Skip to content

Commit

Permalink
MSLearn alignment fixes on ARM version (#93)
Browse files Browse the repository at this point in the history
thotheod authored Aug 13, 2023
1 parent 58a5c43 commit 3b6de32
Showing 4 changed files with 5,195 additions and 2,578 deletions.
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
cd scenarios/aca-internal/azure-resource-manager/

# Compile bicep to ARM
az bicep build --file ../bicep/main.bicep --outfile ../azure-resource-manager/main-del.json
az bicep build --file ../bicep/main.bicep --outfile ../azure-resource-manager/main.json

# copy parameters file, and edit it if needed
cp ../bicep/main.parameters.jsonc ../azure-resource-manager/main.parameters.jsonc
142 changes: 127 additions & 15 deletions scenarios/aca-internal/azure-resource-manager/main-portal-ux.json
Original file line number Diff line number Diff line change
@@ -80,6 +80,54 @@
"infoMessages": [],
"visible": true
},
{
"name": "deployZoneRedundantResources",
"type": "Microsoft.Common.DropDown",
"label": "Deploy Zone Redundant Resources",
"subLabel": "",
"defaultValue": "true",
"toolTip": "If true, any resources that support AZ will be deployed in all three AZ. However if the selected region is not supporting AZ, this parameter needs to be set to false",
"constraints": {
"required": true,
"allowedValues": [
{
"label": "true",
"value": true
},
{
"label": "false",
"value": false
}
],
"validations": []
},
"infoMessages": [],
"visible": true
},
{
"name": "deployAzurePolicies",
"type": "Microsoft.Common.DropDown",
"label": "Deploy Azure Policies for Azure Container Apps",
"subLabel": "",
"defaultValue": "true",
"toolTip": "If true, built-in and custom Azure Policies for Azure Container Apps will be deployed in the spoke Resource Group. If false, no Azure Policies will be deployed.",
"constraints": {
"required": true,
"allowedValues": [
{
"label": "true",
"value": true
},
{
"label": "false",
"value": false
}
],
"validations": []
},
"infoMessages": [],
"visible": true
},
{
"name": "location",
"type": "Microsoft.Common.TextBox",
@@ -193,12 +241,12 @@
"visible": true
},
{
"name": "bastionSubnetAddressPrefix",
"name": "gatewaySubnetAddressPrefix",
"type": "Microsoft.Common.TextBox",
"label": "Bastion Subnet Address Prefix",
"label": "Gateway Subnet Address Prefix",
"subLabel": "",
"defaultValue": "10.0.0.128/26",
"toolTip": "CIDR to use for the Azure Bastion subnet.",
"defaultValue": "10.0.0.0/27",
"toolTip": "CIDR to use for the Gateway Subnet.",
"constraints": {
"required": true,
"regex": "",
@@ -209,12 +257,12 @@
"visible": true
},
{
"name": "vmJumpBoxSubnetAddressPrefix",
"name": "azureFirewallSubnetAddressPrefix",
"type": "Microsoft.Common.TextBox",
"label": "VM Jump Box Subnet Address Prefix",
"label": "Azure Firewall Subnet Address Prefix",
"subLabel": "",
"defaultValue": "10.1.2.32/27",
"toolTip": "CIDR to use for the virtual machine subnet.",
"defaultValue": "10.0.0.64/26",
"toolTip": "CIDR to use for the Azure Firewall subnet.",
"constraints": {
"required": true,
"regex": "",
@@ -224,6 +272,22 @@
"infoMessages": [],
"visible": true
},
{
"name": "bastionSubnetAddressPrefix",
"type": "Microsoft.Common.TextBox",
"label": "Bastion Subnet Address Prefix",
"subLabel": "",
"defaultValue": "10.0.0.128/26",
"toolTip": "CIDR to use for the Azure Bastion subnet.",
"constraints": {
"required": true,
"regex": "",
"validationMessage": "",
"validations": []
},
"infoMessages": [],
"visible": true
},
{
"name": "sectionSpoke",
"type": "Microsoft.Common.Section",
@@ -293,6 +357,22 @@
"infoMessages": [],
"visible": true
},
{
"name": "vmJumpBoxSubnetAddressPrefix",
"type": "Microsoft.Common.TextBox",
"label": "VM Jump Box Subnet Address Prefix",
"subLabel": "",
"defaultValue": "10.1.2.32/27",
"toolTip": "CIDR to use for the virtual machine subnet.",
"constraints": {
"required": true,
"regex": "",
"validationMessage": "",
"validations": []
},
"infoMessages": [],
"visible": true
},
{
"name": "spokeApplicationGatewaySubnetAddressPrefix",
"type": "Microsoft.Common.TextBox",
@@ -562,7 +642,34 @@
"infoMessages": [],
"visible": true
},

{
"name": "ddosProtectionMode",
"type": "Microsoft.Common.DropDown",
"label": "Enable DDoS Protection",
"subLabel": "",
"defaultValue": "Enabled",
"toolTip": "DDoS protection mode for the Public IP of the Application Gateway. Allowed values are 'VirtualNetworkInherited', 'Enabled' and 'Disabled'",
"constraints": {
"required": true,
"allowedValues": [
{
"label": "Enabled",
"value": "Enabled"
},
{
"label": "VirtualNetworkInherited",
"value": "VirtualNetworkInherited"
},
{
"label": "Disabled",
"value": "Disabled"
}
],
"validations": []
},
"infoMessages": [],
"visible": true
},

{
"name": "enableTelemetry",
@@ -652,11 +759,15 @@
"parameters": {
"workloadName": "[steps('basics').workloadName]",
"environment": "[steps('basics').environment]",
"deployZoneRedundantResources": "[steps('basics').deployZoneRedundantResources]",
"deployAzurePolicies": "[steps('basics').deployAzurePolicies]",
"location": "[steps('basics').location]",
"hubResourceGroupName": "[steps('basics').hubResourceGroupName]",
"spokeResourceGroupName": "[steps('basics').spokeResourceGroupName]",
"vnetAddressPrefixes": "[steps('networking').vnetAddressPrefixes]",
"vmJumpBoxSubnetAddressPrefix": "[steps('networking').vmJumpBoxSubnetAddressPrefix]",
"gatewaySubnetAddressPrefix": "[steps('networking').gatewaySubnetAddressPrefix]",
"azureFirewallSubnetAddressPrefix": "[steps('networking').azureFirewallSubnetAddressPrefix]",
"bastionSubnetAddressPrefix": "[steps('networking').bastionSubnetAddressPrefix]",
"spokeVNetAddressPrefixes": "[steps('networking').spokeVNetAddressPrefixes]",
"spokeInfraSubnetAddressPrefix": "[steps('networking').spokeInfraSubnetAddressPrefix]",
@@ -666,16 +777,17 @@
"vmAdminUsername": "[if( not( equals(steps('vmsettings').vmJumpboxOSType, 'none') ), steps('vmsettings').vmAdminUsername, 'azureuser')]",
"vmAdminPassword": "[if( not( equals(steps('vmsettings').vmJumpboxOSType, 'none') ), steps('vmsettings').vmAdminPassword.password, 'Pass@word123$' )]",
"vmLinuxSshAuthorizedKeys": "[if ( equals ( steps('vmsettings').vmJumpboxOSType, 'linux'), steps('vmsettings').vmLinuxSshAuthorizedKeys, 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpNpoh248rsraL3uejAwKlla+pHaDLbp4DM7bKFoc3Rt1DeXPs0XTutJcNtq4iRq+ooRQ1T7WaK42MfQQxt3qkXwjyv8lPJ4v7aElWkAbxZIRYVYmQVxxwfw+zyB1rFdaCQD/kISg/zXxCWw+gdds4rEy7eq23/bXFM0l7pNvbAULIB6ZY7MRpC304lIAJusuZC59iwvjT3dWsDNWifA1SJtgr39yaxB9Fb01UdacwJNuvfGC35GNYH0VJ56c+iCFeAnMXIT00cYuHf0FCRTP0WvTKl+PQmeD1pwxefdFvKCVpidU2hOARb4ooapT0SDM1SODqjaZ/qwWP18y/qQ/v imported-openssh-key'])",
"vmJumpboxOSType": "[steps('vmsettings').vmJumpboxOSType]",
"enableBastion": "[steps('flags').enableBastion]",
"enableApplicationInsights": "[steps('flags').enableApplicationInsights]",
"enableDaprInstrumentation": "[steps('flags').enableDaprInstrumentation]",
"deployHelloWorldSample": "[steps('flags').deployHelloWorldSample]",
"vmJumpboxOSType": "[steps('vmsettings').vmJumpboxOSType]",
"applicationGatewayFqdn": "acahello.demoapp.com",
"enableApplicationGatewayCertificate": "true",
"applicationGatewayCertificateKeyName": "agwcert",
"enableBastion": "[steps('flags').enableBastion]",
"enableApplicationInsights": "[steps('flags').enableApplicationInsights]",
"enableDaprInstrumentation": "[steps('flags').enableDaprInstrumentation]",
"deployHelloWorldSample": "[steps('flags').deployHelloWorldSample]",
"enableTelemetry": "[steps('flags').enableTelemetry]",
"deployRedisCache": "[steps('flags').deployRedisCache]"
"deployRedisCache": "[steps('flags').deployRedisCache]",
"ddosProtectionMode": "[steps('flags').ddosProtectionMode]"
},
"kind": "Subscription",
"location": "[steps('basics').resourceScope.location.name]",
7,555 changes: 5,022 additions & 2,533 deletions scenarios/aca-internal/azure-resource-manager/main.json

Large diffs are not rendered by default.

74 changes: 45 additions & 29 deletions scenarios/aca-internal/azure-resource-manager/main.parameters.jsonc
Original file line number Diff line number Diff line change
@@ -4,15 +4,18 @@
"parameters": {
// The name of the workload that is being deployed. Up to 10 characters long. This wil be used as part of the naming convention (i.e. as defined here: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming)
"workloadName": {
"value": "lzaaca"
"value": "lzaaca02"
},
//The name of the environment (e.g. "dev", "test", "prod", "preprod", "staging", "uat", "dr", "qa"). Up to 8 characters long.
"environment": {
"value": "dev"
},
"tags": {
"value": {}
},
},
"enableTelemetry": {
"value": true
},
// The name of the hub resource group to create the resources in. If set, it overrides the name generated by the template.
"hubResourceGroupName": {
"value": ""
@@ -23,10 +26,34 @@
},
"vnetAddressPrefixes": {
"value": ["10.0.0.0/24"]
},
},
"enableBastion": {
"value": true
},
"gatewaySubnetAddressPrefix": {
"value": "10.0.0.0/27"
},
"azureFirewallSubnetAddressPrefix": {
"value": "10.0.0.64/26"
},
"bastionSubnetAddressPrefix": {
"value": "10.0.0.128/26"
},
"value": "10.0.0.128/26"
},
"vmSize": {
"value": "Standard_B2ms"
},
"vmAdminUsername": {
"value": "azureuser"
},
"vmAdminPassword": {
"value": "Password123"
},
"vmLinuxSshAuthorizedKeys": {
"value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpNpoh248rsraL3uejAwKlla+pHaDLbp4DM7bKFoc3Rt1DeXPs0XTutJcNtq4iRq+ooRQ1T7WaK42MfQQxt3qkXwjyv8lPJ4v7aElWkAbxZIRYVYmQVxxwfw+zyB1rFdaCQD/kISg/zXxCWw+gdds4rEy7eq23/bXFM0l7pNvbAULIB6ZY7MRpC304lIAJusuZC59iwvjT3dWsDNWifA1SJtgr39yaxB9Fb01UdacwJNuvfGC35GNYH0VJ56c+iCFeAnMXIT00cYuHf0FCRTP0WvTKl+PQmeD1pwxefdFvKCVpidU2hOARb4ooapT0SDM1SODqjaZ/qwWP18y/qQ/v imported-openssh-key"
},
"vmJumpboxOSType": {
"value": "linux"
},
"vmJumpBoxSubnetAddressPrefix": {
"value": "10.1.2.32/27"
},
@@ -41,22 +68,6 @@
},
"spokeApplicationGatewaySubnetAddressPrefix": {
"value": "10.1.3.0/24"
},
// select one of the following options: (['linux', 'windows', 'none'])
"vmJumpboxOSType": {
"value": "linux"
},
"vmSize": {
"value": "Standard_B2ms"
},
"vmAdminUsername": {
"value": "azureuser"
},
"vmAdminPassword": {
"value": "Password123"
},
"vmLinuxSshAuthorizedKeys": {
"value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpNpoh248rsraL3uejAwKlla+pHaDLbp4DM7bKFoc3Rt1DeXPs0XTutJcNtq4iRq+ooRQ1T7WaK42MfQQxt3qkXwjyv8lPJ4v7aElWkAbxZIRYVYmQVxxwfw+zyB1rFdaCQD/kISg/zXxCWw+gdds4rEy7eq23/bXFM0l7pNvbAULIB6ZY7MRpC304lIAJusuZC59iwvjT3dWsDNWifA1SJtgr39yaxB9Fb01UdacwJNuvfGC35GNYH0VJ56c+iCFeAnMXIT00cYuHf0FCRTP0WvTKl+PQmeD1pwxefdFvKCVpidU2hOARb4ooapT0SDM1SODqjaZ/qwWP18y/qQ/v imported-openssh-key"
},
// If you want to deploy Application Insights, set this to true
"enableApplicationInsights": {
@@ -68,19 +79,16 @@
},
// Set this to true if you want to deploy the sample application and the application gateway
"deployHelloWorldSample": {
"value": false
"value": true
},
// if true Azure Cache for Redis (Premium SKU), together with Private Endpoint and the relavant Private DNS Zone will be deployed
"deployRedisCache": {
"value": false
},
"enableTelemetry": {
"value": true
},
"enableBastion": {
"value": true
// DDoS protection mode for the Public IP of the Application Gateway. allowed values are "VirtualNetworkInherited", "Enabled" and "Disabled"
"ddosProtectionMode": {
"value": "Enabled"
},
/////////////////////////////////////
// The FQDN of the Application Gateway. Must match the TLS Certificate.
"applicationGatewayFqdn": {
"value": "acahello.demoapp.com"
@@ -90,6 +98,14 @@
},
"applicationGatewayCertificateKeyName": {
"value": "agwcert"
}
},
//If true, Azure Policies will be deployed
"deployAzurePolicies": {
"value": true
},
//If true, any resources that support AZ will be deployed in all three AZ. However if the selected region is not supporting AZ, this parameter needs to be set to false.
"deployZoneRedundantResources": {
"value": true
}
}
}

0 comments on commit 3b6de32

Please sign in to comment.