of the agent pool. | +| [`kubeletDiskType`](#parameter-systempoolconfigkubeletdisktype) | string | The kubelet disk type of the agent pool. | +| [`maxCount`](#parameter-systempoolconfigmaxcount) | int | The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`maxPods`](#parameter-systempoolconfigmaxpods) | int | The maximum number of pods that can run on a node. | +| [`maxSurge`](#parameter-systempoolconfigmaxsurge) | string | The maximum number of nodes that can be created during an upgrade. | +| [`minCount`](#parameter-systempoolconfigmincount) | int | The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). | +| [`minPods`](#parameter-systempoolconfigminpods) | int | The minimum number of pods that can run on a node. | +| [`mode`](#parameter-systempoolconfigmode) | string | The mode of the agent pool. | +| [`nodeLabels`](#parameter-systempoolconfignodelabels) | object | The node labels of the agent pool. | +| [`nodePublicIpPrefixResourceId`](#parameter-systempoolconfignodepublicipprefixresourceid) | string | The node public IP prefix ID of the agent pool. | +| [`nodeTaints`](#parameter-systempoolconfignodetaints) | array | The node taints of the agent pool. | +| [`orchestratorVersion`](#parameter-systempoolconfigorchestratorversion) | string | The Kubernetes version of the agent pool. | +| [`osDiskSizeGB`](#parameter-systempoolconfigosdisksizegb) | int | The OS disk size in GB of the agent pool. | +| [`osDiskType`](#parameter-systempoolconfigosdisktype) | string | The OS disk type of the agent pool. | +| [`osSku`](#parameter-systempoolconfigossku) | string | The OS SKU of the agent pool. | +| [`osType`](#parameter-systempoolconfigostype) | string | The OS type of the agent pool. | +| [`podSubnetResourceId`](#parameter-systempoolconfigpodsubnetresourceid) | string | The pod subnet ID of the agent pool. | +| [`proximityPlacementGroupResourceId`](#parameter-systempoolconfigproximityplacementgroupresourceid) | string | The proximity placement group resource ID of the agent pool. | +| [`scaleDownMode`](#parameter-systempoolconfigscaledownmode) | string | The scale down mode of the agent pool. | +| [`scaleSetEvictionPolicy`](#parameter-systempoolconfigscalesetevictionpolicy) | string | The scale set eviction policy of the agent pool. | +| [`scaleSetPriority`](#parameter-systempoolconfigscalesetpriority) | string | The scale set priority of the agent pool. | +| [`sourceResourceId`](#parameter-systempoolconfigsourceresourceid) | string | The source resource ID to create the agent pool from. | +| [`spotMaxPrice`](#parameter-systempoolconfigspotmaxprice) | int | The spot max price of the agent pool. | +| [`tags`](#parameter-systempoolconfigtags) | object | The tags of the agent pool. | +| [`type`](#parameter-systempoolconfigtype) | string | The type of the agent pool. | +| [`vmSize`](#parameter-systempoolconfigvmsize) | string | The VM size of the agent pool. | +| [`vnetSubnetResourceId`](#parameter-systempoolconfigvnetsubnetresourceid) | string | The VNet subnet ID of the agent pool. | +| [`workloadRuntime`](#parameter-systempoolconfigworkloadruntime) | string | The workload runtime of the agent pool. | + +### Parameter: `systemPoolConfig.name` + +The name of the agent pool. + +- Required: Yes +- Type: string + +### Parameter: `systemPoolConfig.availabilityZones` + +The availability zones of the agent pool. + +- Required: No +- Type: array + +### Parameter: `systemPoolConfig.count` + +The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.enableAutoScaling` + +Whether to enable auto-scaling for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.enableDefaultTelemetry` + +The enable default telemetry of the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.enableEncryptionAtHost` + +Whether to enable encryption at host for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.enableFIPS` + +Whether to enable FIPS for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.enableNodePublicIP` + +Whether to enable node public IP for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.enableUltraSSD` + +Whether to enable Ultra SSD for the agent pool. + +- Required: No +- Type: bool + +### Parameter: `systemPoolConfig.gpuInstanceProfile` + +The GPU instance profile of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'MIG1g' + 'MIG2g' + 'MIG3g' + 'MIG4g' + 'MIG7g' + ] + ``` + +### Parameter: `systemPoolConfig.kubeletDiskType` + +The kubelet disk type of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.maxCount` + +The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.maxPods` + +The maximum number of pods that can run on a node. + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.maxSurge` + +The maximum number of nodes that can be created during an upgrade. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.minCount` + +The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.minPods` + +The minimum number of pods that can run on a node. + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.mode` + +The mode of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'System' + 'User' + ] + ``` + +### Parameter: `systemPoolConfig.nodeLabels` + +The node labels of the agent pool. + +- Required: No +- Type: object + +### Parameter: `systemPoolConfig.nodePublicIpPrefixResourceId` + +The node public IP prefix ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.nodeTaints` + +The node taints of the agent pool. + +- Required: No +- Type: array + +### Parameter: `systemPoolConfig.orchestratorVersion` + +The Kubernetes version of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.osDiskSizeGB` + +The OS disk size in GB of the agent pool. + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.osDiskType` + +The OS disk type of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.osSku` + +The OS SKU of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.osType` + +The OS type of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Linux' + 'Windows' + ] + ``` + +### Parameter: `systemPoolConfig.podSubnetResourceId` + +The pod subnet ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.proximityPlacementGroupResourceId` + +The proximity placement group resource ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.scaleDownMode` + +The scale down mode of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Deallocate' + 'Delete' + ] + ``` + +### Parameter: `systemPoolConfig.scaleSetEvictionPolicy` + +The scale set eviction policy of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Deallocate' + 'Delete' + ] + ``` + +### Parameter: `systemPoolConfig.scaleSetPriority` + +The scale set priority of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Low' + 'Regular' + 'Spot' + ] + ``` + +### Parameter: `systemPoolConfig.sourceResourceId` + +The source resource ID to create the agent pool from. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.spotMaxPrice` + +The spot max price of the agent pool. + +- Required: No +- Type: int + +### Parameter: `systemPoolConfig.tags` + +The tags of the agent pool. + +- Required: No +- Type: object + +### Parameter: `systemPoolConfig.type` + +The type of the agent pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'AvailabilitySet' + 'VirtualMachineScaleSets' + ] + ``` + +### Parameter: `systemPoolConfig.vmSize` + +The VM size of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.vnetSubnetResourceId` + +The VNet subnet ID of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolConfig.workloadRuntime` + +The workload runtime of the agent pool. + +- Required: No +- Type: string + +### Parameter: `systemPoolSize` + +The System Pool Preset sizing. + +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: + ```Bicep + [ + 'CostOptimised' + 'Custom' + 'HighSpec' + 'Standard' + ] + ``` + ### Parameter: `tags` Custom tags to apply to the AKS resources. @@ -1022,6 +1552,7 @@ Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. - Required: No - Type: bool +- Default: `True` ## Outputs @@ -1042,7 +1573,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | | `br/public:avm/res/container-registry/registry:0.5.1` | Remote reference | -| `br/public:avm/res/container-service/managed-cluster:0.3.0` | Remote reference | +| `br/public:avm/res/container-service/managed-cluster:0.4.1` | Remote reference | | `br/public:avm/res/key-vault/vault:0.9.0` | Remote reference | ## Data Collection diff --git a/avm/ptn/azd/aks/main.bicep b/avm/ptn/azd/aks/main.bicep index de942be0ab..6ca5ee2d38 100644 --- a/avm/ptn/azd/aks/main.bicep +++ b/avm/ptn/azd/aks/main.bicep @@ -12,9 +12,6 @@ param name string @maxLength(50) param containerRegistryName string -@description('Required. The name of the connected log analytics workspace.') -param logAnalyticsName string - @description('Required. Name of the Key Vault. Must be globally unique.') @maxLength(24) param keyVaultName string @@ -85,17 +82,11 @@ param dnsServiceIP string? @description('Optional. Specifies the SSH RSA public key string for the Linux nodes.') param sshPublicKey string? -@description('Optional. Specifies whether to enable Azure RBAC for Kubernetes authorization.') -param aadProfileEnableAzureRBAC bool = false - @description('Conditional. Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`.') param appGatewayResourceId string? -@description('Optional. Resource ID of the monitoring log analytics workspace.') -param monitoringWorkspaceResourceId string? - -@description('Optional. Define one or more secondary/additional agent pools.') -param agentPools agentPoolType +@description('Required. Resource ID of the monitoring log analytics workspace.') +param monitoringWorkspaceResourceId string @description('Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the \'acrSku\' to be \'Premium\'.') @allowed([ @@ -104,11 +95,18 @@ param agentPools agentPoolType ]) param publicNetworkAccess string = 'Enabled' +@description('Optional. Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools.') +@allowed([ + 'basic' + 'standard' +]) +param loadBalancerSku string = 'standard' + @description('Optional. Scope maps setting.') param scopeMaps scopeMapsType @description('Optional. Specifies whether the webApplicationRoutingEnabled add-on is enabled or not.') -param webApplicationRoutingEnabled bool? +param webApplicationRoutingEnabled bool = true @description('Optional. Tier of your Azure container registry.') @allowed([ @@ -124,6 +122,63 @@ param containerRegistryRoleName string? @description('Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated.') param aksClusterRoleAssignmentName string? +import {agentPoolType} from 'br/public:avm/res/container-service/managed-cluster:0.4.1' +@description('Optional. Custom configuration of system node pool.') +param systemPoolConfig agentPoolType[]? + +@description('Optional. Custom configuration of user node pool.') +param agentPoolConfig agentPoolType[]? + +@description('Optional. Specifies whether the KeyvaultSecretsProvider add-on is enabled or not.') +param enableKeyvaultSecretsProvider bool = true + +@description('Optional. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled.') +param disableLocalAccounts bool = true + +@allowed([ + 'NodeImage' + 'None' + 'SecurityPatch' + 'Unmanaged' +]) +@description('Optional. Auto-upgrade channel on the Node Os.') +param autoNodeOsUpgradeProfileUpgradeChannel string = 'NodeImage' + +@allowed([ + 'CostOptimised' + 'Standard' + 'HighSpec' + 'Custom' +]) +@description('Optional. The System Pool Preset sizing.') +param systemPoolSize string = 'Standard' + +@allowed([ + '' + 'CostOptimised' + 'Standard' + 'HighSpec' + 'Custom' +]) +@description('Optional. The User Pool Preset sizing.') +param agentPoolSize string = '' + +@description('Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC.') +param enableRbacAuthorization bool = false + +@description('Optional. Provide \'true\' to enable Key Vault\'s purge protection feature.') +param enablePurgeProtection bool = false + +@description('Optional. Specifies if the vault is enabled for deployment by script or compute.') +param enableVaultForDeployment bool = false + +@description('Optional. Specifies if the vault is enabled for a template deployment.') +param enableVaultForTemplateDeployment bool = false + +var systemPoolsConfig = !empty(systemPoolConfig) ? systemPoolConfig : [union({ name: 'npsystem', mode: 'System' }, nodePoolBase, nodePoolPresets[systemPoolSize])] + +var agentPoolsConfig = !empty(agentPoolConfig) ? agentPoolConfig : empty(agentPoolSize) ? null : [union({ name: 'npuser', mode: 'User' }, nodePoolBase, nodePoolPresets[agentPoolSize])] + var aksClusterAdminRole = subscriptionResourceId( 'Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b' @@ -135,16 +190,38 @@ var acrPullRole = subscriptionResourceId( ) var nodePoolPresets = { - vmSize: 'Standard_DS2_v2' - count: 3 - minCount: 3 - maxCount: 5 - enableAutoScaling: true - availabilityZones: [ - '1' - '2' - '3' - ] + CostOptimised: { + vmSize: 'Standard_B4ms' + count: 1 + minCount: 1 + maxCount: 3 + enableAutoScaling: true + availabilityZones: [] + } + Standard: { + vmSize: 'Standard_DS2_v2' + count: 3 + minCount: 3 + maxCount: 5 + enableAutoScaling: true + availabilityZones: [ + 1 + 2 + 3 + ] + } + HighSpec: { + vmSize: 'Standard_D4s_v3' + count: 3 + minCount: 3 + maxCount: 5 + enableAutoScaling: true + availabilityZones: [ + '1' + '2' + '3' + ] + } } var nodePoolBase = { @@ -156,10 +233,6 @@ var nodePoolBase = { } } -var primaryAgentPoolProfile = [ - union({ name: 'npsystem', mode: 'System' }, nodePoolBase, nodePoolPresets) -] - // ============== // // Resources // // ============== // @@ -183,11 +256,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' existing = if (!empty(logAnalyticsName)) { - name: logAnalyticsName -} - -module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.3.0' = { +module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.4.1' = { name: '${uniqueString(deployment().name, location)}-managed-cluster' params: { name: name @@ -203,10 +272,15 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.3.0 dnsServiceIP: dnsServiceIP kubernetesVersion: kubernetesVersion sshPublicKey: sshPublicKey - aadProfileEnableAzureRBAC: aadProfileEnableAzureRBAC skuTier: skuTier appGatewayResourceId: appGatewayResourceId - monitoringWorkspaceId: monitoringWorkspaceResourceId + monitoringWorkspaceResourceId: monitoringWorkspaceResourceId + publicNetworkAccess: publicNetworkAccess + autoNodeOsUpgradeProfileUpgradeChannel: autoNodeOsUpgradeProfileUpgradeChannel + enableKeyvaultSecretsProvider: enableKeyvaultSecretsProvider + webApplicationRoutingEnabled: webApplicationRoutingEnabled + disableLocalAccounts: disableLocalAccounts + loadBalancerSku: loadBalancerSku managedIdentities: { systemAssigned: true } @@ -230,7 +304,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.3.0 enabled: true } ] - workspaceResourceId: !empty(logAnalyticsName) ? logAnalytics.id : '' + workspaceResourceId: monitoringWorkspaceResourceId metricCategories: [ { category: 'AllMetrics' @@ -239,10 +313,9 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.3.0 ] } ] - webApplicationRoutingEnabled: webApplicationRoutingEnabled - primaryAgentPoolProfile: primaryAgentPoolProfile + primaryAgentPoolProfiles: systemPoolsConfig dnsPrefix: dnsPrefix - agentPools: agentPools + agentPools: agentPoolsConfig enableTelemetry: enableTelemetry roleAssignments: [ { @@ -277,7 +350,7 @@ module containerRegistry 'br/public:avm/res/container-registry/registry:0.5.1' = enabled: true } ] - workspaceResourceId: !empty(logAnalyticsName) ? logAnalytics.id : '' + workspaceResourceId: monitoringWorkspaceResourceId metricCategories: [ { category: 'AllMetrics' @@ -301,6 +374,10 @@ module keyVault 'br/public:avm/res/key-vault/vault:0.9.0' = { params: { name: keyVaultName enableTelemetry: enableTelemetry + enableRbacAuthorization: enableRbacAuthorization + enableVaultForDeployment: enableVaultForDeployment + enableVaultForTemplateDeployment: enableVaultForTemplateDeployment + enablePurgeProtection: enablePurgeProtection accessPolicies: [ { objectId: managedCluster.outputs.kubeletIdentityObjectId @@ -341,119 +418,6 @@ output containerRegistryLoginServer string = containerRegistry.outputs.loginServ // Definitions // // =============== // -type agentPoolType = { - @description('Required. The name of the agent pool.') - name: string - - @description('Optional. The availability zones of the agent pool.') - availabilityZones: string[]? - - @description('Optional. The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive).') - count: int? - - @description('Optional. The source resource ID to create the agent pool from.') - sourceResourceId: string? - - @description('Optional. Whether to enable auto-scaling for the agent pool.') - enableAutoScaling: bool? - - @description('Optional. Whether to enable encryption at host for the agent pool.') - enableEncryptionAtHost: bool? - - @description('Optional. Whether to enable FIPS for the agent pool.') - enableFIPS: bool? - - @description('Optional. Whether to enable node public IP for the agent pool.') - enableNodePublicIP: bool? - - @description('Optional. Whether to enable Ultra SSD for the agent pool.') - enableUltraSSD: bool? - - @description('Optional. The GPU instance profile of the agent pool.') - gpuInstanceProfile: ('MIG1g' | 'MIG2g' | 'MIG3g' | 'MIG4g' | 'MIG7g')? - - @description('Optional. The kubelet disk type of the agent pool.') - kubeletDiskType: string? - - @description('Optional. The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive).') - maxCount: int? - - @description('Optional. The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive).') - minCount: int? - - @description('Optional. The maximum number of pods that can run on a node.') - maxPods: int? - - @description('Optional. The minimum number of pods that can run on a node.') - minPods: int? - - @description('Optional. The mode of the agent pool.') - mode: ('System' | 'User')? - - @description('Optional. The node labels of the agent pool.') - nodeLabels: object? - - @description('Optional. The node public IP prefix ID of the agent pool.') - nodePublicIpPrefixId: string? - - @description('Optional. The node taints of the agent pool.') - nodeTaints: string[]? - - @description('Optional. The Kubernetes version of the agent pool.') - orchestratorVersion: string? - - @description('Optional. The OS disk size in GB of the agent pool.') - osDiskSizeGB: int? - - @description('Optional. The OS disk type of the agent pool.') - osDiskType: string? - - @description('Optional. The OS SKU of the agent pool.') - osSku: string? - - @description('Optional. The OS type of the agent pool.') - osType: ('Linux' | 'Windows')? - - @description('Optional. The pod subnet ID of the agent pool.') - podSubnetId: string? - - @description('Optional. The proximity placement group resource ID of the agent pool.') - proximityPlacementGroupResourceId: string? - - @description('Optional. The scale down mode of the agent pool.') - scaleDownMode: ('Delete' | 'Deallocate')? - - @description('Optional. The scale set eviction policy of the agent pool.') - scaleSetEvictionPolicy: ('Delete' | 'Deallocate')? - - @description('Optional. The scale set priority of the agent pool.') - scaleSetPriority: ('Low' | 'Regular' | 'Spot')? - - @description('Optional. The spot max price of the agent pool.') - spotMaxPrice: int? - - @description('Optional. The tags of the agent pool.') - tags: object? - - @description('Optional. The type of the agent pool.') - type: ('AvailabilitySet' | 'VirtualMachineScaleSets')? - - @description('Optional. The maximum number of nodes that can be created during an upgrade.') - maxSurge: string? - - @description('Optional. The VM size of the agent pool.') - vmSize: string? - - @description('Optional. The VNet subnet ID of the agent pool.') - vnetSubnetID: string? - - @description('Optional. The workload runtime of the agent pool.') - workloadRuntime: string? - - @description('Optional. The enable default telemetry of the agent pool.') - enableDefaultTelemetry: bool? -}[]? - type scopeMapsType = { @description('Optional. The name of the scope map.') name: string? diff --git a/avm/ptn/azd/aks/main.json b/avm/ptn/azd/aks/main.json index 6986a11e17..4b3cf60a73 100644 --- a/avm/ptn/azd/aks/main.json +++ b/avm/ptn/azd/aks/main.json @@ -6,318 +6,13 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "5631747890720204830" + "templateHash": "10995240226253882039" }, "name": "Azd AKS", "description": "Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool as well as an additional user agent pool.\n\n**Note:** This module is not intended for broad, generic use, as it was designed to cater for the requirements of the AZD CLI product. Feature requests and bug fix requests are welcome if they support the development of the AZD CLI but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case.", "owner": "Azure/module-maintainers" }, "definitions": { - "agentPoolType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the agent pool." - } - }, - "availabilityZones": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The availability zones of the agent pool." - } - }, - "count": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "sourceResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The source resource ID to create the agent pool from." - } - }, - "enableAutoScaling": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable auto-scaling for the agent pool." - } - }, - "enableEncryptionAtHost": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable encryption at host for the agent pool." - } - }, - "enableFIPS": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable FIPS for the agent pool." - } - }, - "enableNodePublicIP": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable node public IP for the agent pool." - } - }, - "enableUltraSSD": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable Ultra SSD for the agent pool." - } - }, - "gpuInstanceProfile": { - "type": "string", - "allowedValues": [ - "MIG1g", - "MIG2g", - "MIG3g", - "MIG4g", - "MIG7g" - ], - "nullable": true, - "metadata": { - "description": "Optional. The GPU instance profile of the agent pool." - } - }, - "kubeletDiskType": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The kubelet disk type of the agent pool." - } - }, - "maxCount": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "minCount": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "maxPods": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of pods that can run on a node." - } - }, - "minPods": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The minimum number of pods that can run on a node." - } - }, - "mode": { - "type": "string", - "allowedValues": [ - "System", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The mode of the agent pool." - } - }, - "nodeLabels": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. The node labels of the agent pool." - } - }, - "nodePublicIpPrefixId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The node public IP prefix ID of the agent pool." - } - }, - "nodeTaints": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The node taints of the agent pool." - } - }, - "orchestratorVersion": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Kubernetes version of the agent pool." - } - }, - "osDiskSizeGB": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The OS disk size in GB of the agent pool." - } - }, - "osDiskType": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The OS disk type of the agent pool." - } - }, - "osSku": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The OS SKU of the agent pool." - } - }, - "osType": { - "type": "string", - "allowedValues": [ - "Linux", - "Windows" - ], - "nullable": true, - "metadata": { - "description": "Optional. The OS type of the agent pool." - } - }, - "podSubnetId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The pod subnet ID of the agent pool." - } - }, - "proximityPlacementGroupResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The proximity placement group resource ID of the agent pool." - } - }, - "scaleDownMode": { - "type": "string", - "allowedValues": [ - "Deallocate", - "Delete" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale down mode of the agent pool." - } - }, - "scaleSetEvictionPolicy": { - "type": "string", - "allowedValues": [ - "Deallocate", - "Delete" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale set eviction policy of the agent pool." - } - }, - "scaleSetPriority": { - "type": "string", - "allowedValues": [ - "Low", - "Regular", - "Spot" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale set priority of the agent pool." - } - }, - "spotMaxPrice": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The spot max price of the agent pool." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. The tags of the agent pool." - } - }, - "type": { - "type": "string", - "allowedValues": [ - "AvailabilitySet", - "VirtualMachineScaleSets" - ], - "nullable": true, - "metadata": { - "description": "Optional. The type of the agent pool." - } - }, - "maxSurge": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of nodes that can be created during an upgrade." - } - }, - "vmSize": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The VM size of the agent pool." - } - }, - "vnetSubnetID": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The VNet subnet ID of the agent pool." - } - }, - "workloadRuntime": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The workload runtime of the agent pool." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. The enable default telemetry of the agent pool." - } - } - } - }, - "nullable": true - }, "scopeMapsType": { "type": "array", "items": { @@ -349,72 +44,372 @@ } }, "nullable": true - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the parent managed cluster. Required if the template is used in a standalone deployment." - } - }, - "containerRegistryName": { - "type": "string", - "minLength": 5, - "maxLength": 50, - "metadata": { - "description": "Required. Name of your Azure Container Registry." - } - }, - "logAnalyticsName": { - "type": "string", - "metadata": { - "description": "Required. The name of the connected log analytics workspace." - } - }, - "keyVaultName": { - "type": "string", - "maxLength": 24, - "metadata": { - "description": "Required. Name of the Key Vault. Must be globally unique." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Specifies the location of AKS cluster. It picks up Resource Group's location by default." - } }, - "tags": { + "agentPoolType": { "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Custom tags to apply to the AKS resources." - } - }, - "networkPlugin": { - "type": "string", - "defaultValue": "azure", - "allowedValues": [ - "azure", - "kubenet" - ], - "metadata": { - "description": "Optional. Network plugin used for building the Kubernetes network." - } - }, - "networkPolicy": { - "type": "string", - "defaultValue": "azure", - "allowedValues": [ - "azure", - "calico" - ], - "metadata": { - "description": "Optional. Specifies the network policy used for building Kubernetes network. - calico or azure." - } - }, + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the agent pool." + } + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "int" + }, + "nullable": true, + "metadata": { + "description": "Optional. The availability zones of the agent pool." + } + }, + "count": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "sourceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The source resource ID to create the agent pool from." + } + }, + "enableAutoScaling": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable auto-scaling for the agent pool." + } + }, + "enableEncryptionAtHost": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable encryption at host for the agent pool." + } + }, + "enableFIPS": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable FIPS for the agent pool." + } + }, + "enableNodePublicIP": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable node public IP for the agent pool." + } + }, + "enableUltraSSD": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable Ultra SSD for the agent pool." + } + }, + "gpuInstanceProfile": { + "type": "string", + "allowedValues": [ + "MIG1g", + "MIG2g", + "MIG3g", + "MIG4g", + "MIG7g" + ], + "nullable": true, + "metadata": { + "description": "Optional. The GPU instance profile of the agent pool." + } + }, + "kubeletDiskType": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The kubelet disk type of the agent pool." + } + }, + "maxCount": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "minCount": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "maxPods": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of pods that can run on a node." + } + }, + "minPods": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The minimum number of pods that can run on a node." + } + }, + "mode": { + "type": "string", + "allowedValues": [ + "System", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The mode of the agent pool." + } + }, + "nodeLabels": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The node labels of the agent pool." + } + }, + "nodePublicIpPrefixResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The node public IP prefix ID of the agent pool." + } + }, + "nodeTaints": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The node taints of the agent pool." + } + }, + "orchestratorVersion": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Kubernetes version of the agent pool." + } + }, + "osDiskSizeGB": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The OS disk size in GB of the agent pool." + } + }, + "osDiskType": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The OS disk type of the agent pool." + } + }, + "osSku": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The OS SKU of the agent pool." + } + }, + "osType": { + "type": "string", + "allowedValues": [ + "Linux", + "Windows" + ], + "nullable": true, + "metadata": { + "description": "Optional. The OS type of the agent pool." + } + }, + "podSubnetResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The pod subnet ID of the agent pool." + } + }, + "proximityPlacementGroupResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The proximity placement group resource ID of the agent pool." + } + }, + "scaleDownMode": { + "type": "string", + "allowedValues": [ + "Deallocate", + "Delete" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale down mode of the agent pool." + } + }, + "scaleSetEvictionPolicy": { + "type": "string", + "allowedValues": [ + "Deallocate", + "Delete" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale set eviction policy of the agent pool." + } + }, + "scaleSetPriority": { + "type": "string", + "allowedValues": [ + "Low", + "Regular", + "Spot" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale set priority of the agent pool." + } + }, + "spotMaxPrice": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The spot max price of the agent pool." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The tags of the agent pool." + } + }, + "type": { + "type": "string", + "allowedValues": [ + "AvailabilitySet", + "VirtualMachineScaleSets" + ], + "nullable": true, + "metadata": { + "description": "Optional. The type of the agent pool." + } + }, + "maxSurge": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of nodes that can be created during an upgrade." + } + }, + "vmSize": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The VM size of the agent pool." + } + }, + "vnetSubnetResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The VNet subnet ID of the agent pool." + } + }, + "workloadRuntime": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The workload runtime of the agent pool." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. The enable default telemetry of the agent pool." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/container-service/managed-cluster:0.4.1" + } + } + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the parent managed cluster. Required if the template is used in a standalone deployment." + } + }, + "containerRegistryName": { + "type": "string", + "minLength": 5, + "maxLength": 50, + "metadata": { + "description": "Required. Name of your Azure Container Registry." + } + }, + "keyVaultName": { + "type": "string", + "maxLength": 24, + "metadata": { + "description": "Required. Name of the Key Vault. Must be globally unique." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Specifies the location of AKS cluster. It picks up Resource Group's location by default." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Custom tags to apply to the AKS resources." + } + }, + "networkPlugin": { + "type": "string", + "defaultValue": "azure", + "allowedValues": [ + "azure", + "kubenet" + ], + "metadata": { + "description": "Optional. Network plugin used for building the Kubernetes network." + } + }, + "networkPolicy": { + "type": "string", + "defaultValue": "azure", + "allowedValues": [ + "azure", + "calico" + ], + "metadata": { + "description": "Optional. Specifies the network policy used for building Kubernetes network. - calico or azure." + } + }, "dnsPrefix": { "type": "string", "defaultValue": "[parameters('name')]", @@ -524,13 +519,6 @@ "description": "Optional. Specifies the SSH RSA public key string for the Linux nodes." } }, - "aadProfileEnableAzureRBAC": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Specifies whether to enable Azure RBAC for Kubernetes authorization." - } - }, "appGatewayResourceId": { "type": "string", "nullable": true, @@ -540,15 +528,8 @@ }, "monitoringWorkspaceResourceId": { "type": "string", - "nullable": true, "metadata": { - "description": "Optional. Resource ID of the monitoring log analytics workspace." - } - }, - "agentPools": { - "$ref": "#/definitions/agentPoolType", - "metadata": { - "description": "Optional. Define one or more secondary/additional agent pools." + "description": "Required. Resource ID of the monitoring log analytics workspace." } }, "publicNetworkAccess": { @@ -562,6 +543,17 @@ "description": "Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the 'acrSku' to be 'Premium'." } }, + "loadBalancerSku": { + "type": "string", + "defaultValue": "standard", + "allowedValues": [ + "basic", + "standard" + ], + "metadata": { + "description": "Optional. Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools." + } + }, "scopeMaps": { "$ref": "#/definitions/scopeMapsType", "metadata": { @@ -570,7 +562,7 @@ }, "webApplicationRoutingEnabled": { "type": "bool", - "nullable": true, + "defaultValue": true, "metadata": { "description": "Optional. Specifies whether the webApplicationRoutingEnabled add-on is enabled or not." } @@ -600,77 +592,193 @@ "metadata": { "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." } - } - }, - "variables": { - "aksClusterAdminRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b')]", - "acrPullRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')]", - "nodePoolPresets": { - "vmSize": "Standard_DS2_v2", - "count": 3, - "minCount": 3, - "maxCount": 5, - "enableAutoScaling": true, - "availabilityZones": [ - "1", - "2", - "3" - ] }, - "nodePoolBase": { - "osType": "Linux", - "maxPods": 30, - "type": "VirtualMachineScaleSets", - "upgradeSettings": { - "maxSurge": "33%" + "systemPoolConfig": { + "type": "array", + "items": { + "$ref": "#/definitions/agentPoolType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Custom configuration of system node pool." } }, - "primaryAgentPoolProfile": [ - "[union(createObject('name', 'npsystem', 'mode', 'System'), variables('nodePoolBase'), variables('nodePoolPresets'))]" - ] - }, - "resources": { - "avmTelemetry": { - "condition": "[parameters('enableTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.ptn.azd-aks.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [], - "outputs": { - "telemetry": { - "type": "String", - "value": "For more information, see https://aka.ms/avm/TelemetryInfo" - } - } - } + "agentPoolConfig": { + "type": "array", + "items": { + "$ref": "#/definitions/agentPoolType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Custom configuration of user node pool." } }, - "logAnalytics": { - "condition": "[not(empty(parameters('logAnalyticsName')))]", - "existing": true, - "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2021-12-01-preview", - "name": "[parameters('logAnalyticsName')]" + "enableKeyvaultSecretsProvider": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Specifies whether the KeyvaultSecretsProvider add-on is enabled or not." + } }, - "managedCluster": { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-managed-cluster', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('name')]" - }, - "location": { + "disableLocalAccounts": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled." + } + }, + "autoNodeOsUpgradeProfileUpgradeChannel": { + "type": "string", + "defaultValue": "NodeImage", + "allowedValues": [ + "NodeImage", + "None", + "SecurityPatch", + "Unmanaged" + ], + "metadata": { + "description": "Optional. Auto-upgrade channel on the Node Os." + } + }, + "systemPoolSize": { + "type": "string", + "defaultValue": "Standard", + "allowedValues": [ + "CostOptimised", + "Standard", + "HighSpec", + "Custom" + ], + "metadata": { + "description": "Optional. The System Pool Preset sizing." + } + }, + "agentPoolSize": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CostOptimised", + "Standard", + "HighSpec", + "Custom" + ], + "metadata": { + "description": "Optional. The User Pool Preset sizing." + } + }, + "enableRbacAuthorization": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC." + } + }, + "enablePurgeProtection": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Provide 'true' to enable Key Vault's purge protection feature." + } + }, + "enableVaultForDeployment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies if the vault is enabled for deployment by script or compute." + } + }, + "enableVaultForTemplateDeployment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies if the vault is enabled for a template deployment." + } + } + }, + "variables": { + "systemPoolsConfig": "[if(not(empty(parameters('systemPoolConfig'))), parameters('systemPoolConfig'), createArray(union(createObject('name', 'npsystem', 'mode', 'System'), variables('nodePoolBase'), variables('nodePoolPresets')[parameters('systemPoolSize')])))]", + "agentPoolsConfig": "[if(not(empty(parameters('agentPoolConfig'))), parameters('agentPoolConfig'), if(empty(parameters('agentPoolSize')), null(), createArray(union(createObject('name', 'npuser', 'mode', 'User'), variables('nodePoolBase'), variables('nodePoolPresets')[parameters('agentPoolSize')]))))]", + "aksClusterAdminRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b')]", + "acrPullRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')]", + "nodePoolPresets": { + "CostOptimised": { + "vmSize": "Standard_B4ms", + "count": 1, + "minCount": 1, + "maxCount": 3, + "enableAutoScaling": true, + "availabilityZones": [] + }, + "Standard": { + "vmSize": "Standard_DS2_v2", + "count": 3, + "minCount": 3, + "maxCount": 5, + "enableAutoScaling": true, + "availabilityZones": [ + 1, + 2, + 3 + ] + }, + "HighSpec": { + "vmSize": "Standard_D4s_v3", + "count": 3, + "minCount": 3, + "maxCount": 5, + "enableAutoScaling": true, + "availabilityZones": [ + "1", + "2", + "3" + ] + } + }, + "nodePoolBase": { + "osType": "Linux", + "maxPods": 30, + "type": "VirtualMachineScaleSets", + "upgradeSettings": { + "maxSurge": "33%" + } + } + }, + "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.ptn.azd-aks.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, + "managedCluster": { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-managed-cluster', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('name')]" + }, + "location": { "value": "[parameters('location')]" }, "tags": { @@ -706,18 +814,33 @@ "sshPublicKey": { "value": "[parameters('sshPublicKey')]" }, - "aadProfileEnableAzureRBAC": { - "value": "[parameters('aadProfileEnableAzureRBAC')]" - }, "skuTier": { "value": "[parameters('skuTier')]" }, "appGatewayResourceId": { "value": "[parameters('appGatewayResourceId')]" }, - "monitoringWorkspaceId": { + "monitoringWorkspaceResourceId": { "value": "[parameters('monitoringWorkspaceResourceId')]" }, + "publicNetworkAccess": { + "value": "[parameters('publicNetworkAccess')]" + }, + "autoNodeOsUpgradeProfileUpgradeChannel": { + "value": "[parameters('autoNodeOsUpgradeProfileUpgradeChannel')]" + }, + "enableKeyvaultSecretsProvider": { + "value": "[parameters('enableKeyvaultSecretsProvider')]" + }, + "webApplicationRoutingEnabled": { + "value": "[parameters('webApplicationRoutingEnabled')]" + }, + "disableLocalAccounts": { + "value": "[parameters('disableLocalAccounts')]" + }, + "loadBalancerSku": { + "value": "[parameters('loadBalancerSku')]" + }, "managedIdentities": { "value": { "systemAssigned": true @@ -744,7 +867,7 @@ "enabled": true } ], - "workspaceResourceId": "[if(not(empty(parameters('logAnalyticsName'))), resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsName')), '')]", + "workspaceResourceId": "[parameters('monitoringWorkspaceResourceId')]", "metricCategories": [ { "category": "AllMetrics", @@ -754,17 +877,14 @@ } ] }, - "webApplicationRoutingEnabled": { - "value": "[parameters('webApplicationRoutingEnabled')]" - }, - "primaryAgentPoolProfile": { - "value": "[variables('primaryAgentPoolProfile')]" + "primaryAgentPoolProfiles": { + "value": "[variables('systemPoolsConfig')]" }, "dnsPrefix": { "value": "[parameters('dnsPrefix')]" }, "agentPools": { - "value": "[parameters('agentPools')]" + "value": "[variables('agentPoolsConfig')]" }, "enableTelemetry": { "value": "[parameters('enableTelemetry')]" @@ -787,8 +907,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "17708769259435874319" + "version": "0.30.23.60470", + "templateHash": "9290728353306822069" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", @@ -796,310 +916,308 @@ }, "definitions": { "agentPoolType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Required. The name of the agent pool." - } - }, - "availabilityZones": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The availability zones of the agent pool." - } - }, - "count": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "sourceResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The source resource ID to create the agent pool from." - } - }, - "enableAutoScaling": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable auto-scaling for the agent pool." - } - }, - "enableEncryptionAtHost": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable encryption at host for the agent pool." - } - }, - "enableFIPS": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable FIPS for the agent pool." - } - }, - "enableNodePublicIP": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable node public IP for the agent pool." - } - }, - "enableUltraSSD": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Whether to enable Ultra SSD for the agent pool." - } - }, - "gpuInstanceProfile": { - "type": "string", - "allowedValues": [ - "MIG1g", - "MIG2g", - "MIG3g", - "MIG4g", - "MIG7g" - ], - "nullable": true, - "metadata": { - "description": "Optional. The GPU instance profile of the agent pool." - } - }, - "kubeletDiskType": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The kubelet disk type of the agent pool." - } - }, - "maxCount": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "minCount": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." - } - }, - "maxPods": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of pods that can run on a node." - } - }, - "minPods": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The minimum number of pods that can run on a node." - } - }, - "mode": { - "type": "string", - "allowedValues": [ - "System", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The mode of the agent pool." - } - }, - "nodeLabels": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. The node labels of the agent pool." - } - }, - "nodePublicIpPrefixId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The node public IP prefix ID of the agent pool." - } - }, - "nodeTaints": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The node taints of the agent pool." - } - }, - "orchestratorVersion": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Kubernetes version of the agent pool." - } - }, - "osDiskSizeGB": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The OS disk size in GB of the agent pool." - } - }, - "osDiskType": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The OS disk type of the agent pool." - } - }, - "osSku": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The OS SKU of the agent pool." - } - }, - "osType": { - "type": "string", - "allowedValues": [ - "Linux", - "Windows" - ], - "nullable": true, - "metadata": { - "description": "Optional. The OS type of the agent pool." - } - }, - "podSubnetId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The pod subnet ID of the agent pool." - } - }, - "proximityPlacementGroupResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The proximity placement group resource ID of the agent pool." - } - }, - "scaleDownMode": { - "type": "string", - "allowedValues": [ - "Deallocate", - "Delete" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale down mode of the agent pool." - } - }, - "scaleSetEvictionPolicy": { - "type": "string", - "allowedValues": [ - "Deallocate", - "Delete" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale set eviction policy of the agent pool." - } - }, - "scaleSetPriority": { - "type": "string", - "allowedValues": [ - "Low", - "Regular", - "Spot" - ], - "nullable": true, - "metadata": { - "description": "Optional. The scale set priority of the agent pool." - } - }, - "spotMaxPrice": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The spot max price of the agent pool." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. The tags of the agent pool." - } - }, - "type": { - "type": "string", - "allowedValues": [ - "AvailabilitySet", - "VirtualMachineScaleSets" - ], - "nullable": true, - "metadata": { - "description": "Optional. The type of the agent pool." - } - }, - "maxSurge": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The maximum number of nodes that can be created during an upgrade." - } - }, - "vmSize": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The VM size of the agent pool." - } - }, - "vnetSubnetID": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The VNet subnet ID of the agent pool." - } + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the agent pool." + } + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "int" }, - "workloadRuntime": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The workload runtime of the agent pool." - } + "nullable": true, + "metadata": { + "description": "Optional. The availability zones of the agent pool." + } + }, + "count": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "sourceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The source resource ID to create the agent pool from." + } + }, + "enableAutoScaling": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable auto-scaling for the agent pool." + } + }, + "enableEncryptionAtHost": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable encryption at host for the agent pool." + } + }, + "enableFIPS": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable FIPS for the agent pool." + } + }, + "enableNodePublicIP": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable node public IP for the agent pool." + } + }, + "enableUltraSSD": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable Ultra SSD for the agent pool." + } + }, + "gpuInstanceProfile": { + "type": "string", + "allowedValues": [ + "MIG1g", + "MIG2g", + "MIG3g", + "MIG4g", + "MIG7g" + ], + "nullable": true, + "metadata": { + "description": "Optional. The GPU instance profile of the agent pool." + } + }, + "kubeletDiskType": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The kubelet disk type of the agent pool." + } + }, + "maxCount": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "minCount": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The minimum number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive)." + } + }, + "maxPods": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of pods that can run on a node." + } + }, + "minPods": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The minimum number of pods that can run on a node." + } + }, + "mode": { + "type": "string", + "allowedValues": [ + "System", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The mode of the agent pool." + } + }, + "nodeLabels": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The node labels of the agent pool." + } + }, + "nodePublicIpPrefixResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The node public IP prefix ID of the agent pool." + } + }, + "nodeTaints": { + "type": "array", + "items": { + "type": "string" }, - "enableDefaultTelemetry": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. The enable default telemetry of the agent pool." - } + "nullable": true, + "metadata": { + "description": "Optional. The node taints of the agent pool." + } + }, + "orchestratorVersion": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Kubernetes version of the agent pool." + } + }, + "osDiskSizeGB": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The OS disk size in GB of the agent pool." + } + }, + "osDiskType": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The OS disk type of the agent pool." + } + }, + "osSku": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The OS SKU of the agent pool." + } + }, + "osType": { + "type": "string", + "allowedValues": [ + "Linux", + "Windows" + ], + "nullable": true, + "metadata": { + "description": "Optional. The OS type of the agent pool." + } + }, + "podSubnetResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The pod subnet ID of the agent pool." + } + }, + "proximityPlacementGroupResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The proximity placement group resource ID of the agent pool." + } + }, + "scaleDownMode": { + "type": "string", + "allowedValues": [ + "Deallocate", + "Delete" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale down mode of the agent pool." + } + }, + "scaleSetEvictionPolicy": { + "type": "string", + "allowedValues": [ + "Deallocate", + "Delete" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale set eviction policy of the agent pool." + } + }, + "scaleSetPriority": { + "type": "string", + "allowedValues": [ + "Low", + "Regular", + "Spot" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scale set priority of the agent pool." + } + }, + "spotMaxPrice": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The spot max price of the agent pool." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The tags of the agent pool." + } + }, + "type": { + "type": "string", + "allowedValues": [ + "AvailabilitySet", + "VirtualMachineScaleSets" + ], + "nullable": true, + "metadata": { + "description": "Optional. The type of the agent pool." + } + }, + "maxSurge": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The maximum number of nodes that can be created during an upgrade." + } + }, + "vmSize": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The VM size of the agent pool." + } + }, + "vnetSubnetResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The VNet subnet ID of the agent pool." + } + }, + "workloadRuntime": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The workload runtime of the agent pool." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. The enable default telemetry of the agent pool." } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "managedIdentitiesType": { "type": "object", @@ -1122,7 +1240,9 @@ } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "lockType": { "type": "object", @@ -1147,7 +1267,10 @@ } } }, - "nullable": true + "nullable": true, + "metadata": { + "__bicep_export!": true + } }, "roleAssignmentType": { "type": "array", @@ -1220,7 +1343,10 @@ } } }, - "nullable": true + "nullable": true, + "metadata": { + "__bicep_export!": true + } }, "diagnosticSettingType": { "type": "array", @@ -1340,7 +1466,10 @@ } } }, - "nullable": true + "nullable": true, + "metadata": { + "__bicep_export!": true + } }, "fluxConfigurationProtectedSettingsType": { "type": "object", @@ -1353,7 +1482,9 @@ } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "extensionType": { "type": "object", @@ -1415,7 +1546,9 @@ } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "customerManagedKeyType": { "type": "object", @@ -1450,11 +1583,23 @@ } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "maintenanceConfigurationType": { "type": "object", "properties": { + "name": { + "type": "string", + "allowedValues": [ + "aksManagedAutoUpgradeSchedule", + "aksManagedNodeOSUpgradeSchedule" + ], + "metadata": { + "description": "Required. Name of maintenance window." + } + }, "maintenanceWindow": { "type": "object", "metadata": { @@ -1462,7 +1607,9 @@ } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } } }, "parameters": { @@ -1488,6 +1635,7 @@ }, "managedIdentities": { "$ref": "#/definitions/managedIdentitiesType", + "nullable": true, "metadata": { "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." } @@ -1668,6 +1816,9 @@ }, "aadProfileAdminGroupObjectIDs": { "type": "array", + "items": { + "type": "string" + }, "nullable": true, "metadata": { "description": "Optional. Specifies the AAD group object IDs that will have admin role of the cluster." @@ -1696,7 +1847,7 @@ }, "disableLocalAccounts": { "type": "bool", - "defaultValue": false, + "defaultValue": true, "metadata": { "description": "Optional. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled." } @@ -1710,6 +1861,9 @@ }, "authorizedIPRanges": { "type": "array", + "items": { + "type": "string" + }, "nullable": true, "metadata": { "description": "Optional. IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer." @@ -1755,20 +1909,31 @@ "description": "Optional. Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone." } }, - "primaryAgentPoolProfile": { + "primaryAgentPoolProfiles": { "type": "array", + "items": { + "$ref": "#/definitions/agentPoolType" + }, "metadata": { "description": "Required. Properties of the primary agent pool." } }, "agentPools": { - "$ref": "#/definitions/agentPoolType", + "type": "array", + "items": { + "$ref": "#/definitions/agentPoolType" + }, + "nullable": true, "metadata": { "description": "Optional. Define one or more secondary/additional agent pools." } }, - "maintenanceConfiguration": { - "$ref": "#/definitions/maintenanceConfigurationType", + "maintenanceConfigurations": { + "type": "array", + "items": { + "$ref": "#/definitions/maintenanceConfigurationType" + }, + "nullable": true, "metadata": { "description": "Optional. Whether or not to use AKS Automatic mode." } @@ -1921,8 +2086,8 @@ } }, "autoScalerProfileMaxGracefulTerminationSec": { - "type": "string", - "defaultValue": "600", + "type": "int", + "defaultValue": 600, "metadata": { "description": "Optional. Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster." } @@ -1948,8 +2113,8 @@ } }, "autoScalerProfileMaxEmptyBulkDelete": { - "type": "string", - "defaultValue": "10", + "type": "int", + "defaultValue": 10, "metadata": { "description": "Optional. Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster." } @@ -1962,8 +2127,8 @@ } }, "autoScalerProfileMaxTotalUnreadyPercentage": { - "type": "string", - "defaultValue": "45", + "type": "int", + "defaultValue": 45, "metadata": { "description": "Optional. Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0." } @@ -1976,8 +2141,8 @@ } }, "autoScalerProfileOkTotalUnreadyCount": { - "type": "string", - "defaultValue": "3", + "type": "int", + "defaultValue": 3, "metadata": { "description": "Optional. Specifies the OK total unready count for the auto-scaler of the AKS cluster." } @@ -2010,6 +2175,19 @@ "description": "Optional. Auto-upgrade channel on the AKS cluster." } }, + "autoNodeOsUpgradeProfileUpgradeChannel": { + "type": "string", + "defaultValue": "Unmanaged", + "allowedValues": [ + "NodeImage", + "None", + "SecurityPatch", + "Unmanaged" + ], + "metadata": { + "description": "Optional. Auto-upgrade channel on the Node Os." + } + }, "podIdentityProfileAllowNetworkPluginKubenet": { "type": "bool", "defaultValue": false, @@ -2133,7 +2311,7 @@ "description": "Optional. Specifies whether the OMS agent is enabled." } }, - "monitoringWorkspaceId": { + "monitoringWorkspaceResourceId": { "type": "string", "nullable": true, "metadata": { @@ -2175,6 +2353,7 @@ }, "fluxExtension": { "$ref": "#/definitions/extensionType", + "nullable": true, "metadata": { "description": "Optional. Settings and configurations for the flux extension." } @@ -2200,8 +2379,16 @@ "description": "Optional. Enables Kubernetes Event-driven Autoscaling (KEDA)." } }, + "vpaAddon": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Whether to enable VPA add-on in cluster. Default value is false." + } + }, "customerManagedKey": { "$ref": "#/definitions/customerManagedKeyType", + "nullable": true, "metadata": { "description": "Optional. The customer managed key definition." } @@ -2305,7 +2492,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.containerservice-managedcluster.{0}.{1}', replace('0.3.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.containerservice-managedcluster.{0}.{1}', replace('0.4.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2342,12 +2529,12 @@ "tier": "[parameters('skuTier')]" }, "properties": { + "agentPoolProfiles": "[map(parameters('primaryAgentPoolProfiles'), lambda('profile', createObject('name', lambdaVariables('profile').name, 'count', coalesce(lambdaVariables('profile').count, 1), 'availabilityZones', map(coalesce(tryGet(lambdaVariables('profile'), 'availabilityZones'), createArray(1, 2, 3)), lambda('zone', format('{0}', lambdaVariables('zone')))), 'creationData', if(not(empty(tryGet(lambdaVariables('profile'), 'sourceResourceId'))), createObject('sourceResourceId', lambdaVariables('profile').sourceResourceId), null()), 'enableAutoScaling', coalesce(tryGet(lambdaVariables('profile'), 'enableAutoScaling'), false()), 'enableEncryptionAtHost', coalesce(tryGet(lambdaVariables('profile'), 'enableEncryptionAtHost'), false()), 'enableFIPS', coalesce(tryGet(lambdaVariables('profile'), 'enableFIPS'), false()), 'enableNodePublicIP', coalesce(tryGet(lambdaVariables('profile'), 'enableNodePublicIP'), false()), 'enableUltraSSD', coalesce(tryGet(lambdaVariables('profile'), 'enableUltraSSD'), false()), 'gpuInstanceProfile', tryGet(lambdaVariables('profile'), 'gpuInstanceProfile'), 'kubeletDiskType', tryGet(lambdaVariables('profile'), 'kubeletDiskType'), 'maxCount', tryGet(lambdaVariables('profile'), 'maxCount'), 'maxPods', tryGet(lambdaVariables('profile'), 'maxPods'), 'minCount', tryGet(lambdaVariables('profile'), 'minCount'), 'mode', tryGet(lambdaVariables('profile'), 'mode'), 'nodeLabels', tryGet(lambdaVariables('profile'), 'nodeLabels'), 'nodePublicIPPrefixID', tryGet(lambdaVariables('profile'), 'nodePublicIpPrefixResourceId'), 'nodeTaints', tryGet(lambdaVariables('profile'), 'nodeTaints'), 'orchestratorVersion', tryGet(lambdaVariables('profile'), 'orchestratorVersion'), 'osDiskSizeGB', tryGet(lambdaVariables('profile'), 'osDiskSizeGB'), 'osDiskType', tryGet(lambdaVariables('profile'), 'osDiskType'), 'osType', coalesce(tryGet(lambdaVariables('profile'), 'osType'), 'Linux'), 'podSubnetID', tryGet(lambdaVariables('profile'), 'podSubnetResourceId'), 'proximityPlacementGroupID', tryGet(lambdaVariables('profile'), 'proximityPlacementGroupResourceId'), 'scaleDownMode', coalesce(tryGet(lambdaVariables('profile'), 'scaleDownMode'), 'Delete'), 'scaleSetEvictionPolicy', coalesce(tryGet(lambdaVariables('profile'), 'scaleSetEvictionPolicy'), 'Delete'), 'scaleSetPriority', tryGet(lambdaVariables('profile'), 'scaleSetPriority'), 'spotMaxPrice', tryGet(lambdaVariables('profile'), 'spotMaxPrice'), 'tags', tryGet(lambdaVariables('profile'), 'tags'), 'type', tryGet(lambdaVariables('profile'), 'type'), 'upgradeSettings', createObject('maxSurge', tryGet(lambdaVariables('profile'), 'maxSurge')), 'vmSize', coalesce(tryGet(lambdaVariables('profile'), 'vmSize'), 'Standard_D2s_v3'), 'vnetSubnetID', tryGet(lambdaVariables('profile'), 'vnetSubnetResourceId'), 'workloadRuntime', tryGet(lambdaVariables('profile'), 'workloadRuntime'))))]", "httpProxyConfig": "[parameters('httpProxyConfig')]", "identityProfile": "[parameters('identityProfile')]", "diskEncryptionSetID": "[parameters('diskEncryptionSetResourceId')]", "kubernetesVersion": "[parameters('kubernetesVersion')]", "dnsPrefix": "[parameters('dnsPrefix')]", - "agentPoolProfiles": "[parameters('primaryAgentPoolProfile')]", "linuxProfile": "[if(not(empty(parameters('sshPublicKey'))), createObject('adminUsername', parameters('adminUsername'), 'ssh', createObject('publicKeys', createArray(createObject('keyData', coalesce(parameters('sshPublicKey'), ''))))), null())]", "servicePrincipalProfile": "[parameters('aksServicePrincipalProfile')]", "metricsProfile": { @@ -2370,8 +2557,8 @@ "config": "[if(and(parameters('ingressApplicationGatewayEnabled'), not(empty(parameters('appGatewayResourceId')))), createObject('applicationGatewayId', parameters('appGatewayResourceId'), 'effectiveApplicationGatewayId', parameters('appGatewayResourceId')), null())]" }, "omsagent": { - "enabled": "[and(parameters('omsAgentEnabled'), not(empty(parameters('monitoringWorkspaceId'))))]", - "config": "[if(and(parameters('omsAgentEnabled'), not(empty(parameters('monitoringWorkspaceId')))), createObject('logAnalyticsWorkspaceResourceID', parameters('monitoringWorkspaceId')), null())]" + "enabled": "[and(parameters('omsAgentEnabled'), not(empty(parameters('monitoringWorkspaceResourceId'))))]", + "config": "[if(and(parameters('omsAgentEnabled'), not(empty(parameters('monitoringWorkspaceResourceId')))), createObject('logAnalyticsWorkspaceResourceID', parameters('monitoringWorkspaceResourceId')), null())]" }, "aciConnectorLinux": { "enabled": "[parameters('aciConnectorLinuxEnabled')]" @@ -2400,6 +2587,9 @@ "workloadAutoScalerProfile": { "keda": { "enabled": "[parameters('kedaAddon')]" + }, + "verticalPodAutoscaler": { + "enabled": "[parameters('vpaAddon')]" } }, "networkProfile": { @@ -2431,12 +2621,12 @@ "autoScalerProfile": { "balance-similar-node-groups": "[toLower(string(parameters('autoScalerProfileBalanceSimilarNodeGroups')))]", "expander": "[parameters('autoScalerProfileExpander')]", - "max-empty-bulk-delete": "[parameters('autoScalerProfileMaxEmptyBulkDelete')]", - "max-graceful-termination-sec": "[parameters('autoScalerProfileMaxGracefulTerminationSec')]", + "max-empty-bulk-delete": "[format('{0}', parameters('autoScalerProfileMaxEmptyBulkDelete'))]", + "max-graceful-termination-sec": "[format('{0}', parameters('autoScalerProfileMaxGracefulTerminationSec'))]", "max-node-provision-time": "[parameters('autoScalerProfileMaxNodeProvisionTime')]", - "max-total-unready-percentage": "[parameters('autoScalerProfileMaxTotalUnreadyPercentage')]", + "max-total-unready-percentage": "[format('{0}', parameters('autoScalerProfileMaxTotalUnreadyPercentage'))]", "new-pod-scale-up-delay": "[parameters('autoScalerProfileNewPodScaleUpDelay')]", - "ok-total-unready-count": "[parameters('autoScalerProfileOkTotalUnreadyCount')]", + "ok-total-unready-count": "[format('{0}', parameters('autoScalerProfileOkTotalUnreadyCount'))]", "scale-down-delay-after-add": "[parameters('autoScalerProfileScaleDownDelayAfterAdd')]", "scale-down-delay-after-delete": "[parameters('autoScalerProfileScaleDownDelayAfterDelete')]", "scale-down-delay-after-failure": "[parameters('autoScalerProfileScaleDownDelayAfterFailure')]", @@ -2448,7 +2638,8 @@ "skip-nodes-with-system-pods": "[toLower(string(parameters('autoScalerProfileSkipNodesWithSystemPods')))]" }, "autoUpgradeProfile": { - "upgradeChannel": "[parameters('autoUpgradeProfileUpgradeChannel')]" + "upgradeChannel": "[parameters('autoUpgradeProfileUpgradeChannel')]", + "nodeOSUpgradeChannel": "[parameters('autoNodeOsUpgradeProfileUpgradeChannel')]" }, "apiServerAccessProfile": { "authorizedIPRanges": "[parameters('authorizedIPRanges')]", @@ -2458,7 +2649,7 @@ "privateDNSZone": "[parameters('privateDNSZone')]" }, "azureMonitorProfile": { - "containerInsights": "[if(parameters('enableContainerInsights'), createObject('enabled', parameters('enableContainerInsights'), 'logAnalyticsWorkspaceResourceId', if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), null()), 'disableCustomMetrics', parameters('disableCustomMetrics'), 'disablePrometheusMetricsScraping', parameters('disablePrometheusMetricsScraping'), 'syslogPort', parameters('syslogPort')), null())]", + "containerInsights": "[if(parameters('enableContainerInsights'), createObject('enabled', parameters('enableContainerInsights'), 'logAnalyticsWorkspaceResourceId', if(not(empty(parameters('monitoringWorkspaceResourceId'))), parameters('monitoringWorkspaceResourceId'), null()), 'disableCustomMetrics', parameters('disableCustomMetrics'), 'disablePrometheusMetricsScraping', parameters('disablePrometheusMetricsScraping'), 'syslogPort', parameters('syslogPort')), null())]", "metrics": "[if(parameters('enableAzureMonitorProfileMetrics'), createObject('enabled', parameters('enableAzureMonitorProfileMetrics'), 'kubeStateMetrics', createObject('metricLabelsAllowlist', parameters('metricLabelsAllowlist'), 'metricAnnotationsAllowList', parameters('metricAnnotationsAllowList'))), null())]" }, "podIdentityProfile": { @@ -2468,7 +2659,7 @@ "userAssignedIdentityExceptions": "[parameters('podIdentityProfileUserAssignedIdentityExceptions')]" }, "securityProfile": { - "defender": "[if(parameters('enableAzureDefender'), createObject('securityMonitoring', createObject('enabled', parameters('enableAzureDefender')), 'logAnalyticsWorkspaceResourceId', parameters('monitoringWorkspaceId')), null())]", + "defender": "[if(parameters('enableAzureDefender'), createObject('securityMonitoring', createObject('enabled', parameters('enableAzureDefender')), 'logAnalyticsWorkspaceResourceId', parameters('monitoringWorkspaceResourceId')), null())]", "workloadIdentity": "[if(parameters('enableWorkloadIdentity'), createObject('enabled', parameters('enableWorkloadIdentity')), null())]", "imageCleaner": "[if(parameters('enableImageCleaner'), createObject('enabled', parameters('enableImageCleaner'), 'intervalHours', parameters('imageCleanerIntervalHours')), null())]" }, @@ -2590,18 +2781,24 @@ ] }, "managedCluster_maintenanceConfigurations": { - "condition": "[not(empty(parameters('maintenanceConfiguration')))]", + "copy": { + "name": "managedCluster_maintenanceConfigurations", + "count": "[length(coalesce(parameters('maintenanceConfigurations'), createArray()))]" + }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-ManagedCluster-MaintenanceConfigurations', uniqueString(deployment().name, parameters('location')))]", + "name": "[format('{0}-ManagedCluster-MaintenanceConfiguration-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "name": { + "value": "[coalesce(parameters('maintenanceConfigurations'), createArray())[copyIndex()].name]" + }, "maintenanceWindow": { - "value": "[parameters('maintenanceConfiguration').maintenanceWindow]" + "value": "[coalesce(parameters('maintenanceConfigurations'), createArray())[copyIndex()].maintenanceWindow]" }, "managedClusterName": { "value": "[parameters('name')]" @@ -2613,8 +2810,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "12168542117744033419" + "version": "0.30.23.60470", + "templateHash": "2505380725266419010" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations.", @@ -2745,8 +2942,8 @@ "nodeLabels": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'nodeLabels')]" }, - "nodePublicIpPrefixId": { - "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'nodePublicIpPrefixId')]" + "nodePublicIpPrefixResourceId": { + "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'nodePublicIpPrefixResourceId')]" }, "nodeTaints": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'nodeTaints')]" @@ -2766,8 +2963,8 @@ "osType": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'osType')]" }, - "podSubnetId": { - "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'podSubnetId')]" + "podSubnetResourceId": { + "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'podSubnetResourceId')]" }, "proximityPlacementGroupResourceId": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'proximityPlacementGroupResourceId')]" @@ -2796,8 +2993,8 @@ "vmSize": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'vmSize')]" }, - "vnetSubnetId": { - "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'vnetSubnetId')]" + "vnetSubnetResourceId": { + "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'vnetSubnetResourceId')]" }, "workloadRuntime": { "value": "[tryGet(coalesce(parameters('agentPools'), createArray())[copyIndex()], 'workloadRuntime')]" @@ -2810,8 +3007,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "2004205618690542488" + "version": "0.30.23.60470", + "templateHash": "13856766172443517827" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.", @@ -2832,7 +3029,14 @@ }, "availabilityZones": { "type": "array", - "nullable": true, + "items": { + "type": "int" + }, + "defaultValue": [ + 1, + 2, + 3 + ], "metadata": { "description": "Optional. The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is \"VirtualMachineScaleSets\"." } @@ -2944,7 +3148,7 @@ "description": "Optional. The node labels to be persisted across all nodes in agent pool." } }, - "nodePublicIpPrefixId": { + "nodePublicIpPrefixResourceId": { "type": "string", "nullable": true, "metadata": { @@ -3008,11 +3212,11 @@ "description": "Optional. The operating system type. The default is Linux." } }, - "podSubnetId": { + "podSubnetResourceId": { "type": "string", "nullable": true, "metadata": { - "description": "Optional. Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}." + "description": "Optional. Subnet resource ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}." } }, "proximityPlacementGroupResourceId": { @@ -3090,7 +3294,7 @@ "description": "Optional. VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions." } }, - "vnetSubnetId": { + "vnetSubnetResourceId": { "type": "string", "nullable": true, "metadata": { @@ -3117,7 +3321,7 @@ "apiVersion": "2023-07-02-preview", "name": "[format('{0}/{1}', parameters('managedClusterName'), parameters('name'))]", "properties": { - "availabilityZones": "[parameters('availabilityZones')]", + "availabilityZones": "[map(coalesce(parameters('availabilityZones'), createArray()), lambda('zone', format('{0}', lambdaVariables('zone'))))]", "count": "[parameters('count')]", "creationData": "[if(not(empty(parameters('sourceResourceId'))), createObject('sourceResourceId', parameters('sourceResourceId')), null())]", "enableAutoScaling": "[parameters('enableAutoScaling')]", @@ -3132,14 +3336,14 @@ "minCount": "[parameters('minCount')]", "mode": "[parameters('mode')]", "nodeLabels": "[parameters('nodeLabels')]", - "nodePublicIPPrefixID": "[parameters('nodePublicIpPrefixId')]", + "nodePublicIPPrefixID": "[parameters('nodePublicIpPrefixResourceId')]", "nodeTaints": "[parameters('nodeTaints')]", "orchestratorVersion": "[parameters('orchestratorVersion')]", "osDiskSizeGB": "[parameters('osDiskSizeGB')]", "osDiskType": "[parameters('osDiskType')]", "osSKU": "[parameters('osSku')]", "osType": "[parameters('osType')]", - "podSubnetID": "[parameters('podSubnetId')]", + "podSubnetID": "[parameters('podSubnetResourceId')]", "proximityPlacementGroupID": "[parameters('proximityPlacementGroupResourceId')]", "scaleDownMode": "[parameters('scaleDownMode')]", "scaleSetEvictionPolicy": "[parameters('scaleSetEvictionPolicy')]", @@ -3151,7 +3355,7 @@ "maxSurge": "[parameters('maxSurge')]" }, "vmSize": "[parameters('vmSize')]", - "vnetSubnetID": "[parameters('vnetSubnetId')]", + "vnetSubnetID": "[parameters('vnetSubnetResourceId')]", "workloadRuntime": "[parameters('workloadRuntime')]" }, "dependsOn": [ @@ -3750,10 +3954,7 @@ } } } - }, - "dependsOn": [ - "logAnalytics" - ] + } }, "containerRegistry": { "type": "Microsoft.Resources/deployments", @@ -3799,7 +4000,7 @@ "enabled": true } ], - "workspaceResourceId": "[if(not(empty(parameters('logAnalyticsName'))), resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsName')), '')]", + "workspaceResourceId": "[parameters('monitoringWorkspaceResourceId')]", "metricCategories": [ { "category": "AllMetrics", @@ -6445,7 +6646,6 @@ } }, "dependsOn": [ - "logAnalytics", "managedCluster" ] }, @@ -6465,6 +6665,18 @@ "enableTelemetry": { "value": "[parameters('enableTelemetry')]" }, + "enableRbacAuthorization": { + "value": "[parameters('enableRbacAuthorization')]" + }, + "enableVaultForDeployment": { + "value": "[parameters('enableVaultForDeployment')]" + }, + "enableVaultForTemplateDeployment": { + "value": "[parameters('enableVaultForTemplateDeployment')]" + }, + "enablePurgeProtection": { + "value": "[parameters('enablePurgeProtection')]" + }, "accessPolicies": { "value": [ { diff --git a/avm/ptn/azd/aks/tests/e2e/defaults/dependencies.bicep b/avm/ptn/azd/aks/tests/e2e/defaults/dependencies.bicep index 9961f0c426..e80828420c 100644 --- a/avm/ptn/azd/aks/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/azd/aks/tests/e2e/defaults/dependencies.bicep @@ -53,4 +53,4 @@ resource app 'Microsoft.Web/sites@2022-09-01' = { output identityPrincipalId string = app.identity.principalId @description('The resource ID of the created Log Analytics Workspace.') -output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.name +output logAnalyticsResourceId string = logAnalyticsWorkspace.id diff --git a/avm/ptn/azd/aks/tests/e2e/defaults/main.test.bicep b/avm/ptn/azd/aks/tests/e2e/defaults/main.test.bicep index 0d0451cc8d..898e697da5 100644 --- a/avm/ptn/azd/aks/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/azd/aks/tests/e2e/defaults/main.test.bicep @@ -11,15 +11,16 @@ metadata description = 'This instance deploys the module with the minimum set of @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-azd-aks-${serviceShort}-rg' -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'paamin' @description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') param namePrefix string = '#_namePrefix_#' +// Enforced location als not all regions have quota available +#disable-next-line no-hardcoded-location +var enforcedLocation = 'northeurope' + // ============ // // Dependencies // // ============ // @@ -28,14 +29,14 @@ param namePrefix string = '#_namePrefix_#' // ================= resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { name: resourceGroupName - location: resourceLocation + location: enforcedLocation } module nestedDependencies 'dependencies.bicep' = { - name: '${uniqueString(deployment().name, resourceLocation)}-test-dependencies' + name: '${uniqueString(deployment().name, enforcedLocation)}-test-dependencies' scope: resourceGroup params: { - location: resourceLocation + location: enforcedLocation appName: 'dep-${namePrefix}-app-${serviceShort}' appServicePlanName: 'dep-${namePrefix}-apps-${serviceShort}' logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' @@ -50,14 +51,14 @@ module nestedDependencies 'dependencies.bicep' = { module testDeployment '../../../main.bicep' = [ for iteration in ['init', 'idem']: { scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + name: '${uniqueString(deployment().name, enforcedLocation)}-test-${serviceShort}-${iteration}' params: { name: 'mc${uniqueString(deployment().name)}-${serviceShort}' - containerRegistryName: '${uniqueString(deployment().name, resourceLocation)}testcontainerregistry${serviceShort}' - logAnalyticsName: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId + containerRegistryName: '${uniqueString(deployment().name, enforcedLocation)}testcontainerregistry${serviceShort}' keyVaultName: 'kv${uniqueString(deployment().name)}-${serviceShort}' - location: resourceLocation + location: enforcedLocation principalId: nestedDependencies.outputs.identityPrincipalId + monitoringWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsResourceId principalType: 'ServicePrincipal' } } diff --git a/avm/ptn/azd/aks/tests/e2e/max/dependencies.bicep b/avm/ptn/azd/aks/tests/e2e/max/dependencies.bicep index 9961f0c426..e80828420c 100644 --- a/avm/ptn/azd/aks/tests/e2e/max/dependencies.bicep +++ b/avm/ptn/azd/aks/tests/e2e/max/dependencies.bicep @@ -53,4 +53,4 @@ resource app 'Microsoft.Web/sites@2022-09-01' = { output identityPrincipalId string = app.identity.principalId @description('The resource ID of the created Log Analytics Workspace.') -output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.name +output logAnalyticsResourceId string = logAnalyticsWorkspace.id diff --git a/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep b/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep index cc61a356d6..baf7bef490 100644 --- a/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep +++ b/avm/ptn/azd/aks/tests/e2e/max/main.test.bicep @@ -63,7 +63,16 @@ module testDeployment '../../../main.bicep' = [ containerRegistryName: '${uniqueString(deployment().name, enforcedLocation)}testcontainerregistry${serviceShort}' skuTier: 'Free' webApplicationRoutingEnabled: true - agentPools: [ + monitoringWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsResourceId + keyVaultName: 'kv${uniqueString(deployment().name)}-${serviceShort}' + location: enforcedLocation + principalId: nestedDependencies.outputs.identityPrincipalId + acrSku: 'Basic' + dnsPrefix: 'dep-${namePrefix}-dns-${serviceShort}' + principalType: 'ServicePrincipal' + containerRegistryRoleName: containerRegistryRoleName + aksClusterRoleAssignmentName: aksClusterRoleAssignmentName + agentPoolConfig: [ { name: 'npuserpool' mode: 'User' @@ -71,18 +80,26 @@ module testDeployment '../../../main.bicep' = [ maxPods: 30 type: 'VirtualMachineScaleSets' maxSurge: '33%' - vmSize: 'standard_a2_v2' + vmSize: 'Standard_DS2_v2' + } + ] + agentPoolSize: 'Standard' + systemPoolConfig: [ + { + name: 'npsystem' + mode: 'System' + vmSize: 'Standard_DS2_v2' + count: 3 + minCount: 3 + maxCount: 5 + enableAutoScaling: true + availabilityZones: [ + 1 + 2 + 3 + ] } ] - logAnalyticsName: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId - keyVaultName: 'kv${uniqueString(deployment().name)}-${serviceShort}' - location: enforcedLocation - principalId: nestedDependencies.outputs.identityPrincipalId - acrSku: 'Basic' - dnsPrefix: 'dep-${namePrefix}-dns-${serviceShort}' - principalType: 'ServicePrincipal' - containerRegistryRoleName: containerRegistryRoleName - aksClusterRoleAssignmentName: aksClusterRoleAssignmentName } } ]