From 9418a5aaed265ec6b8d8de03961515d158a0e39b Mon Sep 17 00:00:00 2001
From: Aaron Wislang
Date: Wed, 28 Aug 2024 19:10:26 -0400
Subject: [PATCH] Deprecate Cloud Native / AKS scenarios to be updated to use
Azure Verified Modules (AVM) (#57)
* Deprecate:
- cloud-native/aks-arm64/
Signed-off-by: Aaron Wislang
* Deprecate:
- cloud-native/aks-bicep/
- cloud-native/aks-bicep-keda/
- cloud-native/webapp-routing/
Remove:
- cloud-native/aks-open-service-mesh/
Signed-off-by: Aaron Wislang
* Remove:
- cloud-native/aks-bicep-k8s/
Signed-off-by: Aaron Wislang
---------
Signed-off-by: Aaron Wislang
---
.github/workflows/publish_bicep_module.yml | 43 -
bicep/modules/azure-cli-script/README.md | 22 -
bicep/modules/azure-cli-script/main.bicep | 62 --
bicep/modules/azure-cli-script/metadata.json | 6 -
.../azure-container-registry/README.MD | 23 -
.../azure-container-registry/main.bicep | 48 -
.../azure-container-registry/metadata.json | 6 -
bicep/modules/azure-cosmos-db/README.md | 21 -
bicep/modules/azure-cosmos-db/main.bicep | 50 -
bicep/modules/azure-cosmos-db/metadata.json | 6 -
bicep/modules/azure-dns/README.md | 18 -
bicep/modules/azure-dns/main.bicep | 20 -
bicep/modules/azure-dns/metadata.json | 6 -
bicep/modules/azure-key-vault/README.md | 20 -
bicep/modules/azure-key-vault/main.bicep | 57 --
bicep/modules/azure-key-vault/metadata.json | 6 -
.../azure-kubernetes-service-addons/README.md | 18 -
.../main.bicep | 18 -
.../metadata.json | 6 -
.../README.md | 20 -
.../main.bicep | 23 -
.../metadata.json | 6 -
.../README.md | 19 -
.../main.bicep | 21 -
.../metadata.json | 6 -
.../README.md | 19 -
.../main.bicep | 25 -
.../metadata.json | 6 -
.../azure-kubernetes-service/README.md | 39 -
.../azure-kubernetes-service/main.bicep | 211 ----
.../azure-kubernetes-service/metadata.json | 6 -
.../azure-log-analytics-workspace/README.md | 17 -
.../azure-log-analytics-workspace/main.bicep | 17 -
.../metadata.json | 6 -
.../README.md | 17 -
.../main.bicep | 370 -------
.../metadata.json | 6 -
.../azure-network-security-group/README.md | 17 -
.../azure-network-security-group/main.bicep | 14 -
.../metadata.json | 6 -
bicep/modules/azure-virtual-network/README.md | 24 -
.../modules/azure-virtual-network/main.bicep | 41 -
.../azure-virtual-network/metadata.json | 6 -
cloud-native/README.md | 7 +-
cloud-native/aks-arm64/README.md | 368 -------
.../aks-arm64/azure-voting-app-deploy.yaml | 94 --
cloud-native/aks-arm64/bicepconfig.json | 10 -
cloud-native/aks-arm64/kustomization.yaml | 8 -
cloud-native/aks-arm64/main.bicep | 128 ---
cloud-native/aks-arm64/main.json | 914 ------------------
cloud-native/aks-bicep-k8s/README.md | 61 --
.../aks-bicep-k8s/aks-deploy-app.bicep | 16 -
cloud-native/aks-bicep-k8s/aks.bicep | 93 --
cloud-native/aks-bicep-k8s/azure-vote.bicep | 150 ---
cloud-native/aks-bicep-k8s/azure-vote.yaml | 85 --
.../aks-bicep-k8s/azure-voting-app-rust.bicep | 165 ----
.../aks-bicep-k8s/azure-voting-app-rust.yaml | 93 --
cloud-native/aks-bicep-k8s/bicepconfig.json | 16 -
.../aks-bicep-k8s/dotnet-vue-starter.bicep | 75 --
.../aks-bicep-k8s/dotnet-vue-starter.yaml | 39 -
cloud-native/aks-bicep-k8s/go.mod | 5 -
cloud-native/aks-bicep-k8s/go.sum | 2 -
cloud-native/aks-bicep-k8s/magefile.go | 277 ------
cloud-native/aks-bicep-k8s/main.bicep | 29 -
cloud-native/aks-bicep-k8s/main.json | 424 --------
cloud-native/aks-bicep-keda/01-aks/README.md | 21 -
.../aks-bicep-keda/01-aks/RESOURCES.md | 5 -
cloud-native/aks-bicep-keda/01-aks/aks.bicep | 139 ---
.../aks-bicep-keda/01-aks/deploy-aks.sh | 6 -
.../01-aks/deploy-deploy-script.sh | 9 -
.../aks-bicep-keda/01-aks/deploy-empty.sh | 6 -
.../aks-bicep-keda/01-aks/deploy-keyvault.sh | 6 -
.../aks-bicep-keda/01-aks/deploy-main.sh | 11 -
.../01-aks/deploy-script-aks.sh | 8 -
.../01-aks/deploy-script-keda.sh | 8 -
.../aks-bicep-keda/01-aks/deploy-script.bicep | 65 --
.../aks-bicep-keda/01-aks/empty.bicep | 1 -
.../aks-bicep-keda/01-aks/keyvault.bicep | 34 -
cloud-native/aks-bicep-keda/01-aks/main.bicep | 31 -
cloud-native/aks-bicep-keda/01-aks/main.json | 365 -------
cloud-native/aks-bicep-keda/02-keda/README.md | 3 -
.../02-keda/deploy/deployment.yaml | 34 -
.../aks-bicep-keda/02-keda/deploy/keda.yaml | 45 -
.../02-keda/deploy/kustomization.yaml | 10 -
.../02-keda/deploy/namespace.yaml | 5 -
.../02-keda/deploy/serviceaccount.yaml | 7 -
.../aks-bicep-keda/03-keda-http/README.md | 67 --
cloud-native/aks-bicep-keda/README.md | 94 --
cloud-native/aks-bicep/01-aks/README.md | 21 -
cloud-native/aks-bicep/01-aks/RESOURCES.md | 5 -
cloud-native/aks-bicep/01-aks/aks.bicep | 139 ---
cloud-native/aks-bicep/01-aks/deploy-aks.sh | 6 -
.../aks-bicep/01-aks/deploy-deploy-script.sh | 9 -
cloud-native/aks-bicep/01-aks/deploy-empty.sh | 6 -
.../aks-bicep/01-aks/deploy-keyvault.sh | 6 -
cloud-native/aks-bicep/01-aks/deploy-main.sh | 11 -
.../aks-bicep/01-aks/deploy-script-aks.sh | 8 -
.../aks-bicep/01-aks/deploy-script-keda.sh | 8 -
.../aks-bicep/01-aks/deploy-script.bicep | 65 --
cloud-native/aks-bicep/01-aks/empty.bicep | 1 -
cloud-native/aks-bicep/01-aks/keyvault.bicep | 34 -
cloud-native/aks-bicep/01-aks/main.bicep | 31 -
cloud-native/aks-bicep/01-aks/main.json | 365 -------
cloud-native/aks-bicep/README.md | 45 -
.../02-deploying-bookstore-app/README.md | 225 -----
.../bookbuyer-ui-ingressbackend.yaml | 15 -
.../bookbuyer-ui.yaml | 35 -
.../02-deploying-bookstore-app/bookbuyer.png | Bin 57396 -> 0 bytes
.../bookstore-ui-ingressbackend.yaml | 15 -
.../bookstore-ui.yaml | 35 -
.../bookstore-v1.png | Bin 42483 -> 0 bytes
.../bookstore_app.png | Bin 24869 -> 0 bytes
.../bookthief-ui-ingressbackend.yaml | 15 -
.../bookthief-ui.yaml | 34 -
.../02-deploying-bookstore-app/bookthief.png | Bin 54135 -> 0 bytes
.../03-applying-zero-trust/README.md | 226 -----
.../bookbuyer-ui-secure-ingress.yaml | 45 -
.../03-applying-zero-trust/bookbuyer.png | Bin 59642 -> 0 bytes
.../bookstore-ui-secure-ingress.yaml | 45 -
.../bookthief-ui-secure-ingress.yaml | 45 -
.../smi-traffic-to-bookstore.yaml | 39 -
.../smi-traffic-to-bookwarehouse.yaml | 31 -
.../smi-traffic-to-mysql.yaml | 27 -
.../04-osm-traffic-splitting/README.md | 134 ---
.../bookstore-split.png | Bin 57825 -> 0 bytes
.../bookstore-ui-v2.yaml | 51 -
.../04-osm-traffic-splitting/bookstore-v2.png | Bin 42379 -> 0 bytes
cloud-native/aks-open-service-mesh/README.md | 275 ------
.../aks-open-service-mesh/bicepconfig.json | 10 -
cloud-native/aks-open-service-mesh/main.bicep | 142 ---
cloud-native/aks-open-service-mesh/main.json | 874 -----------------
cloud-native/aks-webapp-routing/README.md | 404 --------
.../azure-vote-deployment-validation.png | Bin 40669 -> 0 bytes
.../azure-vote-deployment.png | Bin 175872 -> 0 bytes
.../aks-webapp-routing/bicepconfig.json | 10 -
.../aks-webapp-routing/deployment.yaml | 117 ---
.../hello-deployment-2.yaml | 65 --
.../hello-deployment-validation.png | Bin 41039 -> 0 bytes
.../aks-webapp-routing/hello-deployment.png | Bin 198400 -> 0 bytes
cloud-native/aks-webapp-routing/main.bicep | 141 ---
cloud-native/aks-webapp-routing/main.json | 785 ---------------
141 files changed, 3 insertions(+), 10034 deletions(-)
delete mode 100644 .github/workflows/publish_bicep_module.yml
delete mode 100644 bicep/modules/azure-cli-script/README.md
delete mode 100644 bicep/modules/azure-cli-script/main.bicep
delete mode 100644 bicep/modules/azure-cli-script/metadata.json
delete mode 100644 bicep/modules/azure-container-registry/README.MD
delete mode 100644 bicep/modules/azure-container-registry/main.bicep
delete mode 100644 bicep/modules/azure-container-registry/metadata.json
delete mode 100644 bicep/modules/azure-cosmos-db/README.md
delete mode 100644 bicep/modules/azure-cosmos-db/main.bicep
delete mode 100644 bicep/modules/azure-cosmos-db/metadata.json
delete mode 100644 bicep/modules/azure-dns/README.md
delete mode 100644 bicep/modules/azure-dns/main.bicep
delete mode 100644 bicep/modules/azure-dns/metadata.json
delete mode 100644 bicep/modules/azure-key-vault/README.md
delete mode 100644 bicep/modules/azure-key-vault/main.bicep
delete mode 100644 bicep/modules/azure-key-vault/metadata.json
delete mode 100644 bicep/modules/azure-kubernetes-service-addons/README.md
delete mode 100644 bicep/modules/azure-kubernetes-service-addons/main.bicep
delete mode 100644 bicep/modules/azure-kubernetes-service-addons/metadata.json
delete mode 100644 bicep/modules/azure-kubernetes-service-ingress-dns/README.md
delete mode 100644 bicep/modules/azure-kubernetes-service-ingress-dns/main.bicep
delete mode 100644 bicep/modules/azure-kubernetes-service-ingress-dns/metadata.json
delete mode 100644 bicep/modules/azure-kubernetes-service-ingress/README.md
delete mode 100644 bicep/modules/azure-kubernetes-service-ingress/main.bicep
delete mode 100644 bicep/modules/azure-kubernetes-service-ingress/metadata.json
delete mode 100644 bicep/modules/azure-kubernetes-service-nodepools/README.md
delete mode 100644 bicep/modules/azure-kubernetes-service-nodepools/main.bicep
delete mode 100644 bicep/modules/azure-kubernetes-service-nodepools/metadata.json
delete mode 100644 bicep/modules/azure-kubernetes-service/README.md
delete mode 100644 bicep/modules/azure-kubernetes-service/main.bicep
delete mode 100644 bicep/modules/azure-kubernetes-service/metadata.json
delete mode 100644 bicep/modules/azure-log-analytics-workspace/README.md
delete mode 100644 bicep/modules/azure-log-analytics-workspace/main.bicep
delete mode 100644 bicep/modules/azure-log-analytics-workspace/metadata.json
delete mode 100644 bicep/modules/azure-managed-prometheus-grafana-for-aks/README.md
delete mode 100644 bicep/modules/azure-managed-prometheus-grafana-for-aks/main.bicep
delete mode 100644 bicep/modules/azure-managed-prometheus-grafana-for-aks/metadata.json
delete mode 100644 bicep/modules/azure-network-security-group/README.md
delete mode 100644 bicep/modules/azure-network-security-group/main.bicep
delete mode 100644 bicep/modules/azure-network-security-group/metadata.json
delete mode 100644 bicep/modules/azure-virtual-network/README.md
delete mode 100644 bicep/modules/azure-virtual-network/main.bicep
delete mode 100644 bicep/modules/azure-virtual-network/metadata.json
delete mode 100644 cloud-native/aks-arm64/README.md
delete mode 100644 cloud-native/aks-arm64/azure-voting-app-deploy.yaml
delete mode 100644 cloud-native/aks-arm64/bicepconfig.json
delete mode 100644 cloud-native/aks-arm64/kustomization.yaml
delete mode 100644 cloud-native/aks-arm64/main.bicep
delete mode 100644 cloud-native/aks-arm64/main.json
delete mode 100644 cloud-native/aks-bicep-k8s/README.md
delete mode 100644 cloud-native/aks-bicep-k8s/aks-deploy-app.bicep
delete mode 100644 cloud-native/aks-bicep-k8s/aks.bicep
delete mode 100644 cloud-native/aks-bicep-k8s/azure-vote.bicep
delete mode 100644 cloud-native/aks-bicep-k8s/azure-vote.yaml
delete mode 100644 cloud-native/aks-bicep-k8s/azure-voting-app-rust.bicep
delete mode 100644 cloud-native/aks-bicep-k8s/azure-voting-app-rust.yaml
delete mode 100644 cloud-native/aks-bicep-k8s/bicepconfig.json
delete mode 100644 cloud-native/aks-bicep-k8s/dotnet-vue-starter.bicep
delete mode 100644 cloud-native/aks-bicep-k8s/dotnet-vue-starter.yaml
delete mode 100644 cloud-native/aks-bicep-k8s/go.mod
delete mode 100644 cloud-native/aks-bicep-k8s/go.sum
delete mode 100644 cloud-native/aks-bicep-k8s/magefile.go
delete mode 100644 cloud-native/aks-bicep-k8s/main.bicep
delete mode 100644 cloud-native/aks-bicep-k8s/main.json
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/README.md
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/RESOURCES.md
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/aks.bicep
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/deploy-aks.sh
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/deploy-deploy-script.sh
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/deploy-empty.sh
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/deploy-keyvault.sh
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/deploy-main.sh
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/deploy-script-aks.sh
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/deploy-script-keda.sh
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/deploy-script.bicep
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/empty.bicep
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/keyvault.bicep
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/main.bicep
delete mode 100644 cloud-native/aks-bicep-keda/01-aks/main.json
delete mode 100644 cloud-native/aks-bicep-keda/02-keda/README.md
delete mode 100644 cloud-native/aks-bicep-keda/02-keda/deploy/deployment.yaml
delete mode 100644 cloud-native/aks-bicep-keda/02-keda/deploy/keda.yaml
delete mode 100644 cloud-native/aks-bicep-keda/02-keda/deploy/kustomization.yaml
delete mode 100644 cloud-native/aks-bicep-keda/02-keda/deploy/namespace.yaml
delete mode 100644 cloud-native/aks-bicep-keda/02-keda/deploy/serviceaccount.yaml
delete mode 100644 cloud-native/aks-bicep-keda/03-keda-http/README.md
delete mode 100644 cloud-native/aks-bicep-keda/README.md
delete mode 100644 cloud-native/aks-bicep/01-aks/README.md
delete mode 100644 cloud-native/aks-bicep/01-aks/RESOURCES.md
delete mode 100644 cloud-native/aks-bicep/01-aks/aks.bicep
delete mode 100644 cloud-native/aks-bicep/01-aks/deploy-aks.sh
delete mode 100644 cloud-native/aks-bicep/01-aks/deploy-deploy-script.sh
delete mode 100644 cloud-native/aks-bicep/01-aks/deploy-empty.sh
delete mode 100644 cloud-native/aks-bicep/01-aks/deploy-keyvault.sh
delete mode 100644 cloud-native/aks-bicep/01-aks/deploy-main.sh
delete mode 100644 cloud-native/aks-bicep/01-aks/deploy-script-aks.sh
delete mode 100644 cloud-native/aks-bicep/01-aks/deploy-script-keda.sh
delete mode 100644 cloud-native/aks-bicep/01-aks/deploy-script.bicep
delete mode 100644 cloud-native/aks-bicep/01-aks/empty.bicep
delete mode 100644 cloud-native/aks-bicep/01-aks/keyvault.bicep
delete mode 100644 cloud-native/aks-bicep/01-aks/main.bicep
delete mode 100644 cloud-native/aks-bicep/01-aks/main.json
delete mode 100644 cloud-native/aks-bicep/README.md
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/README.md
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer-ui-ingressbackend.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer-ui.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer.png
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookstore-ui-ingressbackend.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookstore-ui.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookstore-v1.png
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookstore_app.png
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookthief-ui-ingressbackend.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookthief-ui.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookthief.png
delete mode 100644 cloud-native/aks-open-service-mesh/03-applying-zero-trust/README.md
delete mode 100644 cloud-native/aks-open-service-mesh/03-applying-zero-trust/bookbuyer-ui-secure-ingress.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/03-applying-zero-trust/bookbuyer.png
delete mode 100644 cloud-native/aks-open-service-mesh/03-applying-zero-trust/bookstore-ui-secure-ingress.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/03-applying-zero-trust/bookthief-ui-secure-ingress.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/03-applying-zero-trust/smi-traffic-to-bookstore.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/03-applying-zero-trust/smi-traffic-to-bookwarehouse.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/03-applying-zero-trust/smi-traffic-to-mysql.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/04-osm-traffic-splitting/README.md
delete mode 100644 cloud-native/aks-open-service-mesh/04-osm-traffic-splitting/bookstore-split.png
delete mode 100644 cloud-native/aks-open-service-mesh/04-osm-traffic-splitting/bookstore-ui-v2.yaml
delete mode 100644 cloud-native/aks-open-service-mesh/04-osm-traffic-splitting/bookstore-v2.png
delete mode 100644 cloud-native/aks-open-service-mesh/README.md
delete mode 100644 cloud-native/aks-open-service-mesh/bicepconfig.json
delete mode 100644 cloud-native/aks-open-service-mesh/main.bicep
delete mode 100644 cloud-native/aks-open-service-mesh/main.json
delete mode 100644 cloud-native/aks-webapp-routing/README.md
delete mode 100644 cloud-native/aks-webapp-routing/azure-vote-deployment-validation.png
delete mode 100644 cloud-native/aks-webapp-routing/azure-vote-deployment.png
delete mode 100644 cloud-native/aks-webapp-routing/bicepconfig.json
delete mode 100644 cloud-native/aks-webapp-routing/deployment.yaml
delete mode 100644 cloud-native/aks-webapp-routing/hello-deployment-2.yaml
delete mode 100644 cloud-native/aks-webapp-routing/hello-deployment-validation.png
delete mode 100644 cloud-native/aks-webapp-routing/hello-deployment.png
delete mode 100644 cloud-native/aks-webapp-routing/main.bicep
delete mode 100644 cloud-native/aks-webapp-routing/main.json
diff --git a/.github/workflows/publish_bicep_module.yml b/.github/workflows/publish_bicep_module.yml
deleted file mode 100644
index e3b0740..0000000
--- a/.github/workflows/publish_bicep_module.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: Publish Bicep modules
-
-on:
- workflow_dispatch:
-
-permissions:
- id-token: write
- contents: read
-
-jobs:
- publish:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
-
- - name: 'Az CLI login'
- uses: azure/login@v1
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
- - name: Install Bicep
- run: |
- az version
- az bicep install
-
- - name: Publish Bicep modules to Azure Container Registry
- run: |
- for d in */
- do
- cd $d
- version="v$(cat metadata.json | jq -r '.version.major').$(cat metadata.json | jq -r '.version.minor')"
- if [ -z "$(az acr repository show -n ${{ secrets.ACR_SERVER }} --image bicep/modules/${d::-1}:$version 2>/dev/null)" ];
- then
- echo "Publishing br:${{ secrets.ACR_SERVER }}/bicep/modules/${d::-1}:$version";
- az bicep publish --file main.bicep --target "br:${{ secrets.ACR_SERVER }}/bicep/modules/${d::-1}:$version";
- else
- echo "Skipping br:${{ secrets.ACR_SERVER }}/bicep/modules/${d::-1}:$version as it already exists";
- fi
- cd - > /dev/null
- done
- working-directory: bicep/modules
diff --git a/bicep/modules/azure-cli-script/README.md b/bicep/modules/azure-cli-script/README.md
deleted file mode 100644
index f9f475f..0000000
--- a/bicep/modules/azure-cli-script/README.md
+++ /dev/null
@@ -1,22 +0,0 @@
-# azure-cli-script
-
-This module deploys a [Microsoft.Resources/deploymentScripts](https://learn.microsoft.com/azure/templates/microsoft.resources/deploymentscripts?pivots=deployment-language-bicep) resource to run Azure CLI commands as part of your deployment. The deployment will create a User-Assigned Managed Identity and it will be granted Contributor permissions to perform actions within your subscription.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-| `azCliVersion` | Azure CLI version | Usually supports latest-1 |
-| `cleanupPreference` | Indicates when to cleanup Azure Container Instance | Defaults to `OnSuccess` |
-| `scriptContent` | Inline Azure CLI script | |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| N/A | |
-
-https://learn.microsoft.com/en-us/azure/templates/microsoft.resources/deploymentscripts?pivots=deployment-language-bicep#azurecliscriptproperties
\ No newline at end of file
diff --git a/bicep/modules/azure-cli-script/main.bicep b/bicep/modules/azure-cli-script/main.bicep
deleted file mode 100644
index f059a0d..0000000
--- a/bicep/modules/azure-cli-script/main.bicep
+++ /dev/null
@@ -1,62 +0,0 @@
-param name string
-param location string
-param tags object
-
-@description('https://learn.microsoft.com/en-us/cli/azure/release-notes-azure-cli')
-param azCliVersion string = '2.40.0'
-
-@allowed([
- 'Always'
- 'OnExpiration'
- 'OnSuccess'
-])
-param cleanupPreference string = 'OnSuccess'
-param scriptContent string
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: 'uid-${name}'
- location: location
-}
-
-// Get the role definition resource by name, to find the name for the role Contributor, you can look
-// it up at the following url: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor
-resource contributorRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
- name: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
- scope: subscription()
-}
-
-resource roleAssignmentDeploymentContributor 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(managedIdentity.id, 'Contributor')
- properties: {
- roleDefinitionId: contributorRoleDefinition.id
- principalId: managedIdentity.properties.principalId
- principalType: 'ServicePrincipal'
- }
-}
-
-resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
- name: name
- location: location
- tags: tags
- identity: {
- type: 'UserAssigned'
- userAssignedIdentities: {
- '${managedIdentity.id}': {}
- }
- }
- kind: 'AzureCLI'
- properties: {
- azCliVersion: azCliVersion
- cleanupPreference: cleanupPreference
- containerSettings: {
- containerGroupName: 'deploymentScript'
- }
- retentionInterval: 'PT1H'
- scriptContent: scriptContent
- timeout: 'PT1H'
- }
-
- dependsOn: [
- roleAssignmentDeploymentContributor
- ]
-}
diff --git a/bicep/modules/azure-cli-script/metadata.json b/bicep/modules/azure-cli-script/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-cli-script/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-container-registry/README.MD b/bicep/modules/azure-container-registry/README.MD
deleted file mode 100644
index c179df1..0000000
--- a/bicep/modules/azure-container-registry/README.MD
+++ /dev/null
@@ -1,23 +0,0 @@
-# azure-container-registry
-
-This module deploys a [Microsoft.ContainerRegistry/registries](https://learn.microsoft.com/azure/templates/microsoft.containerregistry/registries?pivots=deployment-language-bicep) resource using only parameters scoped for these labs.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-| `sku` | SKU to deploy | `'Basic'`
`'Standard'`
`'Premium'`
-| `managedIdentityType` | Managed identity type to assign on the resource | `'SystemAssigned'`
`'UserAssigned'` |
-| `userAssignedIdentities` | List of user assigned identity resource IDs to assign to the resource when the managed identity type is set to `UserAssigned` | Array of resource IDs |
-| `adminUserEnabled` | Enables the admin account | `true` or `false` |
-| `anonymousPullEnabled` | Enables anonymous pull access | `true` or `false` |
-| `publicNetworkAccess` | Enables public network access | `true` or `false` |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| `name` | This is the name of the resource |
diff --git a/bicep/modules/azure-container-registry/main.bicep b/bicep/modules/azure-container-registry/main.bicep
deleted file mode 100644
index 4942591..0000000
--- a/bicep/modules/azure-container-registry/main.bicep
+++ /dev/null
@@ -1,48 +0,0 @@
-param name string
-param location string
-param tags object
-
-@allowed([
- 'Basic'
- 'Standard'
- 'Premium'
-])
-@description('Defaults to Standard')
-param sku string = 'Standard'
-
-@allowed([
- 'SystemAssigned'
- 'UserAssigned'
-])
-@description('Two options are available: SystemAssigned or UserAssigned')
-param managedIdentityType string = 'SystemAssigned'
-
-@description('Required when managed identity type is set to UserAssigned')
-param userAssignedIdentities object = {}
-
-param adminUserEnabled bool = false
-
-param anonymousPullEnabled bool = false
-
-@description('Disableing public network access is not supported for Basic and Standard SKUs')
-param publicNetworkAccess bool = (sku == 'Premium' ? false : true)
-
-resource registry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' = {
- name: name
- location: location
- tags: tags
- sku: {
- name: sku
- }
- identity: {
- type: managedIdentityType
- userAssignedIdentities: managedIdentityType != 'SystemAssigned' ? userAssignedIdentities : null
- }
- properties: {
- adminUserEnabled: adminUserEnabled
- anonymousPullEnabled: anonymousPullEnabled
- publicNetworkAccess: publicNetworkAccess ? 'Enabled' : 'Disabled'
- }
-}
-
-output name string = registry.name
diff --git a/bicep/modules/azure-container-registry/metadata.json b/bicep/modules/azure-container-registry/metadata.json
deleted file mode 100644
index 28e74a8..0000000
--- a/bicep/modules/azure-container-registry/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 2
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-cosmos-db/README.md b/bicep/modules/azure-cosmos-db/README.md
deleted file mode 100644
index 541f032..0000000
--- a/bicep/modules/azure-cosmos-db/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# azure-cosmos-db
-
-This module deploys a [Microsoft.DocumentDB/databaseAccounts](https://learn.microsoft.com/en-us/azure/templates/microsoft.documentdb/databaseaccounts?pivots=deployment-language-bicep) resource using only parameters scoped for these labs.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-| `kind` | Type of database account | `'GlobalDocumentDB'``'MongoDB'` (default)`'Parse'` |
-| `mongoApiVersion` | MongoApi version | `'3.2'``'3.6'``'4.0'``'4.2'` (default) |
-| `managedIdentityType` | Managed identity type to assign on the resource | `'SystemAssigned'`
`'UserAssigned'` |
-| `locations` | Array of geo-replication location objects | See: [locations](https://learn.microsoft.com/azure/templates/microsoft.documentdb/databaseaccounts?pivots=deployment-language-bicep#location) |
-| `userAssignedIdentities` | List of user assigned identity resource IDs to assign to the resource when the managed identity type is set to `UserAssigned` | Array of resource IDs |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
diff --git a/bicep/modules/azure-cosmos-db/main.bicep b/bicep/modules/azure-cosmos-db/main.bicep
deleted file mode 100644
index 1bd0be6..0000000
--- a/bicep/modules/azure-cosmos-db/main.bicep
+++ /dev/null
@@ -1,50 +0,0 @@
-param name string
-param location string
-param tags object
-
-@allowed([
- 'GlobalDocumentDB'
- 'MongoDB'
- 'Parse'
-])
-param kind string = 'MongoDB'
-
-@allowed([
- '3.2'
- '3.6'
- '4.0'
- '4.2'
-])
-param mongoApiVersion string = '4.2'
-
-@allowed([
- 'None'
- 'SystemAssigned'
- 'UserAssigned'
- 'SystemAssigned,UserAssigned'
-])
-param managedIdentityType string = 'SystemAssigned'
-
-@description('Used when managedIdentityType is UserAssigned')
-param userAssignedIdentities object = {}
-
-@description('Array of location objects with the following properties: failoverPriority, isZoneRedundant, locationName')
-param locations array
-
-resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2022-05-15' = {
- name: name
- location: location
- tags: tags
- kind: kind
- identity: {
- type: managedIdentityType
- userAssignedIdentities: empty(userAssignedIdentities) ? null : userAssignedIdentities
- }
- properties: {
- databaseAccountOfferType: 'Standard'
- locations: locations
- apiProperties: kind == 'MongoDB' ? {
- serverVersion: mongoApiVersion
- } : null
- }
-}
diff --git a/bicep/modules/azure-cosmos-db/metadata.json b/bicep/modules/azure-cosmos-db/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-cosmos-db/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-dns/README.md b/bicep/modules/azure-dns/README.md
deleted file mode 100644
index 9322d5c..0000000
--- a/bicep/modules/azure-dns/README.md
+++ /dev/null
@@ -1,18 +0,0 @@
-# azure-dns-zone
-
-This module deploys a [Microsoft.Network/dnsZones](https://learn.microsoft.com/azure/templates/microsoft.network/dnszones?pivots=deployment-language-bicep) resource using only parameters scoped for these labs.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-| `zoneType` | Zone type | `'Public'``'Private'` |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| `id` | Resource identifier |
diff --git a/bicep/modules/azure-dns/main.bicep b/bicep/modules/azure-dns/main.bicep
deleted file mode 100644
index ec62a30..0000000
--- a/bicep/modules/azure-dns/main.bicep
+++ /dev/null
@@ -1,20 +0,0 @@
-param name string
-param location string
-param tags object
-
-@allowed([
- 'Public'
- 'Private'
-])
-param zoneType string
-
-resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
- name: name
- location: location
- tags: tags
- properties: {
- zoneType: zoneType
- }
-}
-
-output id string = dnsZone.id
diff --git a/bicep/modules/azure-dns/metadata.json b/bicep/modules/azure-dns/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-dns/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-key-vault/README.md b/bicep/modules/azure-key-vault/README.md
deleted file mode 100644
index 97b20a0..0000000
--- a/bicep/modules/azure-key-vault/README.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# azure-key-vault
-
-This module deploys a [Microsoft.KeyVault/vaults](https://learn.microsoft.com/azure/templates/microsoft.keyvault/vaults?pivots=deployment-language-bicep) resource using only parameters scoped for these labs. The deployment will set initial access policy for the user that runs the Bicep template and also accepts an array of `resourceAccessPolicies` for additional policy assignments.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-| `sku` | Resource SKU | `premium` or `standard` (default) |
-| `userObjectId` | The user object Id to give full-access to | This is typically the identity that runs the template |
-| `tenantId` | The tenant which the objectIds belong to for access policy assignments | |
-| `accessPolicies` | Array of `accessPolicy` objects | See: [AccessPolicyEntry](https://learn.microsoft.com/azure/templates/microsoft.keyvault/vaults?pivots=deployment-language-bicep#accesspolicyentry) |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
diff --git a/bicep/modules/azure-key-vault/main.bicep b/bicep/modules/azure-key-vault/main.bicep
deleted file mode 100644
index 4b0d568..0000000
--- a/bicep/modules/azure-key-vault/main.bicep
+++ /dev/null
@@ -1,57 +0,0 @@
-param name string
-param location string
-param tags object
-
-@allowed([
- 'premium'
- 'standard'
-])
-param sku string = 'standard'
-
-@description('The object ID of a user, service principal or security group in AAD tenant.')
-param userObjectId string
-param tenantId string
-
-@description('List of AccessPolicyEntry which is used when granting additional permissions for other users or managed identities')
-param accessPolicies array = []
-
-resource vault 'Microsoft.KeyVault/vaults@2022-07-01' = {
- name: name
- location: location
- tags: tags
- properties: {
- accessPolicies: [
- {
- objectId: userObjectId
- permissions: {
- certificates: [
- 'all'
- ]
- keys: [
- 'all'
- ]
- secrets: [
- 'all'
- ]
- storage: [
- 'all'
- ]
- }
- tenantId: tenantId
- }
- ]
- sku: {
- family: 'A'
- name: sku
- }
- tenantId: tenantId
- }
-}
-
-resource resourceAccessPolicies 'Microsoft.KeyVault/vaults/accessPolicies@2022-07-01' = if (!empty(accessPolicies)) {
- name: 'add'
- parent: vault
- properties: {
- accessPolicies: accessPolicies
- }
-}
diff --git a/bicep/modules/azure-key-vault/metadata.json b/bicep/modules/azure-key-vault/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-key-vault/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-kubernetes-service-addons/README.md b/bicep/modules/azure-kubernetes-service-addons/README.md
deleted file mode 100644
index b98c121..0000000
--- a/bicep/modules/azure-kubernetes-service-addons/README.md
+++ /dev/null
@@ -1,18 +0,0 @@
-# azure-kubernetes-service-addons
-
-This module updates an AKS cluster to append add-ons. [`addonProfiles`](https://learn.microsoft.com/azure/templates/microsoft.containerservice/managedclusters?pivots=deployment-language-bicep#managedclusterproperties) are not very well documented.
-
-> This Bicep template will emit warnings due to the `mode: 'Incremental'` setting. This module still works and the warning messaging is being tracked here: https://github.com/Azure/bicep/issues/784
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `clusterId` | Existing cluster resource Id | |
-| `addonProfiles` | Add-ons to enable | No concrete definition so your best bet is to deploy using Azure CLI or Portal and see what the JSON metadata looks like |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
diff --git a/bicep/modules/azure-kubernetes-service-addons/main.bicep b/bicep/modules/azure-kubernetes-service-addons/main.bicep
deleted file mode 100644
index 8d3ccf2..0000000
--- a/bicep/modules/azure-kubernetes-service-addons/main.bicep
+++ /dev/null
@@ -1,18 +0,0 @@
-param location string
-param clusterId string
-
-@description('AKS addons to enable')
-param addonProfiles object
-
-@description('Pull out the cluster name from the resource ID')
-var clusterName = split(clusterId, '/')[8]
-
-resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-08-03-preview' = {
- name: clusterName
- location: location
- properties: {
- mode: 'Incremental'
- id: clusterId
- addonProfiles: addonProfiles
- }
-}
diff --git a/bicep/modules/azure-kubernetes-service-addons/metadata.json b/bicep/modules/azure-kubernetes-service-addons/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-kubernetes-service-addons/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-kubernetes-service-ingress-dns/README.md b/bicep/modules/azure-kubernetes-service-ingress-dns/README.md
deleted file mode 100644
index ab03dc1..0000000
--- a/bicep/modules/azure-kubernetes-service-ingress-dns/README.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# azure-kubernetes-service-ingress-dns
-
-**Work in Progress**
-
-This module will take the `principalId` of the `webapprouting` managed identity resource and assign the "DNS Zone Contributor" to it at the Azure DNS resource scope.
-
-> This Bicep template will emit warnings due to the `mode: 'Incremental'` setting. This module still works and the warning messaging is being tracked here: https://github.com/Azure/bicep/issues/784
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `dnsZoneName` | The DNS zone name used to pull the existing resource for RBAC assignment |
-| `principalId` | The principal id of the user-assigned managed identity that is provisioned in the AKS managed cluster resource group (starts with `MC_*`) | |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| N/A | |
diff --git a/bicep/modules/azure-kubernetes-service-ingress-dns/main.bicep b/bicep/modules/azure-kubernetes-service-ingress-dns/main.bicep
deleted file mode 100644
index 5da4140..0000000
--- a/bicep/modules/azure-kubernetes-service-ingress-dns/main.bicep
+++ /dev/null
@@ -1,23 +0,0 @@
-param dnsZoneName string
-param principalId string
-
-resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' existing = {
- name: dnsZoneName
-}
-
-// Get the role definition resource by name, to find the name for the role DNS Zone Contributor, you can look
-// it up at the following url: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#dns-zone-contributor
-resource dnsZoneContributorRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
- scope: subscription()
- name: 'befefa01-2a29-4197-83a8-272ff33ce314'
-}
-
-resource dnsZoneContributorRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(dnsZone.id, 'DNS Zone Contributor')
- scope: dnsZone
- properties: {
- roleDefinitionId: dnsZoneContributorRoleDefinition.id
- principalId: principalId
- principalType: 'User'
- }
-}
diff --git a/bicep/modules/azure-kubernetes-service-ingress-dns/metadata.json b/bicep/modules/azure-kubernetes-service-ingress-dns/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-kubernetes-service-ingress-dns/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-kubernetes-service-ingress/README.md b/bicep/modules/azure-kubernetes-service-ingress/README.md
deleted file mode 100644
index 4344e58..0000000
--- a/bicep/modules/azure-kubernetes-service-ingress/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# azure-kubernetes-service-ingress
-
-This module updates an AKS cluster to install the `webAppRouting` add-on via `ingressProfile`. [`ingressProfiles`](https://learn.microsoft.com/azure/templates/microsoft.containerservice/managedclusters?pivots=deployment-language-bicep#managedclusteringressprofile) requires a [`webAppRouting`](https://learn.microsoft.com/azure/templates/microsoft.containerservice/managedclusters?pivots=deployment-language-bicep#managedclusteringressprofilewebapprouting) object to enable the managed NGINX ingress controller in the cluster. This object accepts an optional `dnsZoneResourceId` to enable the `external-dns` controller.
-
-> This Bicep template will emit warnings due to the `mode: 'Incremental'` setting. This module still works and the warning messaging is being tracked here: https://github.com/Azure/bicep/issues/784
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `clusterId` | Existing cluster resource Id | |
-| `dnsZoneResourceId` | Azure DNS zone resource identifier | This is optional and not required for `webAppRouting` |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| N/A | |
diff --git a/bicep/modules/azure-kubernetes-service-ingress/main.bicep b/bicep/modules/azure-kubernetes-service-ingress/main.bicep
deleted file mode 100644
index 1dd47ca..0000000
--- a/bicep/modules/azure-kubernetes-service-ingress/main.bicep
+++ /dev/null
@@ -1,21 +0,0 @@
-param location string
-param clusterId string
-param dnsZoneResourceId string = ''
-
-var clusterName = split(clusterId, '/')[8]
-var attachDnsZone = dnsZoneResourceId != ''
-
-resource updateManagedCluster 'Microsoft.ContainerService/managedClusters@2022-08-03-preview' = {
- name: clusterName
- location: location
- properties: {
- mode: 'Incremental'
- id: clusterId
- ingressProfile: {
- webAppRouting: {
- dnsZoneResourceId: attachDnsZone ? dnsZoneResourceId : null
- enabled: true
- }
- }
- }
-}
diff --git a/bicep/modules/azure-kubernetes-service-ingress/metadata.json b/bicep/modules/azure-kubernetes-service-ingress/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-kubernetes-service-ingress/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-kubernetes-service-nodepools/README.md b/bicep/modules/azure-kubernetes-service-nodepools/README.md
deleted file mode 100644
index 6a7bc44..0000000
--- a/bicep/modules/azure-kubernetes-service-nodepools/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# azure-kubernetes-service-nodepools
-
-This module deploys a [Microsoft.ContainerService/managedClusters/agentPools](https://learn.microsoft.com/azure/templates/microsoft.containerservice/managedclusters/agentpools?pivots=deployment-language-bicep) resource using only parameters scoped for these labs.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-| `managedClusterName` | Name of the AKS resource | Resource name |
-| `userNodes` | Array of userNode objects. This is a dynamic object so parameter names will not always match up with template specifications. The Bicep code will iterate through each userNode object and deploy into your AKS resource. | Array of objects |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| N/A | |
diff --git a/bicep/modules/azure-kubernetes-service-nodepools/main.bicep b/bicep/modules/azure-kubernetes-service-nodepools/main.bicep
deleted file mode 100644
index 5f47c18..0000000
--- a/bicep/modules/azure-kubernetes-service-nodepools/main.bicep
+++ /dev/null
@@ -1,25 +0,0 @@
-param managedClusterName string
-param userNodes array
-
-// Get the managed cluster by name
-resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-08-03-preview' existing = {
- name: managedClusterName
-}
-
-resource userNodePools 'Microsoft.ContainerService/managedClusters/agentPools@2024-02-01' = [for i in range(0, length(userNodes)): {
- name: userNodes[i].name
- parent: managedCluster
- properties: {
- vmSize: userNodes[i].vmSize
- mode: userNodes[i].mode
- enableAutoScaling: userNodes[i].enableAutoScaling
- count: contains(userNodes[i], 'maxCount') ? userNodes[i].maxCount : 1
- minCount: userNodes[i].enableAutoScaling && contains(userNodes[i], 'minCount') ? userNodes[i].minCount : null
- maxCount: userNodes[i].enableAutoScaling && contains(userNodes[i], 'maxCount') ? userNodes[i].maxCount : null
- scaleDownMode: userNodes[i].enableAutoScaling && contains(userNodes[i], 'scaleDownMode') ? userNodes[i].scaleDownMode : null
- nodeTaints: empty(userNodes[i].nodeTaints) ? null : userNodes[i].nodeTaints
- type: userNodes[i].type
- osDiskType: userNodes[i].osDiskType
- vnetSubnetID: empty(userNodes[i].vnetSubnetID) ? null : userNodes[i].vnetSubnetID
- }
-}]
diff --git a/bicep/modules/azure-kubernetes-service-nodepools/metadata.json b/bicep/modules/azure-kubernetes-service-nodepools/metadata.json
deleted file mode 100644
index 28e74a8..0000000
--- a/bicep/modules/azure-kubernetes-service-nodepools/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 2
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-kubernetes-service/README.md b/bicep/modules/azure-kubernetes-service/README.md
deleted file mode 100644
index 0de4942..0000000
--- a/bicep/modules/azure-kubernetes-service/README.md
+++ /dev/null
@@ -1,39 +0,0 @@
-# azure-kubernetes-service
-
-This module deploys a [Microsoft.ContainerService/managedClusters](https://learn.microsoft.com/azure/templates/microsoft.containerservice/managedclusters?pivots=deployment-language-bicep) resource using only parameters scoped for these labs.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-| `slaTier` | Defaults to Free tier | `'Free'`
'Paid' |
-| `managedIdentityType` | Two options are available: SystemAssigned or UserAssigned | `'SystemAssigned'`
`'UserAssigned'` |
-| `userAssignedIdentities` | Required when managed identity type is set to UserAssigned | |
-| `kubernetesVersion` | Default is `1.29` | `'1.29'` |
-| `defenderEnabled` | Enables Defender on AKS cluster | `true` or `false` |
-| `imageCleanerEnabled` | Enables ImageCleaner on AKS cluster. | `true` or `false` |
-| `imageCleanerIntervalHours` | ImageCleaner scanning interval in hours | Number |
-| `systemNodeCount` | Number of nodes to deploy in the system node pool | Number |
-| `systemNodeVmSize` | Default system node pool size is `Standard_D2s_v5` | A valid SKU available in your chosen Azure region |
-| `registryName` | Optional parameter to attach AKS cluster to an existing ACR | Name of your registry (you can omit the `azurecr.io` suffix) |
-| `networkPlugin` | Network plugin used for building the Kubernetes network. | `'kubenet'`
`'azure'`
`'none'` |
-| `networkPolicy` | Network policy used for building the Kubernetes network. | `'calico'`
`'azure'` |
-| `loadBalancerSku` | The default is standard | `'Standard'`
`'Basic'` |
-| `dnsServiceIP` | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | `'10.0.0.10'` |
-| `dockerBridgeCidr` | A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. | `'172.17.0.1/16'` |
-| `outboundType` | This can only be set at cluster creation time and cannot be changed later. | `'loadBalancer'`
`'managedNATGateway'`
`'userAssignedNATGateway'`
`'userDefinedRouting'` |
-| `podCidrs` | One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. | `'10.244.0.0/16'` |
-| `serviceCidrs` | One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges. | `'10.0.0.0/16'` |
-| `ipFamilies` | | `'IPv4'`
`'IPv6'` |
-| `vnetSubnetID` | Id of the Vnet to deploy cluster into | |
-| `nodeTaints` | Enable nodeTaints on the system node pool (e.g., [\'CriticalAddonsOnly=true:NoSchedule\']) | |
-| `addonProfiles` | Add-ons to enable | No concrete definition so your best bet is to deploy using Azure CLI or Portal and see what the JSON metadata looks like |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| `name` | This is the name of the AKS resource |
diff --git a/bicep/modules/azure-kubernetes-service/main.bicep b/bicep/modules/azure-kubernetes-service/main.bicep
deleted file mode 100644
index 5f5a1c3..0000000
--- a/bicep/modules/azure-kubernetes-service/main.bicep
+++ /dev/null
@@ -1,211 +0,0 @@
-param name string
-param location string
-param tags object
-
-@allowed([
- 'Free'
- 'Paid'
-])
-@description('Defaults to Free tier')
-param slaTier string = 'Free'
-
-@allowed([
- 'SystemAssigned'
- 'UserAssigned'
-])
-@description('Two options are available: SystemAssigned or UserAssigned')
-param managedIdentityType string = 'SystemAssigned'
-
-@description('Required when managed identity type is set to UserAssigned')
-param userAssignedIdentities object = {}
-
-@description('Default is 1.29')
-param kubernetesVersion string = '1.29'
-
-param defenderEnabled bool = false
-
-param imageCleanerEnabled bool = false
-param imageCleanerIntervalHours int = 12
-
-param systemNodeCount int = 3
-
-@description('Default system node pool size is Standard_D2s_v5')
-param systemNodeVmSize string = 'Standard_D2s_v5'
-
-@description('Optional parameter to attach AKS cluster to an existing ACR')
-param registryName string = ''
-
-@allowed([
- 'kubenet'
- 'azure'
- 'none'
-])
-@description('Network plugin used for building the Kubernetes network.')
-param networkPlugin string = 'kubenet'
-
-@allowed([
- 'calico'
- 'azure'
-])
-@description('Network policy used for building the Kubernetes network.')
-param networkPolicy string = 'calico'
-
-@allowed([
- 'Standard'
- 'Basic'
-])
-@description('The default is standard.')
-param loadBalancerSku string = 'Standard'
-
-@description('An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.')
-param dnsServiceIP string = '10.0.0.10'
-
-@description('A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range.')
-param dockerBridgeCidr string = '172.17.0.1/16'
-
-@description('Resource ID of log analytics workspace for auditing')
-param logAnalyticsWorkspaceResourceId string = ''
-
-@allowed([
- 'loadBalancer'
- 'managedNATGateway'
- 'userAssignedNATGateway'
- 'userDefinedRouting'
-])
-@description('This can only be set at cluster creation time and cannot be changed later.')
-param outboundType string = 'loadBalancer'
-
-@description('One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking.')
-param podCidrs array = [
- '10.244.0.0/16'
-]
-
-@description('One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges.')
-param serviceCidrs array = [
- '10.0.0.0/16'
-]
-
-@allowed([
- 'IPv4'
- 'IPv6'
-])
-param ipFamilies array = [
- 'IPv4'
-]
-
-@description('If the cluster is using azure network plugin, then you can pass in the subnet resource ID like this `vnet.outputs.subnetId`; otherwise, leave it empty')
-param vnetSubnetID string = ''
-
-@description('Enable nodeTaints on the system node pool (e.g., [\'CriticalAddonsOnly=true:NoSchedule\'])')
-param nodeTaints array = []
-
-@description('AKS addons to enable')
-param addonProfiles object = {}
-
-param enablePrometheusMetrics bool = false
-param prometheusMetricLabelsAllowlist string = ''
-param prometheusMetricAnnotationsAllowList string = ''
-
-resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-08-03-preview' = {
- name: name
- location: location
- tags: tags
- sku: {
- name: 'Basic'
- tier: slaTier
- }
- identity: {
- type: managedIdentityType
- userAssignedIdentities: managedIdentityType == 'UserAssigned' ? userAssignedIdentities : null
- }
- properties: {
- kubernetesVersion: kubernetesVersion
- dnsPrefix: name
- azureMonitorProfile: enablePrometheusMetrics ? {
- metrics: {
- enabled: true // Requires Microsoft.ContainerService/AKS-PrometheusAddonPreview
- kubeStateMetrics: {
- metricLabelsAllowlist: prometheusMetricLabelsAllowlist
- metricAnnotationsAllowList: prometheusMetricAnnotationsAllowList
- }
- }
- } : null
- networkProfile: {
- networkPlugin: networkPlugin
- networkPolicy: networkPolicy
- loadBalancerSku: loadBalancerSku
- dnsServiceIP: dnsServiceIP
- dockerBridgeCidr: dockerBridgeCidr
- outboundType: outboundType
- podCidrs: podCidrs
- serviceCidrs: serviceCidrs
- ipFamilies: ipFamilies
- }
- agentPoolProfiles: [
- {
- name: 'system'
- count: systemNodeCount
- vmSize: systemNodeVmSize
- mode: 'System'
- vnetSubnetID: empty(vnetSubnetID) ? null : vnetSubnetID
- nodeTaints: empty(nodeTaints) ? null : nodeTaints
- }
- ]
- securityProfile: {
- defender: {
- securityMonitoring: {
- enabled: defenderEnabled
- }
- }
- imageCleaner: {
- enabled: imageCleanerEnabled
- intervalHours: imageCleanerIntervalHours
- }
- }
- addonProfiles: addonProfiles
- }
-}
-
-// Get the registry by name
-resource registry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' existing = if (registryName != '') {
- name: registryName
-}
-
-// Get the role definition resource by name, to find the name for the role AcrPull, you can look
-// it up at the following url: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#acrpull
-resource acrPullRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = if (registryName != '') {
- scope: subscription()
- name: '7f951dda-4ed3-4680-a7ca-43fe172d538d'
-}
-
-// Give the kubelet user assigned managed identity the AcrPull permissions to pull containers from ACR
-resource acrPullRoleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (registryName != '') {
- name: guid(managedCluster.id, registryName)
- scope: registry
- properties: {
- principalId: managedCluster.properties.identityProfile.kubeletidentity.objectId
- roleDefinitionId: acrPullRoleDefinition.id
- }
-}
-
-// Get the role definition resource by name, to find the name for the role Contributor, you can look
-// it up at the following url: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor
-resource contributorRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
- scope: subscription()
- name: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
-}
-
-// Give the managedCluster identity the Contributor permissions
-resource contribtorRoleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
- name: guid(managedCluster.id, resourceGroup().id)
- scope: resourceGroup()
- properties: {
- principalId: managedCluster.identity.principalId
- roleDefinitionId: contributorRoleDefinition.id
- }
-}
-
-output name string = managedCluster.name
-output id string = managedCluster.id
-output kubeletIdentityObjectId string = managedCluster.properties.identityProfile.kubeletidentity.objectId
-output nodeResourceGroupName string = managedCluster.properties.nodeResourceGroup
diff --git a/bicep/modules/azure-kubernetes-service/metadata.json b/bicep/modules/azure-kubernetes-service/metadata.json
deleted file mode 100644
index 28e74a8..0000000
--- a/bicep/modules/azure-kubernetes-service/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 2
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-log-analytics-workspace/README.md b/bicep/modules/azure-log-analytics-workspace/README.md
deleted file mode 100644
index 8630572..0000000
--- a/bicep/modules/azure-log-analytics-workspace/README.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# azure-log-analytics-workspace
-
-This module deploys a [Microsoft.OperationalInsights/workspaces](https://learn.microsoft.com/azure/templates/microsoft.operationalinsights/workspaces?pivots=deployment-language-bicep) resource.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| `id` | This is the id of the virtual network resource |
diff --git a/bicep/modules/azure-log-analytics-workspace/main.bicep b/bicep/modules/azure-log-analytics-workspace/main.bicep
deleted file mode 100644
index c7297b0..0000000
--- a/bicep/modules/azure-log-analytics-workspace/main.bicep
+++ /dev/null
@@ -1,17 +0,0 @@
-param name string
-param location string
-param tags object
-
-resource workspace 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' = {
- name: name
- location: location
- tags: tags
- properties: {
- retentionInDays: 30
- sku: {
- name: 'PerGB2018'
- }
- }
-}
-
-output id string = workspace.id
diff --git a/bicep/modules/azure-log-analytics-workspace/metadata.json b/bicep/modules/azure-log-analytics-workspace/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-log-analytics-workspace/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-managed-prometheus-grafana-for-aks/README.md b/bicep/modules/azure-managed-prometheus-grafana-for-aks/README.md
deleted file mode 100644
index 94fd15e..0000000
--- a/bicep/modules/azure-managed-prometheus-grafana-for-aks/README.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# azure-managed-prometheus-grafana-for-aks
-
-This module deploys a [Microsoft.Dashboard/grafana](https://learn.microsoft.com/en-us/azure/templates/microsoft.dashboard/grafana?pivots=deployment-language-bicep) resource using only parameters scoped for these labs.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-
diff --git a/bicep/modules/azure-managed-prometheus-grafana-for-aks/main.bicep b/bicep/modules/azure-managed-prometheus-grafana-for-aks/main.bicep
deleted file mode 100644
index 515521a..0000000
--- a/bicep/modules/azure-managed-prometheus-grafana-for-aks/main.bicep
+++ /dev/null
@@ -1,370 +0,0 @@
-param name string
-
-@allowed([
- 'eastus2euap'
- 'centraluseuap'
- 'centralus'
- 'eastus'
- 'eastus2'
- 'northeurope'
- 'southcentralus'
- 'southeastasia'
- 'uksouth'
- 'westeurope'
- 'westus'
- 'westus2'
-])
-param location string
-
-param tags object
-
-@allowed([
- 'SystemAssigned'
- 'UserAssigned'
-])
-@description('Two options are available: SystemAssigned or UserAssigned')
-param managedIdentityType string = 'SystemAssigned'
-
-@description('Required when managed identity type is set to UserAssigned')
-param userAssignedIdentities object = {}
-
-param publicNetworkAccess bool = true
-
-param zoneRedundancy bool = false
-
-param clusterName string
-
-param metricLabelsAllowlist string = ''
-param metricAnnotationsAllowList string = ''
-
-param userObjectId string
-
-resource monitor 'microsoft.monitor/accounts@2021-06-03-preview' = {
- name: name
- location: location
-}
-
-resource dataCollectionEndpoint 'Microsoft.Insights/dataCollectionEndpoints@2021-09-01-preview' = {
- name: 'MSPROM-${clusterName}-${location}'
- location: location
- kind: 'Linux'
- properties: {
- }
-}
-
-resource dataCollectionRule 'Microsoft.Insights/dataCollectionRules@2021-09-01-preview' = {
- name: 'MSPROM-${clusterName}-${location}'
- location: location
- kind: 'Linux'
- properties: {
- dataCollectionEndpointId: dataCollectionEndpoint.id
- dataFlows: [
- {
- destinations: [
- 'MonitoringAccount1'
- ]
- streams: [
- 'Microsoft-PrometheusMetrics'
- ]
- }
- ]
- dataSources: {
- prometheusForwarder: [
- {
- name: 'PrometheusDataSource'
- streams: [
- 'Microsoft-PrometheusMetrics'
- ]
- labelIncludeFilter: {
- }
- }
- ]
- }
- description: 'Data collection rule for Azure Monitor Metrics Profile (Managed Prometheus)'
- destinations: {
- monitoringAccounts: [
- {
- accountResourceId: monitor.id
- name: 'MonitoringAccount1'
- }
- ]
- }
- }
-}
-
-resource dataCollectionRuleAssociation 'Microsoft.ContainerService/managedClusters/providers/dataCollectionRuleAssociations@2021-09-01-preview' = {
- name: '${clusterName}/microsoft.insights/MSPROM-${clusterName}--${location}'
- location: location
- properties: {
- description: 'Association of data collection rule. Deleting this association will break the data collection for this AKS Cluster.'
- dataCollectionRuleId: dataCollectionRule.id
- }
-
- dependsOn: [
- dataCollectionEndpoint
- ]
-}
-
-resource cluster 'Microsoft.ContainerService/managedClusters@2022-07-02-preview' existing = {
- name: clusterName
-}
-
-resource azureMonitorProfile 'Microsoft.ContainerService/managedClusters@2022-07-02-preview' = {
- name: clusterName
- location: location
- properties: {
- mode: 'Incremental'
- id: cluster.id
- azureMonitorProfile: {
- metrics: {
- enabled: true
- kubeStateMetrics: {
- metricLabelsAllowlist: metricLabelsAllowlist
- metricAnnotationsAllowList: metricAnnotationsAllowList
- }
- }
- }
- }
-
- dependsOn: [
- cluster
- dataCollectionRuleAssociation
- ]
-}
-
-resource nodeRecordingRuleGroup 'Microsoft.AlertsManagement/prometheusRuleGroups@2021-07-22-preview' = {
- name: 'NodeRecordingRulesRuleGroup-${clusterName}'
- location: location
- properties: {
- description: 'Node Recording Rules RuleGroup - 0.1'
- scopes: [
- monitor.id
- ]
- clusterName: clusterName
- interval: 'PT1M'
- rules: [
- {
- record: 'instance:node_num_cpu:sum'
- expression: 'count without (cpu, mode) ( node_cpu_seconds_total{job="node",mode="idle"})'
- }
- {
- record: 'instance:node_cpu_utilisation:rate5m'
- expression: '1 - avg without (cpu) ( sum without (mode) (rate(node_cpu_seconds_total{job="node", mode=~"idle|iowait|steal"}[5m])))'
- }
- {
- record: 'instance:node_load1_per_cpu:ratio'
- expression: '( node_load1{job="node"}/ instance:node_num_cpu:sum{job="node"})'
- }
- {
- record: 'instance:node_memory_utilisation:ratio'
- expression: '1 - ( ( node_memory_MemAvailable_bytes{job="node"} or ( node_memory_Buffers_bytes{job="node"} + node_memory_Cached_bytes{job="node"} + node_memory_MemFree_bytes{job="node"} + node_memory_Slab_bytes{job="node"} ) )/ node_memory_MemTotal_bytes{job="node"})'
- }
- {
- record: 'instance:node_vmstat_pgmajfault:rate5m'
- expression: 'rate(node_vmstat_pgmajfault{job="node"}[5m])'
- }
- {
- record: 'instance_device:node_disk_io_time_seconds:rate5m'
- expression: 'rate(node_disk_io_time_seconds_total{job="node", device!=""}[5m])'
- }
- {
- record: 'instance_device:node_disk_io_time_weighted_seconds:rate5m'
- expression: 'rate(node_disk_io_time_weighted_seconds_total{job="node", device!=""}[5m])'
- }
- {
- record: 'instance:node_network_receive_bytes_excluding_lo:rate5m'
- expression: 'sum without (device) ( rate(node_network_receive_bytes_total{job="node", device!="lo"}[5m]))'
- }
- {
- record: 'instance:node_network_transmit_bytes_excluding_lo:rate5m'
- expression: 'sum without (device) ( rate(node_network_transmit_bytes_total{job="node", device!="lo"}[5m]))'
- }
- {
- record: 'instance:node_network_receive_drop_excluding_lo:rate5m'
- expression: 'sum without (device) ( rate(node_network_receive_drop_total{job="node", device!="lo"}[5m]))'
- }
- {
- record: 'instance:node_network_transmit_drop_excluding_lo:rate5m'
- expression: 'sum without (device) ( rate(node_network_transmit_drop_total{job="node", device!="lo"}[5m]))'
- }
- ]
- }
-}
-
-resource kubernetesRecordingRuleGroup 'Microsoft.AlertsManagement/prometheusRuleGroups@2021-07-22-preview' = {
- name: 'KubernetesReccordingRulesRuleGroup-${clusterName}'
- location: location
- properties: {
- description: 'Kubernetes Recording Rules RuleGroup - 0.1'
- scopes: [
- monitor.id
- ]
- clusterName: clusterName
- interval: 'PT1M'
- rules: [
- {
- record: 'node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate'
- expression: 'sum by (cluster, namespace, pod, container) ( irate(container_cpu_usage_seconds_total{job="cadvisor", image!=""}[5m])) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) ( 1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}))'
- }
- {
- record: 'node_namespace_pod_container:container_memory_working_set_bytes'
- expression: 'container_memory_working_set_bytes{job="cadvisor", image!=""}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=""}))'
- }
- {
- record: 'node_namespace_pod_container:container_memory_rss'
- expression: 'container_memory_rss{job="cadvisor", image!=""}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=""}))'
- }
- {
- record: 'node_namespace_pod_container:container_memory_cache'
- expression: 'container_memory_cache{job="cadvisor", image!=""}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=""}))'
- }
- {
- record: 'node_namespace_pod_container:container_memory_swap'
- expression: 'container_memory_swap{job="cadvisor", image!=""}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=""}))'
- }
- {
- record: 'cluster:namespace:pod_memory:active:kube_pod_container_resource_requests'
- expression: 'kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ( (kube_pod_status_phase{phase=~"Pending|Running"} == 1))'
- }
- {
- record: 'namespace_memory:kube_pod_container_resource_requests:sum'
- expression: 'sum by (namespace, cluster) ( sum by (namespace, pod, cluster) ( max by (namespace, pod, container, cluster) ( kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ))'
- }
- {
- record: 'cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests'
- expression: 'kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ( (kube_pod_status_phase{phase=~"Pending|Running"} == 1))'
- }
- {
- record: 'namespace_cpu:kube_pod_container_resource_requests:sum'
- expression: 'sum by (namespace, cluster) ( sum by (namespace, pod, cluster) ( max by (namespace, pod, container, cluster) ( kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ))'
- }
- {
- record: 'cluster:namespace:pod_memory:active:kube_pod_container_resource_limits'
- expression: 'kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ( (kube_pod_status_phase{phase=~"Pending|Running"} == 1))'
- }
- {
- record: 'namespace_memory:kube_pod_container_resource_limits:sum'
- expression: 'sum by (namespace, cluster) ( sum by (namespace, pod, cluster) ( max by (namespace, pod, container, cluster) ( kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ))'
- }
- {
- record: 'cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits'
- expression: 'kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ( (kube_pod_status_phase{phase=~"Pending|Running"} == 1) )'
- }
- {
- record: 'namespace_cpu:kube_pod_container_resource_limits:sum'
- expression: 'sum by (namespace, cluster) ( sum by (namespace, pod, cluster) ( max by (namespace, pod, container, cluster) ( kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ))'
- }
- {
- record: 'namespace_workload_pod:kube_pod_owner:relabel'
- expression: 'max by (cluster, namespace, workload, pod) ( label_replace( label_replace( kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"}, "replicaset", "$1", "owner_name", "(.*)" ) * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) ( 1, max by (replicaset, namespace, owner_name) ( kube_replicaset_owner{job="kube-state-metrics"} ) ), "workload", "$1", "owner_name", "(.*)" ))'
- labels: {
- workload_type: 'deployment'
- }
- }
- {
- record: 'namespace_workload_pod:kube_pod_owner:relabel'
- expression: 'max by (cluster, namespace, workload, pod) ( label_replace( kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"}, "workload", "$1", "owner_name", "(.*)" ))'
- labels: {
- workload_type: 'daemonset'
- }
- }
- {
- record: 'namespace_workload_pod:kube_pod_owner:relabel'
- expression: 'max by (cluster, namespace, workload, pod) ( label_replace( kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"}, "workload", "$1", "owner_name", "(.*)" ))'
- labels: {
- workload_type: 'statefulset'
- }
- }
- {
- record: 'namespace_workload_pod:kube_pod_owner:relabel'
- expression: 'max by (cluster, namespace, workload, pod) ( label_replace( kube_pod_owner{job="kube-state-metrics", owner_kind="Job"}, "workload", "$1", "owner_name", "(.*)" ))'
- labels: {
- workload_type: 'job'
- }
- }
- {
- record: ':node_memory_MemAvailable_bytes:sum'
- expression: 'sum( node_memory_MemAvailable_bytes{job="node"} or ( node_memory_Buffers_bytes{job="node"} + node_memory_Cached_bytes{job="node"} + node_memory_MemFree_bytes{job="node"} + node_memory_Slab_bytes{job="node"} )) by (cluster)'
- }
- {
- record: 'cluster:node_cpu:ratio_rate5m'
- expression: 'sum(rate(node_cpu_seconds_total{job="node",mode!="idle",mode!="iowait",mode!="steal"}[5m])) by (cluster) /count(sum(node_cpu_seconds_total{job="node"}) by (cluster, instance, cpu)) by (cluster)'
- }
- ]
- }
-}
-
-resource grafana 'Microsoft.Dashboard/grafana@2022-08-01' = {
- name: name
- location: location
- tags: tags
- sku: {
- name: 'Standard'
- }
- identity: {
- type: managedIdentityType
- userAssignedIdentities: managedIdentityType == 'UserAssigned' ? userAssignedIdentities : null
- }
- properties: {
- apiKey: 'Enabled'
- autoGeneratedDomainNameLabelScope: 'TenantReuse'
- deterministicOutboundIP: 'Enabled'
- grafanaIntegrations: {
- azureMonitorWorkspaceIntegrations: [
- {
- azureMonitorWorkspaceResourceId: monitor.id
- }
- ]
- }
- publicNetworkAccess: publicNetworkAccess ? 'Enabled' : 'Disabled'
- zoneRedundancy: zoneRedundancy ? 'Enabled' : 'Disabled'
- }
-}
-
-@description('This is the built-in Monitoring Reader role.')
-resource monitoringReaderRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
- scope: subscription()
- name: '43d0d8ad-25c7-4714-9337-8ba259a9fe05' //Monitoring Reader
-}
-
-resource monitoringReaderRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
- name: guid(resourceGroup().id, grafana.id)
- scope: resourceGroup()
- properties: {
- roleDefinitionId: monitoringReaderRoleDefinition.id
- principalId: grafana.identity.principalId
- principalType: 'ServicePrincipal'
- }
-}
-
-@description('This is the built-in Monitoring Data Reader role.')
-resource monitoringDataReaderRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
- scope: subscription()
- name: 'b0d8363b-8ddd-447d-831f-62ca05bff136' //Monitoring Data Reader
-}
-
-resource monitorDataReaderRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
- name: guid(monitor.id, grafana.id)
- scope: monitor
- properties: {
- roleDefinitionId: monitoringDataReaderRoleDefinition.id
- principalId: grafana.identity.principalId
- principalType: 'ServicePrincipal'
- }
-}
-
-@description('This is the built-in Grafana Admin role.')
-resource grafanaAdminRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
- scope: subscription()
- name: '22926164-76b3-42b3-bc55-97df8dab3e41' //Grafana Admin
-}
-
-resource grafanaAdminRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
- name: guid(grafana.id, userObjectId)
- scope: grafana
- properties: {
- roleDefinitionId: grafanaAdminRoleDefinition.id
- principalId: userObjectId
- principalType: 'User'
- }
-}
diff --git a/bicep/modules/azure-managed-prometheus-grafana-for-aks/metadata.json b/bicep/modules/azure-managed-prometheus-grafana-for-aks/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-managed-prometheus-grafana-for-aks/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-network-security-group/README.md b/bicep/modules/azure-network-security-group/README.md
deleted file mode 100644
index ce336da..0000000
--- a/bicep/modules/azure-network-security-group/README.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# azure-network-security-group
-
-This module deploys a [Microsoft.Network/networkSecurityGroups](https://learn.microsoft.com/azure/templates/microsoft.network/networksecuritygroups?pivots=deployment-language-bicep) resource using only parameters scoped for these labs.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| `id` | This is the id of the resource |
diff --git a/bicep/modules/azure-network-security-group/main.bicep b/bicep/modules/azure-network-security-group/main.bicep
deleted file mode 100644
index 8f43dca..0000000
--- a/bicep/modules/azure-network-security-group/main.bicep
+++ /dev/null
@@ -1,14 +0,0 @@
-param name string
-param tags object
-param location string
-
-resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2022-01-01' = {
- name: name
- location: location
- properties: {
- securityRules: []
- }
- tags: tags
-}
-
-output id string = networkSecurityGroup.id
diff --git a/bicep/modules/azure-network-security-group/metadata.json b/bicep/modules/azure-network-security-group/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-network-security-group/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/bicep/modules/azure-virtual-network/README.md b/bicep/modules/azure-virtual-network/README.md
deleted file mode 100644
index 3434f99..0000000
--- a/bicep/modules/azure-virtual-network/README.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# azure-virtual-network
-
-This module deploys a [Microsoft.Network/virtualNetworks](https://learn.microsoft.com/azure/templates/microsoft.network/virtualnetworks?pivots=deployment-language-bicep) resource with a single [Microsoft.Network/virtualNetworks/subnets](https://learn.microsoft.com/azure/templates/microsoft.network/virtualnetworks/subnets?pivots=deployment-language-bicep) resource using only parameters scoped for these labs.
-
-## Inputs
-
-| Name | Description | Expected Value |
-|------|-------------|----------------|
-| `name` | This is the name of the resource | Whatever you want |
-| `location` | Region to deploy resource into | Azure region that offers this resource |
-| `tags` | Tags | Object of key/value pairs |
-| `vnetAddressPrefix` | Network CIDR range | Ex: 10.21.0.0/16 |
-| `snetAddressPrefix` | Subnet CIDR range | Ex: 10.21.0.0/24 |
-| `snetName` | Name of the subnet | Whatever you want |
-| `networkSecurityGroupId` | Resource ID of the network security group. This will be associated to the subnet | Resource ID |
-| `dnsServer` | Optionally, set a DNS server IP or leave empty to use Azure DNS | IP address or empty string |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| `id` | This is the id of the virtual network resource |
-| `name` | This is the name of the virtual network resource |
-| `subnetId` | This is the id of the subnet resource |
diff --git a/bicep/modules/azure-virtual-network/main.bicep b/bicep/modules/azure-virtual-network/main.bicep
deleted file mode 100644
index 0685e23..0000000
--- a/bicep/modules/azure-virtual-network/main.bicep
+++ /dev/null
@@ -1,41 +0,0 @@
-param name string
-param location string
-param tags object
-param vnetAddressPrefix string
-param snetAddressPrefix string
-param snetName string
-param networkSecurityGroupId string
-param dnsServer string
-
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
- name: name
- location: location
- tags: tags
- properties: {
- addressSpace: {
- addressPrefixes: [
- vnetAddressPrefix
- ]
- }
- dhcpOptions: (!empty(dnsServer) ? {
- dnsServers: [
- dnsServer
- ]
- } : null)
- subnets: [
- {
- name: snetName
- properties: {
- addressPrefix: snetAddressPrefix
- networkSecurityGroup: {
- id: networkSecurityGroupId
- }
- }
- }
- ]
- }
-}
-
-output id string = virtualNetwork.id
-output name string = virtualNetwork.name
-output subnetId string = virtualNetwork.properties.subnets[0].id
diff --git a/bicep/modules/azure-virtual-network/metadata.json b/bicep/modules/azure-virtual-network/metadata.json
deleted file mode 100644
index 7dd04c0..0000000
--- a/bicep/modules/azure-virtual-network/metadata.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "version": {
- "major": 0,
- "minor": 1
- }
-}
\ No newline at end of file
diff --git a/cloud-native/README.md b/cloud-native/README.md
index 9678adb..8f793fb 100644
--- a/cloud-native/README.md
+++ b/cloud-native/README.md
@@ -13,12 +13,11 @@
## Azure Kubernetes Service
-- [Lab: Explore KEDA (Kubernetes Event-driven Autoscaling) and the KEDA HTTP Add-on with Azure Kubernetes Service (AKS) and Bicep](aks-bicep-keda/)
+- Lab: Explore KEDA (Kubernetes Event-driven Autoscaling) and the KEDA HTTP Add-on with Azure Kubernetes Service (AKS) and Bicep (returning soon)
- [Lab: Deploy a Scalable and Secure Azure Kubernetes Service cluster using the Azure CLI](aks-https/)
-- [Lab: Azure Kubernetes Service with ARM64 node pools](aks-arm64/)
+- Lab: Azure Kubernetes Service with ARM64 node pools (returning soon)
- [Lab: Azure Kubernetes Service with ARM64 node pools and Terraform](aks-arm64-terraform/)
-- [Lab: Web Application Routing with Azure Kubernetes Service](aks-webapp-routing/)
-- [Lab: Azure Kubernetes Service with Open Service Mesh](./aks-open-service-mesh/)
+- Lab: Web Application Routing with Azure Kubernetes Service (returning soon)
- [Lab: Azure Kubernetes Service with Open Service Mesh and Terraform](./aks-open-service-mesh-terraform/)
- [Run scalable and resilient Redis with Kubernetes and Azure Kubernetes Service (techcommunity.microsoft.com)](https://techcommunity.microsoft.com/t5/apps-on-azure-blog/run-scalable-and-resilient-redis-with-kubernetes-and-azure/ba-p/3247956)
- [Walkthrough (aaronmsft.com)](https://aaronmsft.com/posts/oss-aks-redis/)
diff --git a/cloud-native/aks-arm64/README.md b/cloud-native/aks-arm64/README.md
deleted file mode 100644
index 2b76cbc..0000000
--- a/cloud-native/aks-arm64/README.md
+++ /dev/null
@@ -1,368 +0,0 @@
-# Azure Kubernetes Service with ARM64 node pools
-
-This lab will walk you though deploying Azure Kubernetes Service (AKS) with ARM64-based user node pools and deploy a sample application to it.
-
-You will perform the following tasks:
-
-* Provision Azure resources
-* Build and publish ARM64-based container to Azure Container Registry
-* Deploy ARM64-based image to Azure Kubernetes Service
-
-As part of the application deployment process, we'll also explore some things you can do to ensure your container images are prepared for ARM64-based OS architecture.
-
-## Requirements
-
-* An Azure Subscription (e.g. [Free](https://aka.ms/azure-free-account) or [Student](https://aka.ms/azure-student-account) account)
-* The [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli)
-* A [GitHub](https://github.com/) account
-* The [GitHub CLI](https://cli.github.com/)
-* Bash shell (e.g. macOS, Linux, [Windows Subsystem for Linux (WSL)](https://docs.microsoft.com/windows/wsl/about), [Multipass](https://multipass.run/), [Azure Cloud Shell](https://docs.microsoft.com/azure/cloud-shell/quickstart), [GitHub Codespaces](https://github.com/features/codespaces), etc)
-* The [Docker CLI](https://www.docker.com/products/docker-desktop/)
-
-> **⚠️ NOTE**
->
-> This deployment uses Azure Bicep templates to provision Azure infrastructure. If you'd like to use Terraform instead, head over to [Azure Kubernetes Service with ARM64 node pools and Terraform](../aks-arm64-terraform#deploy-azure-resources-using-terraform) then come back to complete the remainder of the steps in this lab guide.
-
-[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazure-opensource-labs%2Fmain%2Fcloud-native%2Faks-arm64%2Fmain.json)
-
-> Use the button above if you'd like to deploy using the Azure Portal instead of Azure CLI commands.
-
-## Deploy Azure Resources using Azure Bicep
-
-Start by cloning this repo and navigating to the `cloud-native/aks-arm64` directory.
-
-```bash
-git clone https://github.com/Azure-Samples/azure-opensource-labs.git
-cd azure-opensource-labs/cloud-native/aks-arm64
-```
-
-Next, make sure you are logged into Azure CLI
-
-```bash
-az login
-```
-
-If you have access to multiple subscriptions, you can select the proper subscription to use with the following command:
-
-```bash
-az account set -s
-```
-
-> **⚠️ NOTE**
->
-> You will need proper permissions in your subscription as the AKS deployment will require granting the `AcrPull` permissions to the `kubelets` on the AKS cluster, so that images can be pulled from your Azure Container Registry.
-
-Prepare for deployment by setting a few environment variables. You will need to pass in a `location` (aka Azure region) that [supports your deployment resources](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=container-registry,kubernetes-service) and SKUs as well as a `name` for your resource deployments.
-
-> **💡 TIP**
->
-> To validate that a VM SKU is available in your preferred Azure region you can run a command like this:
->
-> az vm list-sizes --location $location --query "[? contains(name, 'Standard_Dpds_v5')]" -o table`
-
-The `name` variable will be used to name Azure resources. The naming convention used wil be adopted from this [guide](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming#example-names-general). Some resources have specific requirements around resource naming so it is generally safe to use shorter alphanumeric names and ensure they will be globally unique since ACR names must meet this criteria.
-
-Set up your `location` and `name` variables.
-
-```bash
-location=eastus
-name=arm$RANDOM
-```
-
-Run the Bicep template deployment using the following command:
-
-```bash
-az deployment sub create --name "$name-deploy" --location $location -f ./main.bicep --parameters name=$name location=$location
-```
-
-The deployment of Azure resources can take up to 10 minutes to complete. If you are interested in learning how the Bicep template modules work, click the `show` link below.
-
-show
-
-The [main.bicep](./main.bicep) file deploys the following resources in your subscription:
-
-* Azure Resource Group
-* Azure Container Registry
-* Azure Kubernetes Cluster with system node pool
-* ARM64-based user node pool with SKU (`Standard_D4pds_v5`)
-
-The template leverages Bicep modules which have been published to a separate ACR (`cloudnativeadvocates.azurecr.io`). To avoid having to include the ACR server name in all module calls, the ACR server name has been aliased in the [bicepconfig.json](./bicepconfig.json) file.
-
-The code for each Bicep module is hosted in this repo in the [bicep/modules](/bicep/modules/) directory. There you will find subdirectories for each of the modules we use for this lab's deployment.
-
-Within each module's subdirectory, there is a `README.md` file with additional information on the inputs and outputs for each module including links to the [resource template](https://learn.microsoft.com/azure/templates/) documentation.
-
-Here's a quick summary of the resources being deployed
-
-### Azure Resource Group
-
-This deployment is at subscription scope, so we create a resource group in the `main.bicep` file to deploy all resources for this lab.
-
-### Azure Container Registry
-
-Uses `br/oss-labs:bicep/modules/azure-container-registry:v0.1` module to deploy a private container registry in which we will publish our sample container image to.
-
-This ACR resource will have the admin account enabled to be able to publish container images using GitHub Actions.
-
-### Azure Kubernetes Cluster with system node pool
-
-Uses `br/oss-labs:bicep/modules/azure-kubernetes-service:v0.1` to deploy a managed cluster with Kubernetes version `1.24.3`. Some of the basic options have been enabled such as using a standard load balancer for inbound services and outbound NAT. The system node pool will use the `Standard_D2s_v5` Virtual Machine Scale Set SKU and deploy `2` instances.
-
-AKS clusters can be provisioned with Defender enabled; however, at the time of this writing, ARM64-based node pools are not supported when AKS clusters have Defender enabled.
-
-This AKS cluster will also have the ACR "attached" by granting the `kubelet` managed identity the `AcrPull` role assignment on the ACR resource.
-
-### ARM64-based user node pool with SKU (`Standard_D4pds_v5`)
-
-Uses `br/oss-labs:bicep/modules/azure-kubernetes-service-nodepools:v0.1` module to deploy a 2-node ARM64-based node pool with SKU `Standard_D4pds_v5`. This module accepts `userNodes` which is an array of dynamic objects. Each of the dynamic object properties are mapped to Bicep template properties in the module implementation.
-
-With the node pool type of `VirtualMachineScaleSets`, we can enable autoscaling. You can specify the scale down mode to either `Deallocate` or `Delete`. This lab sets it to `Deallocate` to ensure faster scale up/down times; therefore, the `osDiskType` setting must be set to `Managed` so that Azure persists the OS disks.
-
-> The default `osDiskType` is `Ephemeral`
-
-This user node pool will auto scale from `0` to `3` instances based on load
-
-If you want to ensure only specific workloads are scheduled on your user node pools, you can add `nodeTaints`. Refer to this [doc](https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-nodepool-taints) for additional information.
-
-
-
-Once the deployment has completed, you can run the following command to gain access to the cluster:
-
-```bash
-az aks get-credentials --resource-group "rg-${name}" --name "aks-${name}"
-```
-
-To verify the cluster is up, run the command `kubectl get nodes -o wide` and should see something like this
-
-```bash
-kubectl get nodes -o wide
-NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
-aks-arm64-10552501-vmss000000 NotReady agent 139m v1.24.3 10.21.0.62 Ubuntu 22.04.1 LTS 5.15.0-1019-azure containerd://1.6.4+azure-4
-aks-arm64-10552501-vmss000001 NotReady agent 139m v1.24.3 10.21.0.91 Ubuntu 22.04.1 LTS 5.15.0-1019-azure containerd://1.6.4+azure-4
-aks-arm64-10552501-vmss000002 NotReady agent 139m v1.24.3 10.21.0.120 Ubuntu 22.04.1 LTS 5.15.0-1019-azure containerd://1.6.4+azure-4
-aks-system-23779925-vmss000000 Ready agent 143m v1.24.3 10.21.0.4 Ubuntu 18.04.6 LTS 5.4.0-1090-azure containerd://1.6.4+azure-4
-aks-system-23779925-vmss000001 Ready agent 143m v1.24.3 10.21.0.33 Ubuntu 18.04.6 LTS 5.4.0-1090-azure containerd://1.6.4+azure-4
-```
-
-> 💡 TIP
->
-> If you do not have `kubectl` installed on your system, you can run the following command to install it:
->
-> `az aks install-cli`
-
-## Deploying `ARM64` workloads to Kubernetes
-
-With the ARM64-based user node pool deployed, we can begin deploying our first workload onto it.
-
-We will deploy the famous [Azure Voting App](https://learn.microsoft.com/azure/aks/tutorial-kubernetes-prepare-app) which can be found in many AKS tutorials, labs, blogs, etc.
-
-![Azure Voting App](https://learn.microsoft.com/en-us/azure/aks/media/container-service-kubernetes-tutorials/azure-vote-local.png)
-
-This application is a multi-container application and upon inspection of the [`docker-compose.yaml`](https://github.com/Azure-Samples/azure-voting-app-redis/blob/master/docker-compose.yaml) file, we can see it uses the `mcr.microsoft.com/oss/bitnami/redis:6.0.8` image for the backend and the `mcr.microsoft.com/azuredocs/azure-vote-front:v1` for the frontend.
-
-In order for Kubernetes to schedule containers to your ARM64-based node pool, the container images must be published to support the appropriate OS architectures.
-
-### Investigation
-
-You can inspect the container manifests by running the following commands:
-
-```bash
-docker manifest inspect mcr.microsoft.com/azuredocs/azure-vote-front:v1
-docker manifest inspect mcr.microsoft.com/oss/bitnami/redis:6.0.8
-```
-
-Unfortunately, neither of these images support `arm64` architecture 😞
-
-Let's check if Redis has an updated image on Docker Hub that supports `arm64`
-
-```bash
-docker manifest inspect redis:latest
-```
-
-From the output, we can see it does 🥳
-
-```json
-...
-{
- "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
- "size": 1572,
- "digest": "sha256:6444b125d6e2b7aae5732039a22bf4abb92bcb1535cefe89e52bb269f6374826",
- "platform": {
- "architecture": "arm64",
- "os": "linux",
- "variant": "v8"
- }
-}
-...
-```
-
-Easy enough, we can swap out `mcr.microsoft.com/oss/bitnami/redis:6.0.8` with `redis:latest` and fix that dependency 😅
-
-Now, browse to the [source repo](https://github.com/Azure-Samples/azure-voting-app-redis) for the Azure Voting App and view the [Dockerfile](https://github.com/Azure-Samples/azure-voting-app-redis/blob/master/azure-vote/Dockerfile) to see how the image is built.
-
-From the Dockerfile, we can see it is using `tiangolo/uwsgi-nginx-flask:python3.6` as a base image.
-
-If we run the `docker manifest inspect` command again, we can see the base image also doesn't support `arm64` architecture 😞
-
-```bash
-docker manifest inspect tiangolo/uwsgi-nginx-flask:python3.6
-```
-
-On Docker Hub, we can see the [tiangolo/uwsgi-nginx-flask](https://hub.docker.com/r/tiangolo/uwsgi-nginx-flask) image is built using this [this Dockerfile](https://github.com/tiangolo/uwsgi-nginx-flask-docker/blob/master/docker-images/python3.6.dockerfile)
-
-Upon inspection of the Dockerfile, you can see this image sources from yet another base image called `tiangolo/uwsgi-nginx:python3.6`
-
-Back in Docker Hub, we can view information for the [tiangolo/uwsgi-nginx](https://hub.docker.com/r/tiangolo/uwsgi-nginx) image. Here we see [this Dockerfile](https://github.com/tiangolo/uwsgi-nginx-docker/blob/master/docker-images/python3.6.dockerfile) is used to build the base image.
-
-In the Dockerfile, we see it's base image is `python:3.6-buster`
-
-This image is also hosted on Docker Hub so we can check to see if this image supports `arm64`
-
-```bash
-docker manifest inspect python:3.6-buster
-```
-
-In the output, we can see it supports many architectures including `arm64` 🥳
-
-```json
-...
-{
- "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
- "size": 2217,
- "digest": "sha256:293f12079921200fb3b9d17996bb0a06d743828d2bdd7eb49e245aee26d2f802",
- "platform": {
- "architecture": "arm64",
- "os": "linux",
- "variant": "v8"
- }
-}
-...
-```
-
-The existing [Azure Voting App](https://github.com/Azure-Samples/azure-voting-app-redis/blob/master/azure-vote/Dockerfile) container image will not work for us, we must build and publish our own container and have it support multiple OS architectures. Thankfully, we can borrow a lot of [tiangolo's](https://github.com/tiangolo) code and build our own custom Dockerfile from it.
-
-With the focus of this lab being on deploying `arm64` workloads to AKS, we've saved you some time and combined the container image code from the original [Azure Voting App](https://github.com/Azure-Samples/azure-voting-app-redis) repo and [tiangolo's](https://github.com/tiangolo) Dockerfiles and published a new Azure Voting App repo [here](https://github.com/pauldotyu/azure-voting-app/blob/main/src/Dockerfile). This repo supports both AMD64 and ARM64 OS architectures by building and pushing images using [`docker buildx`](https://docs.docker.com/engine/reference/commandline/buildx/).
-
-### Deploying the Azure Voting App
-
-#### Build and publish the container image
-
-Navigate to the updated [Azure Voting App](https://github.com/pauldotyu/azure-voting-app) repo and click on the green "Use this template" button. This will allow you to create a new repo in your GitHub account.
-
-With the repo created in your GitHub account, clone the repo and open it in a terminal.
-
-This repo contains a [GitHub Actions workflow file](https://github.com/pauldotyu/azure-voting-app/blob/main/.github/workflows/docker-image.yml), which builds and publishes the app to your new Azure Container Registry. You will need to [create repository secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) so that your workflow can authenticate and publish to your registry.
-
-Run the following commands to pull out the registry credentials:
-
-> If you are using a new terminal, you will need to reset the `name` variable. Run the following command:
->
-> name=
-
-```bash
-acrServer=$(az acr show --name "acr${name}" --query loginServer -o tsv)
-acrUsername=$(az acr credential show --name "acr${name}" --query username -o tsv)
-acrPassword=$(az acr credential show --name "acr${name}" --query "passwords[0].value" -o tsv)
-```
-
-Using the GitHub CLI, run the following commands to set your repository secrets
-
-```bash
-ghRepo="/"
-
-gh auth login
-gh secret set ACR_SERVER --body $acrServer --repo $ghRepo
-gh secret set ACR_USERNAME --body $acrUsername --repo $ghRepo
-gh secret set ACR_PASSWORD --body $acrPassword --repo $ghRepo
-```
-
-To push an image to the Azure Container Registry, create a new release using the following command:
-
-```bash
-gh release create v1.0.0 --notes "" --repo $ghRepo
-```
-
-Publishing a new release will trigger the GitHub Action workflow to build and publish the container image.
-
-> The build and publish will take approximately 8-10 minutes
-
-To view the output of the workflow, you can run these commands:
-
-```bash
-gh run view --repo $ghRepo
-gh run view --repo $ghRepo --job=XXXXXXXXX # your job number will be listed in the command above
-gh run view --repo $ghRepo --log --job=XXXXXXXXXX # the log will be available when the job is complete
-```
-
-To validate your image, you can run the following:
-
-```bash
-az acr manifest list-metadata --registry "acr${name}" --name azure-vote-front
-```
-
-#### Deploy the Kubernetes manifest
-
-The **azure-voting-app** repo includes a sample [Kubernetes manifest file](https://github.com/pauldotyu/azure-voting-app/blob/main/azure-voting-app-deploy.yaml) which you can use to deploy. There is a `` placeholder in the file and this can be swapped out using the `sed` command.
-
-The app deployment leverages [Kustomize](https://kustomize.io/) to customize your configuration at deployment time. The `kustomization.yaml` file includes a placeholder which you will swap out with your container registry server name. As the template is deployed to your Kubernetes cluster, Kustomize will replace the image value.
-
-Run the following command to update your `kustomization.yaml` file.
-
-```bash
-sed -i'' -e "s//$acrServer/" kustomization.yaml
-```
-
-Now we can deploy the workload with the following command:
-
-```bash
-kubectl apply -k .
-```
-
-> 📝 NOTE
->
-> Kustomize is built into `kubectl`
-
-Inspect the pods to ensure they've deployed successfully:
-
-```bash
-kubectl get po
-
-NAME READY STATUS RESTARTS AGE
-azure-vote-back-54576c54f-bktkk 1/1 Running 0 3m23s
-azure-vote-front-5694d5cc45-fx87s 1/1 Running 0 3m23s
-```
-
-Inspect the service to ensure you can browse to the site:
-
-```bash
-kubectl get svc
-
-NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
-azure-vote-back ClusterIP 10.0.136.122 6379/TCP 117s
-azure-vote-front LoadBalancer 10.0.74.8 20.81.58.34 80:30303/TCP 117s
-kubernetes ClusterIP 10.0.0.1 443/TCP 32m
-```
-
-Once the `EXTERNAL-IP` is populated for the `azure-vote-front` service, you can use the IP address and browse to the Azure Voting App 🚀
-
-## Summary
-
-Congratulations! 🎉
-
-You've deployed an AKS cluster with an ARM64-based user node pool, built and published a new Azure Voting App container image which supports multiple OS architectures, and deployed the app into the AKS cluster. We also explored how we can inspect container image manifests to view the OS architectures they support. If your container images only support AMD64 OS architectures, you can easily re-target to support multiple platforms using Docker Buildx as demonstrated when we created a new release of the Azure Voting App. However, as we found in our exercise, you'll need to inspect the base layers of the container images to see if they also support ARM64.
-
-## Cleanup
-
-When you are finished exploring resources in this lab, you can delete the deployment by running the following commands:
-
-```bash
-az group delete --name "rg-${name}"
-az deployment sub delete --name "${name}-deploy"
-```
-
-If you do not wish to keep the Azure Voting App repo in your GitHub account, you can delete it by running the following GitHub CLI commands:
-
-```bash
-gh auth refresh -h github.com -s delete_repo
-gh repo delete $ghRepo
-```
diff --git a/cloud-native/aks-arm64/azure-voting-app-deploy.yaml b/cloud-native/aks-arm64/azure-voting-app-deploy.yaml
deleted file mode 100644
index 99e7859..0000000
--- a/cloud-native/aks-arm64/azure-voting-app-deploy.yaml
+++ /dev/null
@@ -1,94 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: azure-vote-back
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: azure-vote-back
- template:
- metadata:
- labels:
- app: azure-vote-back
- spec:
- nodeSelector:
- "kubernetes.io/os": linux
- containers:
- - name: azure-vote-back
- image: redis:latest
- env:
- - name: ALLOW_EMPTY_PASSWORD
- value: "yes"
- ports:
- - containerPort: 6379
- name: redis
----
-apiVersion: v1
-kind: Service
-metadata:
- name: azure-vote-back
-spec:
- ports:
- - port: 6379
- selector:
- app: azure-vote-back
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: azure-vote-front
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: azure-vote-front
- strategy:
- rollingUpdate:
- maxSurge: 1
- maxUnavailable: 1
- minReadySeconds: 5
- template:
- metadata:
- labels:
- app: azure-vote-front
- spec:
- nodeSelector:
- "kubernetes.io/os": linux
- containers:
- - name: azure-vote-front
- image: cloudnativeadvocates.azurecr.io/azure-vote-front:v1.0.0
- ports:
- - containerPort: 80
- resources:
- requests:
- cpu: 250m
- limits:
- cpu: 500m
- env:
- - name: REDIS
- value: "azure-vote-back"
----
-apiVersion: v1
-kind: Service
-metadata:
- name: azure-vote-front
-spec:
- type: LoadBalancer
- ports:
- - port: 80
- selector:
- app: azure-vote-front
----
-apiVersion: autoscaling/v1
-kind: HorizontalPodAutoscaler
-metadata:
- name: azure-vote-front
-spec:
- scaleTargetRef:
- apiVersion: apps/v1
- kind: Deployment
- name: azure-vote-front
- minReplicas: 1
- maxReplicas: 50
- targetCPUUtilizationPercentage: 50
diff --git a/cloud-native/aks-arm64/bicepconfig.json b/cloud-native/aks-arm64/bicepconfig.json
deleted file mode 100644
index 91b4f8a..0000000
--- a/cloud-native/aks-arm64/bicepconfig.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "moduleAliases": {
- "ts": {},
- "br": {
- "oss-labs": {
- "registry": "cloudnativeadvocates.azurecr.io"
- }
- }
- }
-}
\ No newline at end of file
diff --git a/cloud-native/aks-arm64/kustomization.yaml b/cloud-native/aks-arm64/kustomization.yaml
deleted file mode 100644
index f812c85..0000000
--- a/cloud-native/aks-arm64/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-resources:
-- azure-voting-app-deploy.yaml
-
-# Change the image name and version
-images:
-- name: cloudnativeadvocates.azurecr.io/azure-vote-front:v1.0.0
- newName: /azure-vote-front
- newTag: v1.0.0
\ No newline at end of file
diff --git a/cloud-native/aks-arm64/main.bicep b/cloud-native/aks-arm64/main.bicep
deleted file mode 100644
index 86bca95..0000000
--- a/cloud-native/aks-arm64/main.bicep
+++ /dev/null
@@ -1,128 +0,0 @@
-targetScope = 'subscription'
-
-param name string
-param location string
-param tags object = {}
-
-var networkPlugin = 'kubenet'
-var networkPolicy = 'calico'
-
-// Set up the resource group
-resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: 'rg-${name}'
- location: location
- tags: tags
-}
-
-// Set up the container registry
-module acr '../../bicep/modules/azure-container-registry/main.bicep' = {
- scope: rg
- name: 'acrDeploy'
- params: {
- name: 'acr${toLower(name)}'
- location: location
- tags: tags
- sku: 'Basic'
- adminUserEnabled: true
- managedIdentityType: 'SystemAssigned'
- publicNetworkAccess: true
- }
-}
-
-// Set up the network security group
-module nsg '../../bicep/modules/azure-network-security-group/main.bicep' = if (networkPlugin != 'kubenet') {
- scope: rg
- name: 'nsgDeploy'
- params: {
- name: 'nsg-${name}'
- location: location
- tags: tags
- }
-}
-
-// Setup the virtual network and subnet
-module vnet '../../bicep/modules/azure-virtual-network/main.bicep' = if (networkPlugin != 'kubenet') {
- scope: rg
- name: 'vnetDeploy'
- params: {
- name: 'vnet-${name}'
- location: location
- tags: tags
- vnetAddressPrefix: '10.21.0.0/16'
- snetName: 'snet-${name}'
- snetAddressPrefix: '10.21.0.0/24'
- networkSecurityGroupId: networkPlugin != 'kubenet' ? nsg.outputs.id : ''
- dnsServer: '' // Leave empty if you want to use Azure's default DNS
- }
-}
-
-// Setup the log analytics workspace
-module law '../../bicep/modules/azure-log-analytics-workspace/main.bicep' = {
- scope: rg
- name: 'lawDeploy'
- params: {
- name: 'law-${name}'
- location: location
- tags: tags
- }
-}
-
-// Setup the Kubernetes cluster
-module aks '../../bicep/modules/azure-kubernetes-service/main.bicep' = {
- scope: rg
- name: 'aksDeploy'
- params: {
- name: 'aks-${name}'
- location: location
- tags: tags
- slaTier: 'Free'
- managedIdentityType: 'SystemAssigned'
- kubernetesVersion: '1.29'
- networkPlugin: networkPlugin
- networkPolicy: networkPolicy
- loadBalancerSku: 'Standard'
- outboundType: 'loadBalancer'
- dnsServiceIP: '10.0.0.10'
- podCidrs: [
- '10.244.0.0/16'
- ]
- serviceCidrs: [
- '10.0.0.0/16'
- ]
- ipFamilies: [
- 'IPv4'
- ]
- defenderEnabled: false
- imageCleanerEnabled: false
- systemNodeCount: 2
- systemNodeVmSize: 'Standard_D2s_v5'
- registryName: acr.outputs.name
- vnetSubnetID: networkPlugin != 'kubenet' ? vnet.outputs.subnetId : ''
- logAnalyticsWorkspaceResourceId: law.outputs.id
- nodeTaints: [ 'CriticalAddonsOnly=true:NoSchedule' ] // If deploying a user node pool too, you can taint the system node pool to prevent application pods from being scheduled on it; otherwise, leave empty
- }
-}
-
-// Setup the user node pools and deploy into a subnet
-module aksPools '../../bicep/modules/azure-kubernetes-service-nodepools/main.bicep' = {
- scope: rg
- name: 'armNodePoolsDeploy'
- params: {
- managedClusterName: aks.outputs.name
- userNodes: [
- {
- name: 'arm64'
- mode: 'User'
- vmSize: 'Standard_D4pds_v5' // Make sure the SKU is available in your region.
- enableAutoScaling: true
- scaleDownMode: 'Delete' // Delete is the default.
- minCount: 0 // If autoscale is enabled, then set the min number of nodes you wish to run.
- maxCount: 2 // Set this to the maximum number of nodes to run. If autoscale is not enabled, this value will be used as the node count.
- type: 'VirtualMachineScaleSets' // If autoscale is enabled, then the node type must be VirtualMachineScaleSets (default is AvailabilitySet).
- osDiskType: 'Ephemeral' // If autoscale is enabled and scale down mode is set to Deallocate, then the OS disk must be managed (default is Ephemeral).
- nodeTaints: '' // Add a taint like this `key=value:NoSchedule` or leave as empty string to not taint your nodes
- vnetSubnetID: networkPlugin != 'kubenet' ? vnet.outputs.subnetId : '' // If the cluster is using azure network plugin, then you can pass in the subnet resource ID like this `vnet.outputs.subnetId`; otherwise, leave it empty
- }
- ]
- }
-}
diff --git a/cloud-native/aks-arm64/main.json b/cloud-native/aks-arm64/main.json
deleted file mode 100644
index 2961961..0000000
--- a/cloud-native/aks-arm64/main.json
+++ /dev/null
@@ -1,914 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "17685315886462117336"
- }
- },
- "parameters": {
- "name": {
- "type": "string"
- },
- "location": {
- "type": "string"
- },
- "tags": {
- "type": "object",
- "defaultValue": {}
- }
- },
- "variables": {
- "networkPlugin": "kubenet",
- "networkPolicy": "calico"
- },
- "resources": [
- {
- "type": "Microsoft.Resources/resourceGroups",
- "apiVersion": "2021-04-01",
- "name": "[format('rg-{0}', parameters('name'))]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]"
- },
- {
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "acrDeploy",
- "resourceGroup": "[format('rg-{0}', parameters('name'))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "name": {
- "value": "[format('acr{0}', toLower(parameters('name')))]"
- },
- "location": {
- "value": "[parameters('location')]"
- },
- "tags": {
- "value": "[parameters('tags')]"
- },
- "sku": {
- "value": "Basic"
- },
- "adminUserEnabled": {
- "value": true
- },
- "managedIdentityType": {
- "value": "SystemAssigned"
- },
- "publicNetworkAccess": {
- "value": true
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "17364936891097374484"
- }
- },
- "parameters": {
- "name": {
- "type": "string"
- },
- "location": {
- "type": "string"
- },
- "tags": {
- "type": "object"
- },
- "sku": {
- "type": "string",
- "defaultValue": "Standard",
- "allowedValues": [
- "Basic",
- "Standard",
- "Premium"
- ],
- "metadata": {
- "description": "Defaults to Standard"
- }
- },
- "managedIdentityType": {
- "type": "string",
- "defaultValue": "SystemAssigned",
- "allowedValues": [
- "SystemAssigned",
- "UserAssigned"
- ],
- "metadata": {
- "description": "Two options are available: SystemAssigned or UserAssigned"
- }
- },
- "userAssignedIdentities": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Required when managed identity type is set to UserAssigned"
- }
- },
- "adminUserEnabled": {
- "type": "bool",
- "defaultValue": false
- },
- "anonymousPullEnabled": {
- "type": "bool",
- "defaultValue": false
- },
- "publicNetworkAccess": {
- "type": "bool",
- "defaultValue": "[if(equals(parameters('sku'), 'Premium'), false(), true())]",
- "metadata": {
- "description": "Disableing public network access is not supported for Basic and Standard SKUs"
- }
- }
- },
- "resources": [
- {
- "type": "Microsoft.ContainerRegistry/registries",
- "apiVersion": "2022-02-01-preview",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "sku": {
- "name": "[parameters('sku')]"
- },
- "identity": {
- "type": "[parameters('managedIdentityType')]",
- "userAssignedIdentities": "[if(not(equals(parameters('managedIdentityType'), 'SystemAssigned')), parameters('userAssignedIdentities'), null())]"
- },
- "properties": {
- "adminUserEnabled": "[parameters('adminUserEnabled')]",
- "anonymousPullEnabled": "[parameters('anonymousPullEnabled')]",
- "publicNetworkAccess": "[if(parameters('publicNetworkAccess'), 'Enabled', 'Disabled')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "value": "[parameters('name')]"
- }
- }
- }
- },
- "dependsOn": [
- "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('rg-{0}', parameters('name')))]"
- ]
- },
- {
- "condition": "[not(equals(variables('networkPlugin'), 'kubenet'))]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "nsgDeploy",
- "resourceGroup": "[format('rg-{0}', parameters('name'))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "name": {
- "value": "[format('nsg-{0}', parameters('name'))]"
- },
- "location": {
- "value": "[parameters('location')]"
- },
- "tags": {
- "value": "[parameters('tags')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "5609067551621364305"
- }
- },
- "parameters": {
- "name": {
- "type": "string"
- },
- "tags": {
- "type": "object"
- },
- "location": {
- "type": "string"
- }
- },
- "resources": [
- {
- "type": "Microsoft.Network/networkSecurityGroups",
- "apiVersion": "2022-01-01",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "properties": {
- "securityRules": []
- },
- "tags": "[parameters('tags')]"
- }
- ],
- "outputs": {
- "id": {
- "type": "string",
- "value": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]"
- }
- }
- }
- },
- "dependsOn": [
- "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('rg-{0}', parameters('name')))]"
- ]
- },
- {
- "condition": "[not(equals(variables('networkPlugin'), 'kubenet'))]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "vnetDeploy",
- "resourceGroup": "[format('rg-{0}', parameters('name'))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "name": {
- "value": "[format('vnet-{0}', parameters('name'))]"
- },
- "location": {
- "value": "[parameters('location')]"
- },
- "tags": {
- "value": "[parameters('tags')]"
- },
- "vnetAddressPrefix": {
- "value": "10.21.0.0/16"
- },
- "snetName": {
- "value": "[format('snet-{0}', parameters('name'))]"
- },
- "snetAddressPrefix": {
- "value": "10.21.0.0/24"
- },
- "networkSecurityGroupId": "[if(not(equals(variables('networkPlugin'), 'kubenet')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'nsgDeploy'), '2022-09-01').outputs.id.value), createObject('value', ''))]",
- "dnsServer": {
- "value": ""
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "3087759273833726789"
- }
- },
- "parameters": {
- "name": {
- "type": "string"
- },
- "location": {
- "type": "string"
- },
- "tags": {
- "type": "object"
- },
- "vnetAddressPrefix": {
- "type": "string"
- },
- "snetAddressPrefix": {
- "type": "string"
- },
- "snetName": {
- "type": "string"
- },
- "networkSecurityGroupId": {
- "type": "string"
- },
- "dnsServer": {
- "type": "string"
- }
- },
- "resources": [
- {
- "type": "Microsoft.Network/virtualNetworks",
- "apiVersion": "2022-01-01",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "addressSpace": {
- "addressPrefixes": [
- "[parameters('vnetAddressPrefix')]"
- ]
- },
- "dhcpOptions": "[if(not(empty(parameters('dnsServer'))), createObject('dnsServers', createArray(parameters('dnsServer'))), null())]",
- "subnets": [
- {
- "name": "[parameters('snetName')]",
- "properties": {
- "addressPrefix": "[parameters('snetAddressPrefix')]",
- "networkSecurityGroup": {
- "id": "[parameters('networkSecurityGroupId')]"
- }
- }
- }
- ]
- }
- }
- ],
- "outputs": {
- "id": {
- "type": "string",
- "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]"
- },
- "name": {
- "type": "string",
- "value": "[parameters('name')]"
- },
- "subnetId": {
- "type": "string",
- "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2022-01-01').subnets[0].id]"
- }
- }
- }
- },
- "dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'nsgDeploy')]",
- "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('rg-{0}', parameters('name')))]"
- ]
- },
- {
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "lawDeploy",
- "resourceGroup": "[format('rg-{0}', parameters('name'))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "name": {
- "value": "[format('law-{0}', parameters('name'))]"
- },
- "location": {
- "value": "[parameters('location')]"
- },
- "tags": {
- "value": "[parameters('tags')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "4630854867665059244"
- }
- },
- "parameters": {
- "name": {
- "type": "string"
- },
- "location": {
- "type": "string"
- },
- "tags": {
- "type": "object"
- }
- },
- "resources": [
- {
- "type": "Microsoft.OperationalInsights/workspaces",
- "apiVersion": "2021-12-01-preview",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "retentionInDays": 30,
- "sku": {
- "name": "PerGB2018"
- }
- }
- }
- ],
- "outputs": {
- "id": {
- "type": "string",
- "value": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]"
- }
- }
- }
- },
- "dependsOn": [
- "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('rg-{0}', parameters('name')))]"
- ]
- },
- {
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "aksDeploy",
- "resourceGroup": "[format('rg-{0}', parameters('name'))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "name": {
- "value": "[format('aks-{0}', parameters('name'))]"
- },
- "location": {
- "value": "[parameters('location')]"
- },
- "tags": {
- "value": "[parameters('tags')]"
- },
- "slaTier": {
- "value": "Free"
- },
- "managedIdentityType": {
- "value": "SystemAssigned"
- },
- "kubernetesVersion": {
- "value": "1.29"
- },
- "networkPlugin": {
- "value": "[variables('networkPlugin')]"
- },
- "networkPolicy": {
- "value": "[variables('networkPolicy')]"
- },
- "loadBalancerSku": {
- "value": "Standard"
- },
- "outboundType": {
- "value": "loadBalancer"
- },
- "dnsServiceIP": {
- "value": "10.0.0.10"
- },
- "podCidrs": {
- "value": [
- "10.244.0.0/16"
- ]
- },
- "serviceCidrs": {
- "value": [
- "10.0.0.0/16"
- ]
- },
- "ipFamilies": {
- "value": [
- "IPv4"
- ]
- },
- "defenderEnabled": {
- "value": false
- },
- "imageCleanerEnabled": {
- "value": false
- },
- "systemNodeCount": {
- "value": 2
- },
- "systemNodeVmSize": {
- "value": "Standard_D2s_v5"
- },
- "registryName": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'acrDeploy'), '2022-09-01').outputs.name.value]"
- },
- "vnetSubnetID": "[if(not(equals(variables('networkPlugin'), 'kubenet')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'vnetDeploy'), '2022-09-01').outputs.subnetId.value), createObject('value', ''))]",
- "logAnalyticsWorkspaceResourceId": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'lawDeploy'), '2022-09-01').outputs.id.value]"
- },
- "nodeTaints": {
- "value": [
- "CriticalAddonsOnly=true:NoSchedule"
- ]
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "5599997474738078815"
- }
- },
- "parameters": {
- "name": {
- "type": "string"
- },
- "location": {
- "type": "string"
- },
- "tags": {
- "type": "object"
- },
- "slaTier": {
- "type": "string",
- "defaultValue": "Free",
- "allowedValues": [
- "Free",
- "Paid"
- ],
- "metadata": {
- "description": "Defaults to Free tier"
- }
- },
- "managedIdentityType": {
- "type": "string",
- "defaultValue": "SystemAssigned",
- "allowedValues": [
- "SystemAssigned",
- "UserAssigned"
- ],
- "metadata": {
- "description": "Two options are available: SystemAssigned or UserAssigned"
- }
- },
- "userAssignedIdentities": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Required when managed identity type is set to UserAssigned"
- }
- },
- "kubernetesVersion": {
- "type": "string",
- "defaultValue": "1.29",
- "metadata": {
- "description": "Default is 1.29"
- }
- },
- "defenderEnabled": {
- "type": "bool",
- "defaultValue": false
- },
- "imageCleanerEnabled": {
- "type": "bool",
- "defaultValue": false
- },
- "imageCleanerIntervalHours": {
- "type": "int",
- "defaultValue": 12
- },
- "systemNodeCount": {
- "type": "int",
- "defaultValue": 3
- },
- "systemNodeVmSize": {
- "type": "string",
- "defaultValue": "Standard_D2s_v5",
- "metadata": {
- "description": "Default system node pool size is Standard_D2s_v5"
- }
- },
- "registryName": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional parameter to attach AKS cluster to an existing ACR"
- }
- },
- "networkPlugin": {
- "type": "string",
- "defaultValue": "kubenet",
- "allowedValues": [
- "kubenet",
- "azure",
- "none"
- ],
- "metadata": {
- "description": "Network plugin used for building the Kubernetes network."
- }
- },
- "networkPolicy": {
- "type": "string",
- "defaultValue": "calico",
- "allowedValues": [
- "calico",
- "azure"
- ],
- "metadata": {
- "description": "Network policy used for building the Kubernetes network."
- }
- },
- "loadBalancerSku": {
- "type": "string",
- "defaultValue": "Standard",
- "allowedValues": [
- "Standard",
- "Basic"
- ],
- "metadata": {
- "description": "The default is standard."
- }
- },
- "dnsServiceIP": {
- "type": "string",
- "defaultValue": "10.0.0.10",
- "metadata": {
- "description": "An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr."
- }
- },
- "dockerBridgeCidr": {
- "type": "string",
- "defaultValue": "172.17.0.1/16",
- "metadata": {
- "description": "A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range."
- }
- },
- "logAnalyticsWorkspaceResourceId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Resource ID of log analytics workspace for auditing"
- }
- },
- "outboundType": {
- "type": "string",
- "defaultValue": "loadBalancer",
- "allowedValues": [
- "loadBalancer",
- "managedNATGateway",
- "userAssignedNATGateway",
- "userDefinedRouting"
- ],
- "metadata": {
- "description": "This can only be set at cluster creation time and cannot be changed later."
- }
- },
- "podCidrs": {
- "type": "array",
- "defaultValue": [
- "10.244.0.0/16"
- ],
- "metadata": {
- "description": "One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking."
- }
- },
- "serviceCidrs": {
- "type": "array",
- "defaultValue": [
- "10.0.0.0/16"
- ],
- "metadata": {
- "description": "One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges."
- }
- },
- "ipFamilies": {
- "type": "array",
- "defaultValue": [
- "IPv4"
- ],
- "allowedValues": [
- "IPv4",
- "IPv6"
- ]
- },
- "vnetSubnetID": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "If the cluster is using azure network plugin, then you can pass in the subnet resource ID like this `vnet.outputs.subnetId`; otherwise, leave it empty"
- }
- },
- "nodeTaints": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Enable nodeTaints on the system node pool (e.g., ['CriticalAddonsOnly=true:NoSchedule'])"
- }
- },
- "addonProfiles": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "AKS addons to enable"
- }
- },
- "enablePrometheusMetrics": {
- "type": "bool",
- "defaultValue": false
- },
- "prometheusMetricLabelsAllowlist": {
- "type": "string",
- "defaultValue": ""
- },
- "prometheusMetricAnnotationsAllowList": {
- "type": "string",
- "defaultValue": ""
- }
- },
- "resources": [
- {
- "type": "Microsoft.ContainerService/managedClusters",
- "apiVersion": "2022-08-03-preview",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "sku": {
- "name": "Basic",
- "tier": "[parameters('slaTier')]"
- },
- "identity": {
- "type": "[parameters('managedIdentityType')]",
- "userAssignedIdentities": "[if(equals(parameters('managedIdentityType'), 'UserAssigned'), parameters('userAssignedIdentities'), null())]"
- },
- "properties": {
- "kubernetesVersion": "[parameters('kubernetesVersion')]",
- "dnsPrefix": "[parameters('name')]",
- "azureMonitorProfile": "[if(parameters('enablePrometheusMetrics'), createObject('metrics', createObject('enabled', true(), 'kubeStateMetrics', createObject('metricLabelsAllowlist', parameters('prometheusMetricLabelsAllowlist'), 'metricAnnotationsAllowList', parameters('prometheusMetricAnnotationsAllowList')))), null())]",
- "networkProfile": {
- "networkPlugin": "[parameters('networkPlugin')]",
- "networkPolicy": "[parameters('networkPolicy')]",
- "loadBalancerSku": "[parameters('loadBalancerSku')]",
- "dnsServiceIP": "[parameters('dnsServiceIP')]",
- "dockerBridgeCidr": "[parameters('dockerBridgeCidr')]",
- "outboundType": "[parameters('outboundType')]",
- "podCidrs": "[parameters('podCidrs')]",
- "serviceCidrs": "[parameters('serviceCidrs')]",
- "ipFamilies": "[parameters('ipFamilies')]"
- },
- "agentPoolProfiles": [
- {
- "name": "system",
- "count": "[parameters('systemNodeCount')]",
- "vmSize": "[parameters('systemNodeVmSize')]",
- "mode": "System",
- "vnetSubnetID": "[if(empty(parameters('vnetSubnetID')), null(), parameters('vnetSubnetID'))]",
- "nodeTaints": "[if(empty(parameters('nodeTaints')), null(), parameters('nodeTaints'))]"
- }
- ],
- "securityProfile": {
- "defender": {
- "securityMonitoring": {
- "enabled": "[parameters('defenderEnabled')]"
- }
- },
- "imageCleaner": {
- "enabled": "[parameters('imageCleanerEnabled')]",
- "intervalHours": "[parameters('imageCleanerIntervalHours')]"
- }
- },
- "addonProfiles": "[parameters('addonProfiles')]"
- }
- },
- {
- "condition": "[not(equals(parameters('registryName'), ''))]",
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('registryName'))]",
- "name": "[guid(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), parameters('registryName'))]",
- "properties": {
- "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2022-08-03-preview').identityProfile.kubeletidentity.objectId]",
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ContainerService/managedClusters', parameters('name'))]"
- ]
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "name": "[guid(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), resourceGroup().id)]",
- "properties": {
- "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2022-08-03-preview', 'full').identity.principalId]",
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ContainerService/managedClusters', parameters('name'))]"
- ]
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "value": "[parameters('name')]"
- },
- "id": {
- "type": "string",
- "value": "[resourceId('Microsoft.ContainerService/managedClusters', parameters('name'))]"
- },
- "kubeletIdentityObjectId": {
- "type": "string",
- "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2022-08-03-preview').identityProfile.kubeletidentity.objectId]"
- },
- "nodeResourceGroupName": {
- "type": "string",
- "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2022-08-03-preview').nodeResourceGroup]"
- }
- }
- }
- },
- "dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'acrDeploy')]",
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'lawDeploy')]",
- "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('rg-{0}', parameters('name')))]",
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'vnetDeploy')]"
- ]
- },
- {
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "armNodePoolsDeploy",
- "resourceGroup": "[format('rg-{0}', parameters('name'))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "managedClusterName": {
- "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'aksDeploy'), '2022-09-01').outputs.name.value]"
- },
- "userNodes": {
- "value": [
- {
- "name": "arm64",
- "mode": "User",
- "vmSize": "Standard_D4pds_v5",
- "enableAutoScaling": true,
- "scaleDownMode": "Delete",
- "minCount": 0,
- "maxCount": 2,
- "type": "VirtualMachineScaleSets",
- "osDiskType": "Ephemeral",
- "nodeTaints": "",
- "vnetSubnetID": "[if(not(equals(variables('networkPlugin'), 'kubenet')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'vnetDeploy'), '2022-09-01').outputs.subnetId.value, '')]"
- }
- ]
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "18243559256984356460"
- }
- },
- "parameters": {
- "managedClusterName": {
- "type": "string"
- },
- "userNodes": {
- "type": "array"
- }
- },
- "resources": [
- {
- "copy": {
- "name": "userNodePools",
- "count": "[length(range(0, length(parameters('userNodes'))))]"
- },
- "type": "Microsoft.ContainerService/managedClusters/agentPools",
- "apiVersion": "2024-02-01",
- "name": "[format('{0}/{1}', parameters('managedClusterName'), parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].name)]",
- "properties": {
- "vmSize": "[parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].vmSize]",
- "mode": "[parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].mode]",
- "enableAutoScaling": "[parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].enableAutoScaling]",
- "count": "[if(contains(parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]], 'maxCount'), parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].maxCount, 1)]",
- "minCount": "[if(and(parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].enableAutoScaling, contains(parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]], 'minCount')), parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].minCount, null())]",
- "maxCount": "[if(and(parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].enableAutoScaling, contains(parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]], 'maxCount')), parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].maxCount, null())]",
- "scaleDownMode": "[if(and(parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].enableAutoScaling, contains(parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]], 'scaleDownMode')), parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].scaleDownMode, null())]",
- "nodeTaints": "[if(empty(parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].nodeTaints), null(), parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].nodeTaints)]",
- "type": "[parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].type]",
- "osDiskType": "[parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].osDiskType]",
- "vnetSubnetID": "[if(empty(parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].vnetSubnetID), null(), parameters('userNodes')[range(0, length(parameters('userNodes')))[copyIndex()]].vnetSubnetID)]"
- }
- }
- ]
- }
- },
- "dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'aksDeploy')]",
- "[subscriptionResourceId('Microsoft.Resources/resourceGroups', format('rg-{0}', parameters('name')))]",
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, format('rg-{0}', parameters('name'))), 'Microsoft.Resources/deployments', 'vnetDeploy')]"
- ]
- }
- ]
-}
\ No newline at end of file
diff --git a/cloud-native/aks-bicep-k8s/README.md b/cloud-native/aks-bicep-k8s/README.md
deleted file mode 100644
index 9d17e36..0000000
--- a/cloud-native/aks-bicep-k8s/README.md
+++ /dev/null
@@ -1,61 +0,0 @@
-# Explore Open Source workloads with Azure Kubernetes Service (AKS) and the Bicep extensibility Kubernetes provider
-
-In this lab you will deploy an Azure Kubernetes Service (AKS) cluster, other Azure services (Container Registry, Managed Identity, Storage Account), and open source workloads, with [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli), [Bicep](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview) and the [Bicep extensibility Kubernetes provider (Preview)](https://learn.microsoft.com/azure/azure-resource-manager/bicep/bicep-extensibility-kubernetes-provider).
-
-## Requirements
-
-- An **Azure Subscription** (e.g. [Free](https://aka.ms/azure-free-account) or [Student](https://aka.ms/azure-student-account) account)
-- The [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
-- Bash shell (e.g. macOS, Linux, [Windows Subsystem for Linux (WSL)](https://docs.microsoft.com/en-us/windows/wsl/about), [Multipass](https://multipass.run/), [Azure Cloud Shell](https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart), [GitHub Codespaces](https://github.com/features/codespaces), etc)
-- [Go](https://go.dev/dl/) (Optional)
-- [Mage](https://magefile.org/) (`go install github.com/magefile/mage@latest`) (Optional)
-
-## Instructions
-
-Use the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) and [Bicep](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview) templates to deploy the infrastructure for your application.
-
-Login to the Azure CLI.
-
-```bash
-az login
-```
-
-Clone this repository.
-
-```bash
-git clone https://github.com/Azure-Samples/azure-opensource-labs.git
-```
-
-Change to this directory.
-
-```
-cd azure-opensource-labs/cloud-native/aks-bicep-k8s
-```
-
-While you can deploy the Bicep templates ([main.bicep](./main.bicep)) via the Azure CLI or Azure Portal, we have included a Magefile, [magefile.go](./magefile.go), with the following targets to make deployment easier.
-
-```
-$ mage
-Targets:
- aksCredentials gets credentials for the AKS cluster
- aksKubectl ensures kubectl is installed
- deployAKS deploys aks.bicep at the Resource Group scope
- deployApp DeployAKS uses aks-deploy-app.bicep to deploy AKS_APP_BICEP(=azure-vote.bicep)
- deployMain [experimental] deploys main.bicep::q at the Resource Group scope
- empty empties the Azure resource group
- emptyNamespace has az invoke kubectl delete all on K8S_NAMESPACE
- group creates the Azure resource group
- groupDelete deletes the Azure resource group
-```
-
-### Deployment
-
-```
-mage group deployAks deployApp
-```
-
-### Delete resources
-
-```
-mage empty
-```
diff --git a/cloud-native/aks-bicep-k8s/aks-deploy-app.bicep b/cloud-native/aks-bicep-k8s/aks-deploy-app.bicep
deleted file mode 100644
index b6aeff1..0000000
--- a/cloud-native/aks-bicep-k8s/aks-deploy-app.bicep
+++ /dev/null
@@ -1,16 +0,0 @@
-param clusterName string = 'aks1'
-param namespace string = 'default'
-
-resource aksCluster 'Microsoft.ContainerService/managedClusters@2023-05-01' existing = {
- name: clusterName
-}
-
-module app './azure-vote.bicep' = {
- name: '${resourceGroup().name}-app'
- params: {
- kubeConfig: aksCluster.listClusterAdminCredential().kubeconfigs[0].value
- namespace: namespace
- }
-}
-
-output appOutputs object = app.outputs
diff --git a/cloud-native/aks-bicep-k8s/aks.bicep b/cloud-native/aks-bicep-k8s/aks.bicep
deleted file mode 100644
index 91cc6f1..0000000
--- a/cloud-native/aks-bicep-k8s/aks.bicep
+++ /dev/null
@@ -1,93 +0,0 @@
-param location string = resourceGroup().location
-param clusterName string = 'aks1'
-param nodeCount int = 1
-param vmSize string = 'standard_d2s_v5'
-param kubernetesVersion string = '1.29'
-
-var rand = substring(uniqueString(resourceGroup().id), 0, 6)
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: '${resourceGroup().name}-identity'
- location: location
-}
-
-resource aks 'Microsoft.ContainerService/managedClusters@2021-05-01' = {
- name: clusterName
- location: location
- identity: {
- type: 'UserAssigned'
- userAssignedIdentities: {
- '${managedIdentity.id}': {}
- }
- }
- properties: {
- kubernetesVersion: kubernetesVersion
- dnsPrefix: clusterName
- enableRBAC: true
- agentPoolProfiles: [
- {
- name: 'nodepool1'
- count: nodeCount
- vmSize: vmSize
- mode: 'System'
- }
- ]
- }
-}
-
-resource containerRegistry 'Microsoft.ContainerRegistry/registries@2019-05-01' = {
- name: 'acr${rand}'
- location: location
- sku: {
- name: 'Standard'
- }
- properties: {
- adminUserEnabled: true
- }
-}
-
-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
- name: 'storage${rand}'
- location: location
- kind: 'BlockBlobStorage'
- sku: {
- name: 'Premium_LRS'
- }
- properties: {
- minimumTlsVersion: 'TLS1_2'
- }
-}
-
-// via: https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-functions-resource#subscriptionresourceid-example
-var roleDefinitionId = {
- Owner: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
- Contributor: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
- Reader: 'acdd72a7-3385-48ef-bd42-f606fba81ae7'
- AcrPull: '7f951dda-4ed3-4680-a7ca-43fe172d538d'
- StorageBlobDataContributor: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
- KubernetesServiceClusterUserRole: '4abbcc35-e782-43d8-92c5-2d3f1bd2253f'
-}
-
-// https://github.com/Azure/bicep/discussions/3181
-var roleAssignmentAcrDefinition = 'AcrPull'
-resource roleAssignmentAcr 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(containerRegistry.id, roleAssignmentAcrDefinition)
- scope: containerRegistry
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentAcrDefinition])
- principalId: aks.properties.identityProfile.kubeletidentity.objectId
- }
-}
-
-var roleAssignmentStorageAccountDefinition = 'StorageBlobDataContributor'
-resource roleAssignmentStorageAccount 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(storageAccount.id, roleAssignmentStorageAccountDefinition)
- scope: storageAccount
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentStorageAccountDefinition])
- principalId: managedIdentity.properties.principalId
- }
- dependsOn: [
- aks
- ]
-}
diff --git a/cloud-native/aks-bicep-k8s/azure-vote.bicep b/cloud-native/aks-bicep-k8s/azure-vote.bicep
deleted file mode 100644
index 5caf885..0000000
--- a/cloud-native/aks-bicep-k8s/azure-vote.bicep
+++ /dev/null
@@ -1,150 +0,0 @@
-@secure()
-param kubeConfig string
-param namespace string = 'default'
-
-import 'kubernetes@1.0.0' with {
- namespace: namespace
- kubeConfig: kubeConfig
-}
-
-resource appsDeployment_azureVoteBack 'apps/Deployment@v1' = {
- metadata: {
- name: 'azure-vote-back'
- }
- spec: {
- replicas: 1
- selector: {
- matchLabels: {
- app: 'azure-vote-back'
- }
- }
- template: {
- metadata: {
- labels: {
- app: 'azure-vote-back'
- }
- }
- spec: {
- nodeSelector: {
- 'kubernetes.io/os': 'linux'
- }
- containers: [
- {
- name: 'azure-vote-back'
- image: 'mcr.microsoft.com/oss/bitnami/redis:6.0.8'
- env: [
- {
- name: 'ALLOW_EMPTY_PASSWORD'
- value: 'yes'
- }
- ]
- resources: {
- requests: {
- cpu: '100m'
- memory: '128Mi'
- }
- limits: {
- cpu: '250m'
- memory: '256Mi'
- }
- }
- ports: [
- {
- containerPort: 6379
- name: 'redis'
- }
- ]
- }
- ]
- }
- }
- }
-}
-
-resource coreService_azureVoteBack 'core/Service@v1' = {
- metadata: {
- name: 'azure-vote-back'
- }
- spec: {
- ports: [
- {
- port: 6379
- }
- ]
- selector: {
- app: 'azure-vote-back'
- }
- }
-}
-
-resource appsDeployment_azureVoteFront 'apps/Deployment@v1' = {
- metadata: {
- name: 'azure-vote-front'
- }
- spec: {
- replicas: 1
- selector: {
- matchLabels: {
- app: 'azure-vote-front'
- }
- }
- template: {
- metadata: {
- labels: {
- app: 'azure-vote-front'
- }
- }
- spec: {
- nodeSelector: {
- 'kubernetes.io/os': 'linux'
- }
- containers: [
- {
- name: 'azure-vote-front'
- image: 'mcr.microsoft.com/azuredocs/azure-vote-front:v1'
- resources: {
- requests: {
- cpu: '100m'
- memory: '128Mi'
- }
- limits: {
- cpu: '250m'
- memory: '256Mi'
- }
- }
- ports: [
- {
- containerPort: 80
- }
- ]
- env: [
- {
- name: 'REDIS'
- value: 'azure-vote-back'
- }
- ]
- }
- ]
- }
- }
- }
-}
-
-resource coreService_azureVoteFront 'core/Service@v1' = {
- metadata: {
- name: 'azure-vote-front'
- }
- spec: {
- type: 'LoadBalancer'
- ports: [
- {
- port: 80
- }
- ]
- selector: {
- app: 'azure-vote-front'
- }
- }
-}
-
-output frontendIp string = coreService_azureVoteFront.status.loadBalancer.ingress[0].ip
diff --git a/cloud-native/aks-bicep-k8s/azure-vote.yaml b/cloud-native/aks-bicep-k8s/azure-vote.yaml
deleted file mode 100644
index b071366..0000000
--- a/cloud-native/aks-bicep-k8s/azure-vote.yaml
+++ /dev/null
@@ -1,85 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: azure-vote-back
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: azure-vote-back
- template:
- metadata:
- labels:
- app: azure-vote-back
- spec:
- nodeSelector:
- "kubernetes.io/os": linux
- containers:
- - name: azure-vote-back
- image: mcr.microsoft.com/oss/bitnami/redis:6.0.8
- env:
- - name: ALLOW_EMPTY_PASSWORD
- value: "yes"
- resources:
- requests:
- cpu: 100m
- memory: 128Mi
- limits:
- cpu: 250m
- memory: 256Mi
- ports:
- - containerPort: 6379
- name: redis
----
-apiVersion: v1
-kind: Service
-metadata:
- name: azure-vote-back
-spec:
- ports:
- - port: 6379
- selector:
- app: azure-vote-back
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: azure-vote-front
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: azure-vote-front
- template:
- metadata:
- labels:
- app: azure-vote-front
- spec:
- nodeSelector:
- "kubernetes.io/os": linux
- containers:
- - name: azure-vote-front
- image: mcr.microsoft.com/azuredocs/azure-vote-front:v1
- resources:
- requests:
- cpu: 100m
- memory: 128Mi
- limits:
- cpu: 250m
- memory: 256Mi
- ports:
- - containerPort: 80
- env:
- - name: REDIS
- value: "azure-vote-back"
----
-apiVersion: v1
-kind: Service
-metadata:
- name: azure-vote-front
-spec:
- type: LoadBalancer
- ports:
- - port: 80
- selector:
- app: azure-vote-front
\ No newline at end of file
diff --git a/cloud-native/aks-bicep-k8s/azure-voting-app-rust.bicep b/cloud-native/aks-bicep-k8s/azure-voting-app-rust.bicep
deleted file mode 100644
index e94ef75..0000000
--- a/cloud-native/aks-bicep-k8s/azure-voting-app-rust.bicep
+++ /dev/null
@@ -1,165 +0,0 @@
-@secure()
-param kubeConfig string
-param namespace string = 'default'
-
-import 'kubernetes@1.0.0' with {
- namespace: namespace
- kubeConfig: kubeConfig
-}
-
-resource appsDeployment_postgres 'apps/Deployment@v1' = {
- metadata: {
- name: 'postgres'
- }
- spec: {
- replicas: 1
- selector: {
- matchLabels: {
- app: 'postgres'
- }
- }
- template: {
- metadata: {
- labels: {
- app: 'postgres'
- }
- }
- spec: {
- nodeSelector: {
- 'kubernetes.io/os': 'linux'
- }
- containers: [
- {
- name: 'postgres'
- image: 'postgres:15.0-alpine'
- env: [
- {
- name: 'POSTGRES_PASSWORD'
- value: 'mypassword'
- }
- ]
- resources: {
- requests: {
- cpu: '100m'
- memory: '128Mi'
- }
- limits: {
- cpu: '250m'
- memory: '256Mi'
- }
- }
- ports: [
- {
- containerPort: 5432
- name: 'postgres'
- }
- ]
- }
- ]
- }
- }
- }
-}
-
-resource coreService_postgres 'core/Service@v1' = {
- metadata: {
- name: 'postgres'
- }
- spec: {
- ports: [
- {
- port: 5432
- }
- ]
- selector: {
- app: 'postgres'
- }
- }
-}
-
-resource appsDeployment_azureVotingAppRust 'apps/Deployment@v1' = {
- metadata: {
- name: 'azure-voting-app-rust'
- }
- spec: {
- replicas: 1
- selector: {
- matchLabels: {
- app: 'azure-voting-app-rust'
- }
- }
- template: {
- metadata: {
- labels: {
- app: 'azure-voting-app-rust'
- }
- }
- spec: {
- nodeSelector: {
- 'kubernetes.io/os': 'linux'
- }
- containers: [
- {
- name: 'azure-voting-app-rust'
- image: 'ghcr.io/asw101/azure-voting-app-rust:latest'
- resources: {
- requests: {
- cpu: '100m'
- memory: '128Mi'
- }
- limits: {
- cpu: '250m'
- memory: '256Mi'
- }
- }
- ports: [
- {
- containerPort: 8080
- }
- ]
- env: [
- {
- name: 'DATABASE_SERVER'
- value: 'postgres'
- }
- {
- name: 'DATABASE_PASSWORD'
- value: 'mypassword'
- }
- {
- name: 'FIRST_VALUE'
- value: 'Go'
- }
- {
- name: 'SECOND_VALUE'
- value: 'Rust'
- }
- ]
- }
- ]
- }
- }
- }
-}
-
-resource coreService_azureVotingAppRust 'core/Service@v1' = {
- metadata: {
- name: 'azure-voting-app-rust'
- }
- spec: {
- type: 'LoadBalancer'
- ports: [
- {
- protocol: 'TCP'
- port: 80
- targetPort: 8080
- }
- ]
- selector: {
- app: 'azure-voting-app-rust'
- }
- }
-}
-
-
-output frontendIp string = coreService_azureVotingAppRust.status.loadBalancer.ingress[0].ip
diff --git a/cloud-native/aks-bicep-k8s/azure-voting-app-rust.yaml b/cloud-native/aks-bicep-k8s/azure-voting-app-rust.yaml
deleted file mode 100644
index 1578f03..0000000
--- a/cloud-native/aks-bicep-k8s/azure-voting-app-rust.yaml
+++ /dev/null
@@ -1,93 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: postgres
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: postgres
- template:
- metadata:
- labels:
- app: postgres
- spec:
- nodeSelector:
- "kubernetes.io/os": linux
- containers:
- - name: postgres
- image: postgres:15.0-alpine
- env:
- - name: POSTGRES_PASSWORD
- value: "mypassword"
- resources:
- requests:
- cpu: 100m
- memory: 128Mi
- limits:
- cpu: 250m
- memory: 256Mi
- ports:
- - containerPort: 5432
- name: postgres
----
-apiVersion: v1
-kind: Service
-metadata:
- name: postgres
-spec:
- ports:
- - port: 5432
- selector:
- app: postgres
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: azure-voting-app-rust
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: azure-voting-app-rust
- template:
- metadata:
- labels:
- app: azure-voting-app-rust
- spec:
- nodeSelector:
- "kubernetes.io/os": linux
- containers:
- - name: azure-voting-app-rust
- image: ghcr.io/asw101/azure-voting-app-rust:latest
- resources:
- requests:
- cpu: 100m
- memory: 128Mi
- limits:
- cpu: 250m
- memory: 256Mi
- ports:
- - containerPort: 8080
- env:
- - name: DATABASE_SERVER
- value: "postgres"
- - name: DATABASE_PASSWORD
- value: "mypassword"
- - name: FIRST_VALUE
- value: "Go"
- - name: SECOND_VALUE
- value: "Rust"
----
-apiVersion: v1
-kind: Service
-metadata:
- name: azure-voting-app-rust
-spec:
- type: LoadBalancer
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
- selector:
- app: azure-voting-app-rust
diff --git a/cloud-native/aks-bicep-k8s/bicepconfig.json b/cloud-native/aks-bicep-k8s/bicepconfig.json
deleted file mode 100644
index b59b79d..0000000
--- a/cloud-native/aks-bicep-k8s/bicepconfig.json
+++ /dev/null
@@ -1,16 +0,0 @@
-{
- // See https://aka.ms/bicep/config for more information on Bicep configuration options
- // Press CTRL+SPACE/CMD+SPACE at any location to see Intellisense suggestions
- "analyzers": {
- "core": {
- "rules": {
- "no-unused-params": {
- "level": "warning"
- }
- }
- }
- },
- "experimentalFeaturesEnabled": {
- "extensibility": true
- }
- }
\ No newline at end of file
diff --git a/cloud-native/aks-bicep-k8s/dotnet-vue-starter.bicep b/cloud-native/aks-bicep-k8s/dotnet-vue-starter.bicep
deleted file mode 100644
index a1cfcf5..0000000
--- a/cloud-native/aks-bicep-k8s/dotnet-vue-starter.bicep
+++ /dev/null
@@ -1,75 +0,0 @@
-@secure()
-param kubeConfig string
-param namespace string = 'default'
-
-import 'kubernetes@1.0.0' with {
- namespace: namespace
- kubeConfig: kubeConfig
-}
-
-resource appsDeployment_dotnetVueStarter 'apps/Deployment@v1' = {
- metadata: {
- name: 'dotnet-vue-starter'
- }
- spec: {
- replicas: 1
- selector: {
- matchLabels: {
- app: 'dotnet-vue-starter'
- }
- }
- template: {
- metadata: {
- labels: {
- app: 'dotnet-vue-starter'
- }
- }
- spec: {
- nodeSelector: {
- 'kubernetes.io/os': 'linux'
- }
- containers: [
- {
- name: 'dotnet-vue-starter'
- image: 'ghcr.io/asw101/dotnet-vue-starter:latest'
- resources: {
- requests: {
- cpu: '100m'
- memory: '128Mi'
- }
- limits: {
- cpu: '250m'
- memory: '256Mi'
- }
- }
- ports: [
- {
- containerPort: 80
- }
- ]
- }
- ]
- }
- }
- }
-}
-
-resource coreService_dotnetVueStarter 'core/Service@v1' = {
- metadata: {
- name: 'dotnet-vue-starter'
- }
- spec: {
- type: 'LoadBalancer'
- ports: [
- {
- port: 80
- }
- ]
- selector: {
- app: 'dotnet-vue-starter'
- }
- }
-}
-
-
-output frontendIp string = coreService_dotnetVueStarter.status.loadBalancer.ingress[0].ip
diff --git a/cloud-native/aks-bicep-k8s/dotnet-vue-starter.yaml b/cloud-native/aks-bicep-k8s/dotnet-vue-starter.yaml
deleted file mode 100644
index ff02e80..0000000
--- a/cloud-native/aks-bicep-k8s/dotnet-vue-starter.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: dotnet-vue-starter
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: dotnet-vue-starter
- template:
- metadata:
- labels:
- app: dotnet-vue-starter
- spec:
- nodeSelector:
- "kubernetes.io/os": linux
- containers:
- - name: dotnet-vue-starter
- image: ghcr.io/asw101/dotnet-vue-starter:latest
- resources:
- requests:
- cpu: 100m
- memory: 128Mi
- limits:
- cpu: 250m
- memory: 256Mi
- ports:
- - containerPort: 80
----
-apiVersion: v1
-kind: Service
-metadata:
- name: dotnet-vue-starter
-spec:
- type: LoadBalancer
- ports:
- - port: 80
- selector:
- app: dotnet-vue-starter
\ No newline at end of file
diff --git a/cloud-native/aks-bicep-k8s/go.mod b/cloud-native/aks-bicep-k8s/go.mod
deleted file mode 100644
index 0fd1d2b..0000000
--- a/cloud-native/aks-bicep-k8s/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module aksbicep
-
-go 1.19
-
-require github.com/magefile/mage v1.14.0
diff --git a/cloud-native/aks-bicep-k8s/go.sum b/cloud-native/aks-bicep-k8s/go.sum
deleted file mode 100644
index f8bfb2f..0000000
--- a/cloud-native/aks-bicep-k8s/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo=
-github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
diff --git a/cloud-native/aks-bicep-k8s/magefile.go b/cloud-native/aks-bicep-k8s/magefile.go
deleted file mode 100644
index dc8116c..0000000
--- a/cloud-native/aks-bicep-k8s/magefile.go
+++ /dev/null
@@ -1,277 +0,0 @@
-//go:build mage
-
-package main
-
-import (
- "errors"
- "fmt"
- "os"
- "strings"
- "time"
-
- "github.com/magefile/mage/sh"
-)
-
-// resourceGroup gets resource group name from the
-// RESOURCE_GROUP env var, or provides a default
-func resourceGroup() string {
- name := os.Getenv("RESOURCE_GROUP")
- if name == "" {
- name = fmt.Sprintf("%s-aks-bicep", time.Now().Format("060100"))
- }
- return name
-}
-
-// Group creates the Azure resource group
-func Group() error {
- name := resourceGroup()
- location := os.Getenv("LOCATION")
- if location == "" {
- location = "eastus"
- }
- cmd := []string{
- "az",
- "group",
- "create",
- "--name",
- name,
- "--location",
- location,
- }
- return sh.RunV(cmd[0], cmd[1:]...)
-}
-
-// DeployAKS deploys aks.bicep at the Resource Group scope
-func DeployAKS() error {
- name := resourceGroup()
- location := os.Getenv("LOCATION")
- if location == "" {
- location = "eastus"
- }
-
- file1 := "aks.bicep"
- cmd := []string{
- "az",
- "deployment",
- "group",
- "create",
- "--resource-group",
- name,
- "--template-file",
- file1,
- "--parameters",
- "location=" + location,
- }
- return sh.RunV(cmd[0], cmd[1:]...)
-}
-
-// DeployAKS uses aks-deploy-app.bicep to deploy AKS_APP_BICEP(=azure-vote.bicep)
-func DeployApp() error {
- name := resourceGroup()
- k8sNamespace := os.Getenv("K8S_NAMESPACE")
- if k8sNamespace == "" {
- k8sNamespace = "default"
- }
- appBicep := os.Getenv("AKS_APP_BICEP")
- if appBicep == "" {
- appBicep = "azure-vote.bicep"
- }
- fmt.Printf("Deploying AKS_APP_BICEP=%s\n", appBicep)
-
- // make temporary file
- file1 := "aks-deploy-app.bicep"
- file2 := "tmp.bicep"
- err := sh.Copy(file2, file1)
- if err != nil {
- return err
- }
- defer os.RemoveAll(file2)
-
- replace1 := map[string]string{
- "azure-vote.bicep": appBicep,
- }
- err = fileReplace(file2, replace1)
- if err != nil {
- return err
- }
-
- cmd := []string{
- "az",
- "deployment",
- "group",
- "create",
- "--resource-group",
- name,
- "--template-file",
- file2,
- "--parameters",
- "namespace=" + k8sNamespace,
- }
- err = sh.RunV(cmd[0], cmd[1:]...)
- if err != nil {
- fmt.Printf("error. retrying once in 20s.\n")
- time.Sleep(20 * time.Second)
- err = sh.RunV(cmd[0], cmd[1:]...)
- }
- return err
-}
-
-// DeployMain [experimental] deploys main.bicep at the Resource Group scope
-func DeployMain() error {
- name := resourceGroup()
- location := os.Getenv("LOCATION")
- if location == "" {
- location = "eastus"
- }
- aksName := os.Getenv("AKS_NAME")
- if aksName == "" {
- aksName = "aks1"
- }
- deployCluster := os.Getenv("DEPLOY_CLUSTER")
- if deployCluster == "" {
- deployCluster = "true"
- }
- switch {
- case deployCluster == "true" || deployCluster == "false":
- default:
- return errors.New("DEPLOY_CLUSTER must be true, false, or empty")
- }
-
- file1 := "main.bicep"
- cmd := []string{
- "az",
- "deployment",
- "group",
- "create",
- "--resource-group",
- name,
- "--template-file",
- file1,
- "--parameters",
- "location=" + location,
- "clusterName=" + aksName,
- "deployCluster=" + deployCluster,
- }
- return sh.RunV(cmd[0], cmd[1:]...)
-}
-
-// EmptyNamespace has az invoke kubectl delete all on K8S_NAMESPACE
-func EmptyNamespace() error {
- name := resourceGroup()
- location := os.Getenv("LOCATION")
- if location == "" {
- location = "eastus"
- }
- aksName := os.Getenv("AKS_NAME")
- if aksName == "" {
- aksName = "aks1"
- }
- k8sNamespace := os.Getenv("K8S_NAMESPACE")
- if k8sNamespace == "" {
- k8sNamespace = "default"
- }
-
- kubectlCommand := "kubectl delete all --all -n " + k8sNamespace
- cmd := []string{
- "az",
- "aks",
- "command",
- "invoke",
- "--resource-group",
- name,
- "--name",
- aksName,
- "--command",
- kubectlCommand,
- }
- return sh.RunV(cmd[0], cmd[1:]...)
-}
-
-// AksCredentials gets credentials for the AKS cluster
-func AksCredentials() error {
- name := resourceGroup()
- aksName := os.Getenv("AKS_NAME")
- if aksName == "" {
- aksName = "aks1"
- }
- cmd := []string{
- "az",
- "aks",
- "get-credentials",
- "--resource-group",
- name,
- "--name",
- aksName,
- "--overwrite-existing",
- }
- return sh.RunV(cmd[0], cmd[1:]...)
-}
-
-// AksKubectl ensures kubectl is installed
-func AksKubectl() error {
- cmd := []string{
- "az",
- "aks",
- "install-cli",
- }
- return sh.RunV(cmd[0], cmd[1:]...)
-}
-
-// Empty empties the Azure resource group
-func Empty() error {
- name := resourceGroup()
- file1 := "empty.bicep"
- f, err := os.Create(file1)
- if err != nil {
- return err
- }
- f.Close()
- cmd := []string{
- "az",
- "deployment",
- "group",
- "create",
- "--resource-group",
- name,
- "--template-file",
- file1,
- "--mode",
- "Complete",
- }
- err = sh.RunV(cmd[0], cmd[1:]...)
- if err != nil {
- return err
- }
- err = os.RemoveAll(file1)
- if err != nil {
- return err
- }
- return nil
-}
-
-// GroupDelete deletes the Azure resource group
-func GroupDelete() error {
- name := resourceGroup()
- cmd := []string{
- "az",
- "group",
- "delete",
- "--name",
- name,
- "--yes",
- }
- return sh.RunV(cmd[0], cmd[1:]...)
-}
-
-// fileReplace replaces values in a file using a map
-func fileReplace(file string, replace map[string]string) error {
- b, err := os.ReadFile(file)
- if err != nil {
- return err
- }
- val := string(b)
- for k, v := range replace {
- val = strings.Replace(val, k, v, -1)
- }
- return os.WriteFile(file, []byte(val), 0644)
-}
diff --git a/cloud-native/aks-bicep-k8s/main.bicep b/cloud-native/aks-bicep-k8s/main.bicep
deleted file mode 100644
index 67cede8..0000000
--- a/cloud-native/aks-bicep-k8s/main.bicep
+++ /dev/null
@@ -1,29 +0,0 @@
-param location string = resourceGroup().location
-param clusterName string = 'aks1'
-param namespace string = 'default'
-param deployCluster bool = true
-
-module aks './aks.bicep' = if(deployCluster) {
- name: '${resourceGroup().name}-aks'
- params: {
- location: location
- clusterName: clusterName
- }
-}
-
-resource aksCluster 'Microsoft.ContainerService/managedClusters@2023-05-01' existing = {
- name: clusterName
-}
-
-module app './azure-vote.bicep' = {
- name: '${resourceGroup().name}-app'
- params: {
- kubeConfig: aksCluster.listClusterAdminCredential().kubeconfigs[0].value
- namespace: namespace
- }
- dependsOn: [
- aks
- ]
-}
-
-output lbPublicIp string = app.outputs.frontendIp
diff --git a/cloud-native/aks-bicep-k8s/main.json b/cloud-native/aks-bicep-k8s/main.json
deleted file mode 100644
index 6b9c65e..0000000
--- a/cloud-native/aks-bicep-k8s/main.json
+++ /dev/null
@@ -1,424 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.1-experimental",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_EXPERIMENTAL_WARNING": "This template uses ARM features that are experimental. Experimental features should be enabled for testing purposes only, as there are no guarantees about the quality or stability of these features. Do not enable these settings for any production usage, or your production environment may be subject to breaking.",
- "_EXPERIMENTAL_FEATURES_ENABLED": [
- "Extensibility"
- ],
- "_generator": {
- "name": "bicep",
- "version": "0.26.170.59819",
- "templateHash": "8744504821534446077"
- }
- },
- "parameters": {
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]"
- },
- "clusterName": {
- "type": "string",
- "defaultValue": "aks1"
- },
- "namespace": {
- "type": "string",
- "defaultValue": "default"
- },
- "deployCluster": {
- "type": "bool",
- "defaultValue": true
- }
- },
- "resources": {
- "aksCluster": {
- "existing": true,
- "type": "Microsoft.ContainerService/managedClusters",
- "apiVersion": "2023-05-01",
- "name": "[parameters('clusterName')]"
- },
- "aks": {
- "condition": "[parameters('deployCluster')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-aks', resourceGroup().name)]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "location": {
- "value": "[parameters('location')]"
- },
- "clusterName": {
- "value": "[parameters('clusterName')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.1-experimental",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_EXPERIMENTAL_WARNING": "This template uses ARM features that are experimental. Experimental features should be enabled for testing purposes only, as there are no guarantees about the quality or stability of these features. Do not enable these settings for any production usage, or your production environment may be subject to breaking.",
- "_EXPERIMENTAL_FEATURES_ENABLED": [
- "Extensibility"
- ],
- "_generator": {
- "name": "bicep",
- "version": "0.26.170.59819",
- "templateHash": "187541002047123827"
- }
- },
- "parameters": {
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]"
- },
- "clusterName": {
- "type": "string",
- "defaultValue": "aks1"
- },
- "nodeCount": {
- "type": "int",
- "defaultValue": 1
- },
- "vmSize": {
- "type": "string",
- "defaultValue": "standard_d2s_v5"
- },
- "kubernetesVersion": {
- "type": "string",
- "defaultValue": "1.29"
- }
- },
- "variables": {
- "rand": "[substring(uniqueString(resourceGroup().id), 0, 6)]",
- "roleDefinitionId": {
- "Owner": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
- "Contributor": "b24988ac-6180-42a0-ab88-20f7382dd24c",
- "Reader": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "AcrPull": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
- "StorageBlobDataContributor": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
- "KubernetesServiceClusterUserRole": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f"
- },
- "roleAssignmentAcrDefinition": "AcrPull",
- "roleAssignmentStorageAccountDefinition": "StorageBlobDataContributor"
- },
- "resources": {
- "managedIdentity": {
- "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
- "apiVersion": "2018-11-30",
- "name": "[format('{0}-identity', resourceGroup().name)]",
- "location": "[parameters('location')]"
- },
- "aks": {
- "type": "Microsoft.ContainerService/managedClusters",
- "apiVersion": "2021-05-01",
- "name": "[parameters('clusterName')]",
- "location": "[parameters('location')]",
- "identity": {
- "type": "UserAssigned",
- "userAssignedIdentities": {
- "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name)))]": {}
- }
- },
- "properties": {
- "kubernetesVersion": "[parameters('kubernetesVersion')]",
- "dnsPrefix": "[parameters('clusterName')]",
- "enableRBAC": true,
- "agentPoolProfiles": [
- {
- "name": "nodepool1",
- "count": "[parameters('nodeCount')]",
- "vmSize": "[parameters('vmSize')]",
- "mode": "System"
- }
- ]
- },
- "dependsOn": [
- "managedIdentity"
- ]
- },
- "containerRegistry": {
- "type": "Microsoft.ContainerRegistry/registries",
- "apiVersion": "2019-05-01",
- "name": "[format('acr{0}', variables('rand'))]",
- "location": "[parameters('location')]",
- "sku": {
- "name": "Standard"
- },
- "properties": {
- "adminUserEnabled": true
- }
- },
- "storageAccount": {
- "type": "Microsoft.Storage/storageAccounts",
- "apiVersion": "2021-02-01",
- "name": "[format('storage{0}', variables('rand'))]",
- "location": "[parameters('location')]",
- "kind": "BlockBlobStorage",
- "sku": {
- "name": "Premium_LRS"
- }
- },
- "roleAssignmentAcr": {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', format('acr{0}', variables('rand')))]",
- "name": "[guid(resourceId('Microsoft.ContainerRegistry/registries', format('acr{0}', variables('rand'))), variables('roleAssignmentAcrDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentAcrDefinition')])]",
- "principalId": "[reference('aks').identityProfile.kubeletidentity.objectId]"
- },
- "dependsOn": [
- "aks",
- "containerRegistry"
- ]
- },
- "roleAssignmentStorageAccount": {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "scope": "[format('Microsoft.Storage/storageAccounts/{0}', format('storage{0}', variables('rand')))]",
- "name": "[guid(resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', variables('rand'))), variables('roleAssignmentStorageAccountDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentStorageAccountDefinition')])]",
- "principalId": "[reference('managedIdentity').principalId]"
- },
- "dependsOn": [
- "aks",
- "managedIdentity",
- "storageAccount"
- ]
- }
- }
- }
- }
- },
- "app": {
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-app', resourceGroup().name)]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "kubeConfig": {
- "value": "[listClusterAdminCredential(resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName')), '2023-05-01').kubeconfigs[0].value]"
- },
- "namespace": {
- "value": "[parameters('namespace')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.1-experimental",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_EXPERIMENTAL_WARNING": "This template uses ARM features that are experimental. Experimental features should be enabled for testing purposes only, as there are no guarantees about the quality or stability of these features. Do not enable these settings for any production usage, or your production environment may be subject to breaking.",
- "_EXPERIMENTAL_FEATURES_ENABLED": [
- "Extensibility"
- ],
- "_generator": {
- "name": "bicep",
- "version": "0.26.170.59819",
- "templateHash": "1578784578022569032"
- }
- },
- "parameters": {
- "kubeConfig": {
- "type": "securestring"
- },
- "namespace": {
- "type": "string",
- "defaultValue": "default"
- }
- },
- "imports": {
- "kubernetes": {
- "provider": "Kubernetes",
- "version": "1.0.0",
- "config": {
- "namespace": "[parameters('namespace')]",
- "kubeConfig": "[parameters('kubeConfig')]"
- }
- }
- },
- "resources": {
- "appsDeployment_azureVoteBack": {
- "import": "kubernetes",
- "type": "apps/Deployment@v1",
- "properties": {
- "metadata": {
- "name": "azure-vote-back"
- },
- "spec": {
- "replicas": 1,
- "selector": {
- "matchLabels": {
- "app": "azure-vote-back"
- }
- },
- "template": {
- "metadata": {
- "labels": {
- "app": "azure-vote-back"
- }
- },
- "spec": {
- "nodeSelector": {
- "kubernetes.io/os": "linux"
- },
- "containers": [
- {
- "name": "azure-vote-back",
- "image": "mcr.microsoft.com/oss/bitnami/redis:6.0.8",
- "env": [
- {
- "name": "ALLOW_EMPTY_PASSWORD",
- "value": "yes"
- }
- ],
- "resources": {
- "requests": {
- "cpu": "100m",
- "memory": "128Mi"
- },
- "limits": {
- "cpu": "250m",
- "memory": "256Mi"
- }
- },
- "ports": [
- {
- "containerPort": 6379,
- "name": "redis"
- }
- ]
- }
- ]
- }
- }
- }
- }
- },
- "coreService_azureVoteBack": {
- "import": "kubernetes",
- "type": "core/Service@v1",
- "properties": {
- "metadata": {
- "name": "azure-vote-back"
- },
- "spec": {
- "ports": [
- {
- "port": 6379
- }
- ],
- "selector": {
- "app": "azure-vote-back"
- }
- }
- }
- },
- "appsDeployment_azureVoteFront": {
- "import": "kubernetes",
- "type": "apps/Deployment@v1",
- "properties": {
- "metadata": {
- "name": "azure-vote-front"
- },
- "spec": {
- "replicas": 1,
- "selector": {
- "matchLabels": {
- "app": "azure-vote-front"
- }
- },
- "template": {
- "metadata": {
- "labels": {
- "app": "azure-vote-front"
- }
- },
- "spec": {
- "nodeSelector": {
- "kubernetes.io/os": "linux"
- },
- "containers": [
- {
- "name": "azure-vote-front",
- "image": "mcr.microsoft.com/azuredocs/azure-vote-front:v1",
- "resources": {
- "requests": {
- "cpu": "100m",
- "memory": "128Mi"
- },
- "limits": {
- "cpu": "250m",
- "memory": "256Mi"
- }
- },
- "ports": [
- {
- "containerPort": 80
- }
- ],
- "env": [
- {
- "name": "REDIS",
- "value": "azure-vote-back"
- }
- ]
- }
- ]
- }
- }
- }
- }
- },
- "coreService_azureVoteFront": {
- "import": "kubernetes",
- "type": "core/Service@v1",
- "properties": {
- "metadata": {
- "name": "azure-vote-front"
- },
- "spec": {
- "type": "LoadBalancer",
- "ports": [
- {
- "port": 80
- }
- ],
- "selector": {
- "app": "azure-vote-front"
- }
- }
- }
- }
- },
- "outputs": {
- "frontendIp": {
- "type": "string",
- "value": "[reference('coreService_azureVoteFront').status.loadBalancer.ingress[0].ip]"
- }
- }
- }
- },
- "dependsOn": [
- "aks",
- "aksCluster"
- ]
- }
- },
- "outputs": {
- "lbPublicIp": {
- "type": "string",
- "value": "[reference('app').outputs.frontendIp.value]"
- }
- }
-}
\ No newline at end of file
diff --git a/cloud-native/aks-bicep-keda/01-aks/README.md b/cloud-native/aks-bicep-keda/01-aks/README.md
deleted file mode 100644
index 3fb3e84..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# 01-aks/
-
-This folder contains bicep templates and scripts to deploy Azure Kubernetes Service (AKS), Managed Identity, Container Registry and related resources.
-
-## Build ARM (main.json) from Bicep
-
-```bash
-az bicep build --file main.bicep --outfile main.json
-```
-
-## Deploy ARM (main.json) via Azure Portal
-
-[Deploy to Azure](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazure-opensource-labs%2Fmain%2Fcloud-native%2Faks-bicep-keda%2F01-aks%2Fmain.json)
-
-```bash
-TEMPLATE_URL='https://raw.githubusercontent.com/Azure-Samples/azure-opensource-labs/main/cloud-native/aks-bicep-keda/01-aks/main.json'
-OUTPUT_URL='https://portal.azure.com/#create/Microsoft.Template/uri/'$(printf "$TEMPLATE_URL" | jq -s -R -r @uri )
-echo $OUTPUT_URL
-
-# https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazure-opensource-labs%2Fmain%2Fcloud-native%2Faks-bicep-keda%2F01-aks%2Fmain.json
-```
diff --git a/cloud-native/aks-bicep-keda/01-aks/RESOURCES.md b/cloud-native/aks-bicep-keda/01-aks/RESOURCES.md
deleted file mode 100644
index b226a09..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/RESOURCES.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# RESOURCES
-
-- Initial AKS templates borrowed from: .
--
--
diff --git a/cloud-native/aks-bicep-keda/01-aks/aks.bicep b/cloud-native/aks-bicep-keda/01-aks/aks.bicep
deleted file mode 100644
index 245999a..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/aks.bicep
+++ /dev/null
@@ -1,139 +0,0 @@
-param location string = resourceGroup().location
-param clusterName string = ''
-param nodeCount int = 1
-param vmSize string = 'standard_d2s_v3'
-param kubernetesVersion string = '1.29'
-
-var rand = substring(uniqueString(resourceGroup().id), 0, 6)
-var clusterName_var = clusterName != '' ? clusterName : 'aks1'
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: '${resourceGroup().name}-identity'
- location: location
-}
-
-resource aks 'Microsoft.ContainerService/managedClusters@2021-05-01' = {
- name: clusterName_var
- location: location
- identity: {
- type: 'UserAssigned'
- userAssignedIdentities: {
- '${managedIdentity.id}': {}
- }
- }
- properties: {
- kubernetesVersion: kubernetesVersion
- dnsPrefix: clusterName_var
- enableRBAC: true
- agentPoolProfiles: [
- {
- name: 'pool0'
- count: nodeCount
- vmSize: vmSize
- mode: 'System'
- }
- ]
- }
-}
-
-resource containerRegistry 'Microsoft.ContainerRegistry/registries@2019-05-01' = {
- name: 'acr${rand}'
- location: location
- sku: {
- name: 'Standard'
- }
- properties: {
- adminUserEnabled: true
- }
-}
-
-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
- name: 'storage${rand}'
- location: location
- kind: 'BlockBlobStorage'
- sku: {
- name: 'Premium_LRS'
- }
- properties: {
- minimumTlsVersion: 'TLS1_2'
- }
-}
-
-resource serviceBus 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' = {
- name: 'servicebus${rand}'
- location: location
- sku: {
- capacity: 1
- name: 'Standard'
- tier: 'Standard'
- }
- properties: {
- disableLocalAuth: false
- }
-}
-
-// via: https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-functions-resource#subscriptionresourceid-example
-var roleDefinitionId = {
- Owner: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
- Contributor: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
- Reader: 'acdd72a7-3385-48ef-bd42-f606fba81ae7'
- AcrPull: '7f951dda-4ed3-4680-a7ca-43fe172d538d'
- StorageBlobDataContributor: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
- ServiceBusDataOwner: '090c5cfd-751d-490a-894a-3ce6f1109419'
- KubernetesServiceClusterUserRole: '4abbcc35-e782-43d8-92c5-2d3f1bd2253f'
-}
-
-// https://github.com/Azure/bicep/discussions/3181
-var roleAssignmentAcrDefinition = 'AcrPull'
-resource roleAssignmentAcr 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(containerRegistry.id, roleAssignmentAcrDefinition)
- scope: containerRegistry
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentAcrDefinition])
- principalId: aks.properties.identityProfile.kubeletidentity.objectId
- }
-}
-
-var roleAssignmentStorageAccountDefinition = 'StorageBlobDataContributor'
-resource roleAssignmentStorageAccount 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(storageAccount.id, roleAssignmentStorageAccountDefinition)
- scope: storageAccount
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentStorageAccountDefinition])
- principalId: managedIdentity.properties.principalId
- }
- dependsOn: [
- aks
- ]
-}
-
-var roleAssignmentServiceBusDefinition = 'ServiceBusDataOwner'
-resource roleAssignmentServiceBus 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(serviceBus.id, roleAssignmentServiceBusDefinition)
- scope: serviceBus
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentServiceBusDefinition])
- principalId: managedIdentity.properties.principalId
- }
- dependsOn: [
- aks
- ]
-}
-
-resource managedIdentityDeploy 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: '${resourceGroup().name}-identity-deploy'
- location: location
-}
-
-var roleAssignmentDeploymentContributorDefinition = 'Contributor'
-resource roleAssignmentDeploymentContributor 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(managedIdentityDeploy.id, roleAssignmentDeploymentContributorDefinition)
- scope: resourceGroup()
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentDeploymentContributorDefinition])
- principalId: managedIdentityDeploy.properties.principalId
- }
- dependsOn: [
- aks
- ]
-}
diff --git a/cloud-native/aks-bicep-keda/01-aks/deploy-aks.sh b/cloud-native/aks-bicep-keda/01-aks/deploy-aks.sh
deleted file mode 100644
index 4fe8faa..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/deploy-aks.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-
-az deployment group create \
- --resource-group $RESOURCE_GROUP \
- --mode complete \
- --template-file ./aks.bicep
diff --git a/cloud-native/aks-bicep-keda/01-aks/deploy-deploy-script.sh b/cloud-native/aks-bicep-keda/01-aks/deploy-deploy-script.sh
deleted file mode 100644
index cdb1cee..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/deploy-deploy-script.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-[[ -z "${LOCATION:-}" ]] && LOCATION='eastus'
-
-az deployment group create \
- --resource-group $RESOURCE_GROUP \
- --mode incremental \
- --template-file ./deploy-script.bicep \
- --parameters \
- scriptUri='https://raw.githubusercontent.com/Azure-Samples/azure-opensource-labs/main/cloud-native/aks-bicep-keda/01-aks/deploy-script-aks.sh'
diff --git a/cloud-native/aks-bicep-keda/01-aks/deploy-empty.sh b/cloud-native/aks-bicep-keda/01-aks/deploy-empty.sh
deleted file mode 100644
index dd3f0f3..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/deploy-empty.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-
-az deployment group create \
- --resource-group $RESOURCE_GROUP \
- --mode complete \
- --template-file ./empty.bicep
diff --git a/cloud-native/aks-bicep-keda/01-aks/deploy-keyvault.sh b/cloud-native/aks-bicep-keda/01-aks/deploy-keyvault.sh
deleted file mode 100644
index f1cf287..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/deploy-keyvault.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-
-az deployment group create \
- --resource-group $RESOURCE_GROUP \
- --mode incremental \
- --template-file ./keyvault.bicep
diff --git a/cloud-native/aks-bicep-keda/01-aks/deploy-main.sh b/cloud-native/aks-bicep-keda/01-aks/deploy-main.sh
deleted file mode 100644
index 3f07d69..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/deploy-main.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-[[ -z "${LOCATION:-}" ]] && LOCATION='eastus'
-[[ -z "${AKS_NAME:-}" ]] && AKS_NAME='aks1'
-
-az deployment sub create \
- --location $LOCATION \
- --template-file ./main.bicep \
- --parameters \
- deployScript='true' \
- scriptUri='https://raw.githubusercontent.com/Azure-Samples/azure-opensource-labs/main/cloud-native/aks-bicep-keda/01-aks/deploy-script-keda.sh' \
- resourceGroup=$RESOURCE_GROUP
diff --git a/cloud-native/aks-bicep-keda/01-aks/deploy-script-aks.sh b/cloud-native/aks-bicep-keda/01-aks/deploy-script-aks.sh
deleted file mode 100644
index 6ed1964..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/deploy-script-aks.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-[[ -z "${AKS_NAME:-}" ]] && AKS_NAME='aks1'
-
-echo "az aks command invoke"
-az aks command invoke \
- --resource-group $RESOURCE_GROUP \
- --name $AKS_NAME \
- --command 'kubectl run nginx --image=nginx'
diff --git a/cloud-native/aks-bicep-keda/01-aks/deploy-script-keda.sh b/cloud-native/aks-bicep-keda/01-aks/deploy-script-keda.sh
deleted file mode 100644
index 70cd14b..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/deploy-script-keda.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-[[ -z "${AKS_NAME:-}" ]] && AKS_NAME='aks1'
-
-echo "az aks command invoke"
-az aks command invoke \
- --resource-group $RESOURCE_GROUP \
- --name $AKS_NAME \
- --command 'kubectl apply -f https://github.com/kedacore/keda/releases/download/v2.7.1/keda-2.7.1.yaml'
diff --git a/cloud-native/aks-bicep-keda/01-aks/deploy-script.bicep b/cloud-native/aks-bicep-keda/01-aks/deploy-script.bicep
deleted file mode 100644
index df50a7e..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/deploy-script.bicep
+++ /dev/null
@@ -1,65 +0,0 @@
-param location string = resourceGroup().location
-param utcValue string = utcNow()
-param resourceGroupName string = resourceGroup().name
-// url to deploy-script-*.sh in repo
-param scriptUri string = ''
-
-resource managedIdentityDeploy 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: '${resourceGroup().name}-identity-deploy'
- location: location
-}
-
-var roleDefinitionId = {
- Owner: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
- Contributor: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
- Reader: 'acdd72a7-3385-48ef-bd42-f606fba81ae7'
-}
-
-// https://github.com/Azure/bicep/discussions/3181
-var roleAssignmentDeploymentContributorDefinition = 'Contributor'
-resource roleAssignmentDeploymentContributor 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(managedIdentityDeploy.id, roleAssignmentDeploymentContributorDefinition)
- scope: resourceGroup()
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentDeploymentContributorDefinition])
- principalId: managedIdentityDeploy.properties.principalId
- }
-}
-
-resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
- name: 'deploy-script'
- location: location
- kind: 'AzureCLI'
- identity: {
- type: 'UserAssigned'
- userAssignedIdentities: {
- '${managedIdentityDeploy.id}': {}
- }
- }
- properties: {
- environmentVariables: [
- {
- name: 'RESOURCE_GROUP'
- value: resourceGroupName
- }
- {
- name: 'AKS_NAME'
- value: 'aks1'
- }
- {
- name: 'NAMESPACE'
- value: 'keda-http'
- }
- ]
- forceUpdateTag: utcValue
- azCliVersion: '2.28.0'
- timeout: 'PT30M'
- //arguments: '\'211200-cloud-native\''
- //scriptContent: 'echo "arg1 is: $1"; value=$1; echo \'{}\' | jq --arg value "$value" \'.Result = $value\' | tee $AZ_SCRIPTS_OUTPUT_PATH'
- primaryScriptUri: scriptUri
- cleanupPreference: 'OnSuccess'
- retentionInterval: 'P1D'
- }
-}
-
-//output result object = deploymentScript.properties.outputs
diff --git a/cloud-native/aks-bicep-keda/01-aks/empty.bicep b/cloud-native/aks-bicep-keda/01-aks/empty.bicep
deleted file mode 100644
index 3d70e64..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/empty.bicep
+++ /dev/null
@@ -1 +0,0 @@
-output group string = resourceGroup().id
diff --git a/cloud-native/aks-bicep-keda/01-aks/keyvault.bicep b/cloud-native/aks-bicep-keda/01-aks/keyvault.bicep
deleted file mode 100644
index 5aa5280..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/keyvault.bicep
+++ /dev/null
@@ -1,34 +0,0 @@
-param location string = resourceGroup().location
-
-var rand = substring(uniqueString(resourceGroup().id), 0, 6)
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: '${resourceGroup().name}-identity'
- location: location
-}
-
-resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = {
- name: 'keyvault${rand}'
- location: location
- properties: {
- enabledForDeployment: true
- enabledForTemplateDeployment: true
- enabledForDiskEncryption: true
- tenantId: subscription().tenantId
- sku: {
- name: 'standard'
- family: 'A'
- }
- accessPolicies: [
- {
- objectId: managedIdentity.properties.principalId
- permissions: {
- secrets: [
- 'all'
- ]
- }
- tenantId: subscription().tenantId
- }
- ]
- }
-}
diff --git a/cloud-native/aks-bicep-keda/01-aks/main.bicep b/cloud-native/aks-bicep-keda/01-aks/main.bicep
deleted file mode 100644
index 2c9f2a8..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/main.bicep
+++ /dev/null
@@ -1,31 +0,0 @@
-targetScope = 'subscription'
-
-param resourceGroup string = '220600-keda'
-param location string = deployment().location
-param deployScript bool = false
-param scriptUri string = 'https://raw.githubusercontent.com/Azure-Samples/azure-opensource-labs/main/cloud-native/aks-bicep-keda/01-aks/deploy-script-keda.sh'
-
-resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroup
- location: location
-}
-
-module aks './aks.bicep' = {
- name: '${resourceGroup}-aks'
- scope: rg
- params: {
- location: location
- }
-}
-
-module script './deploy-script.bicep' = if(deployScript) {
- name: '${resourceGroup}-deployscript'
- scope: rg
- params: {
- location: location
- scriptUri: scriptUri
- }
- dependsOn: [
- aks
- ]
-}
diff --git a/cloud-native/aks-bicep-keda/01-aks/main.json b/cloud-native/aks-bicep-keda/01-aks/main.json
deleted file mode 100644
index dd9f658..0000000
--- a/cloud-native/aks-bicep-keda/01-aks/main.json
+++ /dev/null
@@ -1,365 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "16764085829659056086"
- }
- },
- "parameters": {
- "resourceGroup": {
- "type": "string",
- "defaultValue": "220600-keda"
- },
- "location": {
- "type": "string",
- "defaultValue": "[deployment().location]"
- },
- "deployScript": {
- "type": "bool",
- "defaultValue": false
- },
- "scriptUri": {
- "type": "string",
- "defaultValue": "https://raw.githubusercontent.com/Azure-Samples/azure-opensource-labs/main/cloud-native/aks-bicep-keda/01-aks/deploy-script-keda.sh"
- }
- },
- "resources": [
- {
- "type": "Microsoft.Resources/resourceGroups",
- "apiVersion": "2021-04-01",
- "name": "[parameters('resourceGroup')]",
- "location": "[parameters('location')]"
- },
- {
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-aks', parameters('resourceGroup'))]",
- "resourceGroup": "[parameters('resourceGroup')]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "location": {
- "value": "[parameters('location')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "7703729210362399507"
- }
- },
- "parameters": {
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]"
- },
- "clusterName": {
- "type": "string",
- "defaultValue": ""
- },
- "nodeCount": {
- "type": "int",
- "defaultValue": 1
- },
- "vmSize": {
- "type": "string",
- "defaultValue": "standard_d2s_v3"
- },
- "kubernetesVersion": {
- "type": "string",
- "defaultValue": "1.29"
- }
- },
- "variables": {
- "rand": "[substring(uniqueString(resourceGroup().id), 0, 6)]",
- "clusterName_var": "[if(not(equals(parameters('clusterName'), '')), parameters('clusterName'), 'aks1')]",
- "roleDefinitionId": {
- "Owner": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
- "Contributor": "b24988ac-6180-42a0-ab88-20f7382dd24c",
- "Reader": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "AcrPull": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
- "StorageBlobDataContributor": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
- "ServiceBusDataOwner": "090c5cfd-751d-490a-894a-3ce6f1109419",
- "KubernetesServiceClusterUserRole": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f"
- },
- "roleAssignmentAcrDefinition": "AcrPull",
- "roleAssignmentStorageAccountDefinition": "StorageBlobDataContributor",
- "roleAssignmentServiceBusDefinition": "ServiceBusDataOwner",
- "roleAssignmentDeploymentContributorDefinition": "Contributor"
- },
- "resources": [
- {
- "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
- "apiVersion": "2018-11-30",
- "name": "[format('{0}-identity', resourceGroup().name)]",
- "location": "[parameters('location')]"
- },
- {
- "type": "Microsoft.ContainerService/managedClusters",
- "apiVersion": "2021-05-01",
- "name": "[variables('clusterName_var')]",
- "location": "[parameters('location')]",
- "identity": {
- "type": "UserAssigned",
- "userAssignedIdentities": {
- "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name)))]": {}
- }
- },
- "properties": {
- "kubernetesVersion": "[parameters('kubernetesVersion')]",
- "dnsPrefix": "[variables('clusterName_var')]",
- "enableRBAC": true,
- "agentPoolProfiles": [
- {
- "name": "pool0",
- "count": "[parameters('nodeCount')]",
- "vmSize": "[parameters('vmSize')]",
- "mode": "System"
- }
- ]
- },
- "dependsOn": [
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name))]"
- ]
- },
- {
- "type": "Microsoft.ContainerRegistry/registries",
- "apiVersion": "2019-05-01",
- "name": "[format('acr{0}', variables('rand'))]",
- "location": "[parameters('location')]",
- "sku": {
- "name": "Standard"
- },
- "properties": {
- "adminUserEnabled": true
- }
- },
- {
- "type": "Microsoft.Storage/storageAccounts",
- "apiVersion": "2021-02-01",
- "name": "[format('storage{0}', variables('rand'))]",
- "location": "[parameters('location')]",
- "kind": "BlockBlobStorage",
- "sku": {
- "name": "Premium_LRS"
- },
- "properties": {
- "minimumTlsVersion": "TLS1_2"
- }
- },
- {
- "type": "Microsoft.ServiceBus/namespaces",
- "apiVersion": "2021-06-01-preview",
- "name": "[format('servicebus{0}', variables('rand'))]",
- "location": "[parameters('location')]",
- "sku": {
- "capacity": 1,
- "name": "Standard",
- "tier": "Standard"
- },
- "properties": {
- "disableLocalAuth": false
- }
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', format('acr{0}', variables('rand')))]",
- "name": "[guid(resourceId('Microsoft.ContainerRegistry/registries', format('acr{0}', variables('rand'))), variables('roleAssignmentAcrDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentAcrDefinition')])]",
- "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', variables('clusterName_var')), '2021-05-01').identityProfile.kubeletidentity.objectId]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ContainerService/managedClusters', variables('clusterName_var'))]",
- "[resourceId('Microsoft.ContainerRegistry/registries', format('acr{0}', variables('rand')))]"
- ]
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "scope": "[format('Microsoft.Storage/storageAccounts/{0}', format('storage{0}', variables('rand')))]",
- "name": "[guid(resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', variables('rand'))), variables('roleAssignmentStorageAccountDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentStorageAccountDefinition')])]",
- "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name)), '2018-11-30').principalId]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ContainerService/managedClusters', variables('clusterName_var'))]",
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name))]",
- "[resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', variables('rand')))]"
- ]
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "scope": "[format('Microsoft.ServiceBus/namespaces/{0}', format('servicebus{0}', variables('rand')))]",
- "name": "[guid(resourceId('Microsoft.ServiceBus/namespaces', format('servicebus{0}', variables('rand'))), variables('roleAssignmentServiceBusDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentServiceBusDefinition')])]",
- "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name)), '2018-11-30').principalId]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ContainerService/managedClusters', variables('clusterName_var'))]",
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name))]",
- "[resourceId('Microsoft.ServiceBus/namespaces', format('servicebus{0}', variables('rand')))]"
- ]
- },
- {
- "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
- "apiVersion": "2018-11-30",
- "name": "[format('{0}-identity-deploy', resourceGroup().name)]",
- "location": "[parameters('location')]"
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name)), variables('roleAssignmentDeploymentContributorDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentDeploymentContributorDefinition')])]",
- "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name)), '2018-11-30').principalId]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ContainerService/managedClusters', variables('clusterName_var'))]",
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name))]"
- ]
- }
- ]
- }
- },
- "dependsOn": [
- "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroup'))]"
- ]
- },
- {
- "condition": "[parameters('deployScript')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-deployscript', parameters('resourceGroup'))]",
- "resourceGroup": "[parameters('resourceGroup')]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "location": {
- "value": "[parameters('location')]"
- },
- "scriptUri": {
- "value": "[parameters('scriptUri')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "9861108784878104103"
- }
- },
- "parameters": {
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]"
- },
- "utcValue": {
- "type": "string",
- "defaultValue": "[utcNow()]"
- },
- "resourceGroupName": {
- "type": "string",
- "defaultValue": "[resourceGroup().name]"
- },
- "scriptUri": {
- "type": "string",
- "defaultValue": ""
- }
- },
- "variables": {
- "roleDefinitionId": {
- "Owner": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
- "Contributor": "b24988ac-6180-42a0-ab88-20f7382dd24c",
- "Reader": "acdd72a7-3385-48ef-bd42-f606fba81ae7"
- },
- "roleAssignmentDeploymentContributorDefinition": "Contributor"
- },
- "resources": [
- {
- "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
- "apiVersion": "2018-11-30",
- "name": "[format('{0}-identity-deploy', resourceGroup().name)]",
- "location": "[parameters('location')]"
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name)), variables('roleAssignmentDeploymentContributorDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentDeploymentContributorDefinition')])]",
- "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name)), '2018-11-30').principalId]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name))]"
- ]
- },
- {
- "type": "Microsoft.Resources/deploymentScripts",
- "apiVersion": "2020-10-01",
- "name": "deploy-script",
- "location": "[parameters('location')]",
- "kind": "AzureCLI",
- "identity": {
- "type": "UserAssigned",
- "userAssignedIdentities": {
- "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name)))]": {}
- }
- },
- "properties": {
- "environmentVariables": [
- {
- "name": "RESOURCE_GROUP",
- "value": "[parameters('resourceGroupName')]"
- },
- {
- "name": "AKS_NAME",
- "value": "aks1"
- },
- {
- "name": "NAMESPACE",
- "value": "keda-http"
- }
- ],
- "forceUpdateTag": "[parameters('utcValue')]",
- "azCliVersion": "2.28.0",
- "timeout": "PT30M",
- "primaryScriptUri": "[parameters('scriptUri')]",
- "cleanupPreference": "OnSuccess",
- "retentionInterval": "P1D"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name))]"
- ]
- }
- ]
- }
- },
- "dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroup')), 'Microsoft.Resources/deployments', format('{0}-aks', parameters('resourceGroup')))]",
- "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroup'))]"
- ]
- }
- ]
-}
\ No newline at end of file
diff --git a/cloud-native/aks-bicep-keda/02-keda/README.md b/cloud-native/aks-bicep-keda/02-keda/README.md
deleted file mode 100644
index 3cbaa29..0000000
--- a/cloud-native/aks-bicep-keda/02-keda/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# 02-keda/
-
-This folder contains a folder, `deploy/` with Kubernetes templates to deploy the [asw101/go-blob](https://github.com/asw101/go-blob) sample application to Kubernetes and KEDA.
diff --git a/cloud-native/aks-bicep-keda/02-keda/deploy/deployment.yaml b/cloud-native/aks-bicep-keda/02-keda/deploy/deployment.yaml
deleted file mode 100644
index ac2708a..0000000
--- a/cloud-native/aks-bicep-keda/02-keda/deploy/deployment.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: go-blob
- labels:
- app.kubernetes.io/name: go-blob
-spec:
- selector:
- matchLabels:
- app.kubernetes.io/name: go-blob
- template:
- metadata:
- labels:
- app.kubernetes.io/name: go-blob
- spec:
- serviceAccountName: go-blob
- containers:
- - name: go-blob
- image: "ghcr.io/asw101/go-blob:daemon"
- imagePullPolicy: Always
- env:
- - name: AZURE_STORAGE_ACCOUNT_NAME
- valueFrom:
- secretKeyRef:
- name: az-storage-account
- key: AZURE_STORAGE_ACCOUNT_NAME
- optional: true
- - name: AZURE_STORAGE_PRIMARY_ACCOUNT_KEY
- valueFrom:
- secretKeyRef:
- name: az-storage-account
- key: AZURE_STORAGE_PRIMARY_ACCOUNT_KEY
- optional: true
-
\ No newline at end of file
diff --git a/cloud-native/aks-bicep-keda/02-keda/deploy/keda.yaml b/cloud-native/aks-bicep-keda/02-keda/deploy/keda.yaml
deleted file mode 100644
index 64eb9e4..0000000
--- a/cloud-native/aks-bicep-keda/02-keda/deploy/keda.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-apiVersion: keda.sh/v1alpha1
-kind: TriggerAuthentication
-metadata:
- name: azure-blob-auth
- namespace: go-blob
-spec:
- secretTargetRef:
- - parameter: connection
- name: az-storage-account
- key: AZURE_STORAGE_CONNECTION_STRING
----
-apiVersion: keda.sh/v1alpha1
-kind: ScaledObject
-metadata:
- name: go-blob-scaledobject
- namespace: go-blob
-spec:
- scaleTargetRef:
- name: go-blob
- pollingInterval: 10
- cooldownPeriod: 10
- idleReplicaCount: 0
- minReplicaCount: 0
- maxReplicaCount: 5
- advanced:
- restoreToOriginalReplicaCount: true
- horizontalPodAutoscalerConfig:
- behavior:
- scaleDown:
- stabilizationWindowSeconds: 20
- policies:
- - type: Percent
- value: 100
- periodSeconds: 10
- triggers:
- - type: azure-blob
- metadata:
- blobContainerName: mycontainer
- # Optional
- blobCount: "1" # default 5
- blobPrefix: ""
- blobDelimiter: "/"
- cloud: AzurePublicCloud
- authenticationRef:
- name: azure-blob-auth
diff --git a/cloud-native/aks-bicep-keda/02-keda/deploy/kustomization.yaml b/cloud-native/aks-bicep-keda/02-keda/deploy/kustomization.yaml
deleted file mode 100644
index a978212..0000000
--- a/cloud-native/aks-bicep-keda/02-keda/deploy/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-resources:
-- namespace.yaml
-- deployment.yaml
-- serviceaccount.yaml
-- keda.yaml
-
-commonLabels:
- app.kubernetes.io/name: go-blob
-
-namespace: go-blob
diff --git a/cloud-native/aks-bicep-keda/02-keda/deploy/namespace.yaml b/cloud-native/aks-bicep-keda/02-keda/deploy/namespace.yaml
deleted file mode 100644
index 170b965..0000000
--- a/cloud-native/aks-bicep-keda/02-keda/deploy/namespace.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
- name: go-blob
-
\ No newline at end of file
diff --git a/cloud-native/aks-bicep-keda/02-keda/deploy/serviceaccount.yaml b/cloud-native/aks-bicep-keda/02-keda/deploy/serviceaccount.yaml
deleted file mode 100644
index 923f9c5..0000000
--- a/cloud-native/aks-bicep-keda/02-keda/deploy/serviceaccount.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: go-blob
- labels:
- app.kubernetes.io/name: go-blob
-
\ No newline at end of file
diff --git a/cloud-native/aks-bicep-keda/03-keda-http/README.md b/cloud-native/aks-bicep-keda/03-keda-http/README.md
deleted file mode 100644
index c2c673b..0000000
--- a/cloud-native/aks-bicep-keda/03-keda-http/README.md
+++ /dev/null
@@ -1,67 +0,0 @@
-# KEDA HTTP Add-on
-
-Install KEDA (via [YAML files](https://keda.sh/docs/2.7/deploy/#yaml)). You can also use [Helm](https://keda.sh/docs/2.7/deploy/#helm) or [Operator Hub](https://keda.sh/docs/2.7/deploy/#operatorhub). It may have been deployed to your cluster already.
-
-```bash
-kubectl apply -f https://github.com/kedacore/keda/releases/download/v2.7.1/keda-2.7.1.yaml
-```
-
-Install KEDA HTTP Add-on (via [Helm](https://github.com/kedacore/http-add-on/blob/main/docs/install.md#install-via-helm-chart)). It will be installed in `keda-http` namespace.
-
-```bash
-helm upgrade --install http-add-on keda-add-ons-http \
- --repo https://kedacore.github.io/charts \
- --create-namespace \
- --namespace keda-http
-```
-
-Install the NGINX Ingress Controller (via [Helm](https://kubernetes.github.io/ingress-nginx/deploy/#quick-start)).
-
-```bash
-helm upgrade --install ingress-nginx ingress-nginx \
- --repo https://kubernetes.github.io/ingress-nginx \
- --create-namespace \
- --namespace ingress-nginx
-```
-
-Get the IP address of the Ingress Controller.
-
-```bash
-SERVICE_IP=$(kubectl get service -n ingress-nginx ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].ip}')
-
-echo $SERVICE_IP
-```
-
-Clone the [asw101/go-hello](https://github.com/asw101/go-hello) repo locally.
-
-```bash
-git clone https://github.com/asw101/go-hello.git
-```
-
-Open `go-hello/deploy/kustomization.yaml` and replace the `0.0.0.0` in `hello.0.0.0.0.nip.io` in with the IP address from `$SERVICE_IP` above.
-
-Deploy the manifests in the [go-hello/deploy](https://github.com/asw101/go-hello/tree/main/deploy) folder using kubectl and [kustomization](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/).
-
-```bash
-kubectl apply -k go-hello/deploy
-```
-
-Output URL and open it in a web browser.
-
-```bash
-echo "http://hello.${SERVICE_IP}.nip.io"
-```
-
-curl the `/echo` endpoint.
-
-```bash
-curl "http://hello.${SERVICE_IP}.nip.io/echo"
-```
-
-If you would like to see the pods scale up and down, and/or tail the logs, in real-time, open [k9s](https://github.com/derailed/k9s#installation) in another terminal window and view the `hello` deployment.
-
-Use [hey](https://github.com/rakyll/hey) to generate load against `/wait?ms=450`, which will wait 450ms before responding. This command will use 250 concurrent workers to send a total of 10,000 requests.
-
-```bash
-hey -c 250 -n 10000 "http://hello.${SERVICE_IP}.nip.io/wait?ms=450"
-```
diff --git a/cloud-native/aks-bicep-keda/README.md b/cloud-native/aks-bicep-keda/README.md
deleted file mode 100644
index 51608c0..0000000
--- a/cloud-native/aks-bicep-keda/README.md
+++ /dev/null
@@ -1,94 +0,0 @@
-# Explore KEDA (Kubernetes Event-driven Autoscaling) and the KEDA HTTP Add-on with Azure Kubernetes Service (AKS) and Bicep
-
-In this lab you will deploy an Azure Kubernetes Service (AKS) cluster and other Azure services (Container Registry, Managed Identity, Storage Account, Service Bus, Key Vault), the open source KEDA (Kubernetes Event-driven Autoscaling) project with [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) and [Bicep](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview).
-
-## Requirements
-
-- An **Azure Subscription** (e.g. [Free](https://aka.ms/azure-free-account) or [Student](https://aka.ms/azure-student-account) account)
-- The [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
-- Bash shell (e.g. macOS, Linux, [Windows Subsystem for Linux (WSL)](https://docs.microsoft.com/en-us/windows/wsl/about), [Multipass](https://multipass.run/), [Azure Cloud Shell](https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart), [GitHub Codespaces](https://github.com/features/codespaces), etc)
-- A [GitHub Account](https://github.com)
-
-## 1. Setup
-
-Use the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) and [Bicep](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview) templates to deploy the infrastructure for your application.
-
-Login to the Azure CLI.
-
-```bash
-az login
-```
-
-Install kubectl using the Azure CLI, if required.
-
-```bash
-az aks install-cli
-```
-
-Deploy the Bicep template for your Azure Kubernetes Service (AKS) cluster.
-
-```bash
-cd cloud-native/aks-bicep-keda/01-aks
-bash deploy-main.sh
-```
-
-## 2. KEDA
-
-Set environment variables.
-
-```bash
-RESOURCE_GROUP='220600-keda'
-AKS_NAME='aks1'
-```
-
-Invoke kubectl command on AKS cluster.
-
-```bash
-cd ../02-keda/deploy
-
-az aks command invoke \
- --resource-group $RESOURCE_GROUP \
- --name $AKS_NAME \
- --file . \
- --command 'kubectl apply -k .'
-```
-
-Authenticate local kubectl.
-
-```bash
-az aks get-credentials \
- --resource-group $RESOURCE_GROUP \
- --name $AKS_NAME \
- --overwrite-existing
-```
-
-Create secrets for Azure Blob Storage.
-
-```bash
-export AZURE_STORAGE_ACCOUNT_NAME="$(az storage account list -g $RESOURCE_GROUP --out tsv --query '[0].name')"
-
-AZURE_STORAGE_PRIMARY_ACCOUNT_KEY=$(az storage account keys list \
- --account-name "$AZURE_STORAGE_ACCOUNT_NAME" \
- --out tsv \
- --query '[0].value')
-
-AZURE_STORAGE_CONNECTION_STRING=$(az storage account show-connection-string \
- -g $RESOURCE_GROUP \
- --name "$AZURE_STORAGE_ACCOUNT_NAME" \
- --out tsv \
- --query 'connectionString')
-
-kubectl delete -k .
-
-kubectl apply -k .
-
-kubectl create secret generic az-storage-account \
- --namespace go-blob \
- --from-literal=AZURE_STORAGE_ACCOUNT_NAME="${AZURE_STORAGE_ACCOUNT_NAME}" \
- --from-literal=AZURE_STORAGE_PRIMARY_ACCOUNT_KEY="${AZURE_STORAGE_PRIMARY_ACCOUNT_KEY}" \
- --from-literal=AZURE_STORAGE_CONNECTION_STRING="${AZURE_STORAGE_CONNECTION_STRING}"
-```
-
-## 3. KEDA HTTP Add-on
-
-Follow the steps in [03-keda-http](./03-keda-http/) to install the [HTTP Add-on](https://github.com/kedacore/http-add-on) and deploy the [asw101/go-hello](https://github.com/asw101/go-hello) application to it.
diff --git a/cloud-native/aks-bicep/01-aks/README.md b/cloud-native/aks-bicep/01-aks/README.md
deleted file mode 100644
index 08d3038..0000000
--- a/cloud-native/aks-bicep/01-aks/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# 01-aks/
-
-This folder contains bicep templates and scripts to deploy Azure Kubernetes Service (AKS), Managed Identity, Container Registry and related resources.
-
-## Build ARM (main.json) from Bicep
-
-```bash
-az bicep build --file main.bicep --outfile main.json
-```
-
-## Deploy ARM (main.json) via Azure Portal
-
-[Deploy to Azure](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazure-opensource-labs%2Faks-bicep%2Fcloud-native%2Faks-bicep%2F01-aks%2Fmain.json)
-
-```bash
-TEMPLATE_URL='https://raw.githubusercontent.com/Azure-Samples/azure-opensource-labs/aks-bicep/cloud-native/aks-bicep/01-aks/main.json'
-OUTPUT_URL='https://portal.azure.com/#create/Microsoft.Template/uri/'$(printf "$TEMPLATE_URL" | jq -s -R -r @uri )
-echo $OUTPUT_URL
-
-# https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazure-opensource-labs%2Faks-bicep%2Fcloud-native%2Faks-bicep%2F01-aks%2Fmain.json
-```
diff --git a/cloud-native/aks-bicep/01-aks/RESOURCES.md b/cloud-native/aks-bicep/01-aks/RESOURCES.md
deleted file mode 100644
index b226a09..0000000
--- a/cloud-native/aks-bicep/01-aks/RESOURCES.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# RESOURCES
-
-- Initial AKS templates borrowed from: .
--
--
diff --git a/cloud-native/aks-bicep/01-aks/aks.bicep b/cloud-native/aks-bicep/01-aks/aks.bicep
deleted file mode 100644
index 245999a..0000000
--- a/cloud-native/aks-bicep/01-aks/aks.bicep
+++ /dev/null
@@ -1,139 +0,0 @@
-param location string = resourceGroup().location
-param clusterName string = ''
-param nodeCount int = 1
-param vmSize string = 'standard_d2s_v3'
-param kubernetesVersion string = '1.29'
-
-var rand = substring(uniqueString(resourceGroup().id), 0, 6)
-var clusterName_var = clusterName != '' ? clusterName : 'aks1'
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: '${resourceGroup().name}-identity'
- location: location
-}
-
-resource aks 'Microsoft.ContainerService/managedClusters@2021-05-01' = {
- name: clusterName_var
- location: location
- identity: {
- type: 'UserAssigned'
- userAssignedIdentities: {
- '${managedIdentity.id}': {}
- }
- }
- properties: {
- kubernetesVersion: kubernetesVersion
- dnsPrefix: clusterName_var
- enableRBAC: true
- agentPoolProfiles: [
- {
- name: 'pool0'
- count: nodeCount
- vmSize: vmSize
- mode: 'System'
- }
- ]
- }
-}
-
-resource containerRegistry 'Microsoft.ContainerRegistry/registries@2019-05-01' = {
- name: 'acr${rand}'
- location: location
- sku: {
- name: 'Standard'
- }
- properties: {
- adminUserEnabled: true
- }
-}
-
-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
- name: 'storage${rand}'
- location: location
- kind: 'BlockBlobStorage'
- sku: {
- name: 'Premium_LRS'
- }
- properties: {
- minimumTlsVersion: 'TLS1_2'
- }
-}
-
-resource serviceBus 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' = {
- name: 'servicebus${rand}'
- location: location
- sku: {
- capacity: 1
- name: 'Standard'
- tier: 'Standard'
- }
- properties: {
- disableLocalAuth: false
- }
-}
-
-// via: https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-functions-resource#subscriptionresourceid-example
-var roleDefinitionId = {
- Owner: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
- Contributor: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
- Reader: 'acdd72a7-3385-48ef-bd42-f606fba81ae7'
- AcrPull: '7f951dda-4ed3-4680-a7ca-43fe172d538d'
- StorageBlobDataContributor: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
- ServiceBusDataOwner: '090c5cfd-751d-490a-894a-3ce6f1109419'
- KubernetesServiceClusterUserRole: '4abbcc35-e782-43d8-92c5-2d3f1bd2253f'
-}
-
-// https://github.com/Azure/bicep/discussions/3181
-var roleAssignmentAcrDefinition = 'AcrPull'
-resource roleAssignmentAcr 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(containerRegistry.id, roleAssignmentAcrDefinition)
- scope: containerRegistry
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentAcrDefinition])
- principalId: aks.properties.identityProfile.kubeletidentity.objectId
- }
-}
-
-var roleAssignmentStorageAccountDefinition = 'StorageBlobDataContributor'
-resource roleAssignmentStorageAccount 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(storageAccount.id, roleAssignmentStorageAccountDefinition)
- scope: storageAccount
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentStorageAccountDefinition])
- principalId: managedIdentity.properties.principalId
- }
- dependsOn: [
- aks
- ]
-}
-
-var roleAssignmentServiceBusDefinition = 'ServiceBusDataOwner'
-resource roleAssignmentServiceBus 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(serviceBus.id, roleAssignmentServiceBusDefinition)
- scope: serviceBus
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentServiceBusDefinition])
- principalId: managedIdentity.properties.principalId
- }
- dependsOn: [
- aks
- ]
-}
-
-resource managedIdentityDeploy 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: '${resourceGroup().name}-identity-deploy'
- location: location
-}
-
-var roleAssignmentDeploymentContributorDefinition = 'Contributor'
-resource roleAssignmentDeploymentContributor 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(managedIdentityDeploy.id, roleAssignmentDeploymentContributorDefinition)
- scope: resourceGroup()
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentDeploymentContributorDefinition])
- principalId: managedIdentityDeploy.properties.principalId
- }
- dependsOn: [
- aks
- ]
-}
diff --git a/cloud-native/aks-bicep/01-aks/deploy-aks.sh b/cloud-native/aks-bicep/01-aks/deploy-aks.sh
deleted file mode 100644
index 4fe8faa..0000000
--- a/cloud-native/aks-bicep/01-aks/deploy-aks.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-
-az deployment group create \
- --resource-group $RESOURCE_GROUP \
- --mode complete \
- --template-file ./aks.bicep
diff --git a/cloud-native/aks-bicep/01-aks/deploy-deploy-script.sh b/cloud-native/aks-bicep/01-aks/deploy-deploy-script.sh
deleted file mode 100644
index ddea718..0000000
--- a/cloud-native/aks-bicep/01-aks/deploy-deploy-script.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-[[ -z "${LOCATION:-}" ]] && LOCATION='eastus'
-
-az deployment group create \
- --resource-group $RESOURCE_GROUP \
- --mode incremental \
- --template-file ./deploy-script.bicep \
- --parameters \
- scriptUri='https://raw.githubusercontent.com/Azure-Samples/azure-opensource-labs/aks-bicep/cloud-native/aks-bicep/01-aks/deploy-script-aks.sh'
diff --git a/cloud-native/aks-bicep/01-aks/deploy-empty.sh b/cloud-native/aks-bicep/01-aks/deploy-empty.sh
deleted file mode 100644
index dd3f0f3..0000000
--- a/cloud-native/aks-bicep/01-aks/deploy-empty.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-
-az deployment group create \
- --resource-group $RESOURCE_GROUP \
- --mode complete \
- --template-file ./empty.bicep
diff --git a/cloud-native/aks-bicep/01-aks/deploy-keyvault.sh b/cloud-native/aks-bicep/01-aks/deploy-keyvault.sh
deleted file mode 100644
index f1cf287..0000000
--- a/cloud-native/aks-bicep/01-aks/deploy-keyvault.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-
-az deployment group create \
- --resource-group $RESOURCE_GROUP \
- --mode incremental \
- --template-file ./keyvault.bicep
diff --git a/cloud-native/aks-bicep/01-aks/deploy-main.sh b/cloud-native/aks-bicep/01-aks/deploy-main.sh
deleted file mode 100644
index 053a941..0000000
--- a/cloud-native/aks-bicep/01-aks/deploy-main.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-[[ -z "${LOCATION:-}" ]] && LOCATION='eastus'
-[[ -z "${AKS_NAME:-}" ]] && AKS_NAME='aks1'
-
-az deployment sub create \
- --location $LOCATION \
- --template-file ./main.bicep \
- --parameters \
- deployScript='true' \
- scriptUri='https://raw.githubusercontent.com/Azure-Samples/azure-opensource-labs/aks-bicep/cloud-native/aks-bicep/01-aks/deploy-script-keda.sh' \
- resourceGroup=$RESOURCE_GROUP
diff --git a/cloud-native/aks-bicep/01-aks/deploy-script-aks.sh b/cloud-native/aks-bicep/01-aks/deploy-script-aks.sh
deleted file mode 100644
index 6ed1964..0000000
--- a/cloud-native/aks-bicep/01-aks/deploy-script-aks.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-[[ -z "${AKS_NAME:-}" ]] && AKS_NAME='aks1'
-
-echo "az aks command invoke"
-az aks command invoke \
- --resource-group $RESOURCE_GROUP \
- --name $AKS_NAME \
- --command 'kubectl run nginx --image=nginx'
diff --git a/cloud-native/aks-bicep/01-aks/deploy-script-keda.sh b/cloud-native/aks-bicep/01-aks/deploy-script-keda.sh
deleted file mode 100644
index 70cd14b..0000000
--- a/cloud-native/aks-bicep/01-aks/deploy-script-keda.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-[[ -z "${RESOURCE_GROUP:-}" ]] && RESOURCE_GROUP='220600-keda'
-[[ -z "${AKS_NAME:-}" ]] && AKS_NAME='aks1'
-
-echo "az aks command invoke"
-az aks command invoke \
- --resource-group $RESOURCE_GROUP \
- --name $AKS_NAME \
- --command 'kubectl apply -f https://github.com/kedacore/keda/releases/download/v2.7.1/keda-2.7.1.yaml'
diff --git a/cloud-native/aks-bicep/01-aks/deploy-script.bicep b/cloud-native/aks-bicep/01-aks/deploy-script.bicep
deleted file mode 100644
index df50a7e..0000000
--- a/cloud-native/aks-bicep/01-aks/deploy-script.bicep
+++ /dev/null
@@ -1,65 +0,0 @@
-param location string = resourceGroup().location
-param utcValue string = utcNow()
-param resourceGroupName string = resourceGroup().name
-// url to deploy-script-*.sh in repo
-param scriptUri string = ''
-
-resource managedIdentityDeploy 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: '${resourceGroup().name}-identity-deploy'
- location: location
-}
-
-var roleDefinitionId = {
- Owner: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
- Contributor: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
- Reader: 'acdd72a7-3385-48ef-bd42-f606fba81ae7'
-}
-
-// https://github.com/Azure/bicep/discussions/3181
-var roleAssignmentDeploymentContributorDefinition = 'Contributor'
-resource roleAssignmentDeploymentContributor 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
- name: guid(managedIdentityDeploy.id, roleAssignmentDeploymentContributorDefinition)
- scope: resourceGroup()
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId[roleAssignmentDeploymentContributorDefinition])
- principalId: managedIdentityDeploy.properties.principalId
- }
-}
-
-resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
- name: 'deploy-script'
- location: location
- kind: 'AzureCLI'
- identity: {
- type: 'UserAssigned'
- userAssignedIdentities: {
- '${managedIdentityDeploy.id}': {}
- }
- }
- properties: {
- environmentVariables: [
- {
- name: 'RESOURCE_GROUP'
- value: resourceGroupName
- }
- {
- name: 'AKS_NAME'
- value: 'aks1'
- }
- {
- name: 'NAMESPACE'
- value: 'keda-http'
- }
- ]
- forceUpdateTag: utcValue
- azCliVersion: '2.28.0'
- timeout: 'PT30M'
- //arguments: '\'211200-cloud-native\''
- //scriptContent: 'echo "arg1 is: $1"; value=$1; echo \'{}\' | jq --arg value "$value" \'.Result = $value\' | tee $AZ_SCRIPTS_OUTPUT_PATH'
- primaryScriptUri: scriptUri
- cleanupPreference: 'OnSuccess'
- retentionInterval: 'P1D'
- }
-}
-
-//output result object = deploymentScript.properties.outputs
diff --git a/cloud-native/aks-bicep/01-aks/empty.bicep b/cloud-native/aks-bicep/01-aks/empty.bicep
deleted file mode 100644
index 3d70e64..0000000
--- a/cloud-native/aks-bicep/01-aks/empty.bicep
+++ /dev/null
@@ -1 +0,0 @@
-output group string = resourceGroup().id
diff --git a/cloud-native/aks-bicep/01-aks/keyvault.bicep b/cloud-native/aks-bicep/01-aks/keyvault.bicep
deleted file mode 100644
index 5aa5280..0000000
--- a/cloud-native/aks-bicep/01-aks/keyvault.bicep
+++ /dev/null
@@ -1,34 +0,0 @@
-param location string = resourceGroup().location
-
-var rand = substring(uniqueString(resourceGroup().id), 0, 6)
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: '${resourceGroup().name}-identity'
- location: location
-}
-
-resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = {
- name: 'keyvault${rand}'
- location: location
- properties: {
- enabledForDeployment: true
- enabledForTemplateDeployment: true
- enabledForDiskEncryption: true
- tenantId: subscription().tenantId
- sku: {
- name: 'standard'
- family: 'A'
- }
- accessPolicies: [
- {
- objectId: managedIdentity.properties.principalId
- permissions: {
- secrets: [
- 'all'
- ]
- }
- tenantId: subscription().tenantId
- }
- ]
- }
-}
diff --git a/cloud-native/aks-bicep/01-aks/main.bicep b/cloud-native/aks-bicep/01-aks/main.bicep
deleted file mode 100644
index c384033..0000000
--- a/cloud-native/aks-bicep/01-aks/main.bicep
+++ /dev/null
@@ -1,31 +0,0 @@
-targetScope = 'subscription'
-
-param resourceGroup string = '220600-keda'
-param location string = deployment().location
-param deployScript bool = false
-param scriptUri string = 'https://raw.githubusercontent.com/Azure-Samples/azure-opensource-labs/aks-bicep/cloud-native/aks-bicep/01-aks/deploy-script-keda.sh'
-
-resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroup
- location: location
-}
-
-module aks './aks.bicep' = {
- name: '${resourceGroup}-aks'
- scope: rg
- params: {
- location: location
- }
-}
-
-module script './deploy-script.bicep' = if(deployScript) {
- name: '${resourceGroup}-deployscript'
- scope: rg
- params: {
- location: location
- scriptUri: scriptUri
- }
- dependsOn: [
- aks
- ]
-}
diff --git a/cloud-native/aks-bicep/01-aks/main.json b/cloud-native/aks-bicep/01-aks/main.json
deleted file mode 100644
index 656d80f..0000000
--- a/cloud-native/aks-bicep/01-aks/main.json
+++ /dev/null
@@ -1,365 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "9190321452261239824"
- }
- },
- "parameters": {
- "resourceGroup": {
- "type": "string",
- "defaultValue": "220600-keda"
- },
- "location": {
- "type": "string",
- "defaultValue": "[deployment().location]"
- },
- "deployScript": {
- "type": "bool",
- "defaultValue": false
- },
- "scriptUri": {
- "type": "string",
- "defaultValue": "https://raw.githubusercontent.com/Azure-Samples/azure-opensource-labs/aks-bicep/cloud-native/aks-bicep/01-aks/deploy-script-keda.sh"
- }
- },
- "resources": [
- {
- "type": "Microsoft.Resources/resourceGroups",
- "apiVersion": "2021-04-01",
- "name": "[parameters('resourceGroup')]",
- "location": "[parameters('location')]"
- },
- {
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-aks', parameters('resourceGroup'))]",
- "resourceGroup": "[parameters('resourceGroup')]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "location": {
- "value": "[parameters('location')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "7703729210362399507"
- }
- },
- "parameters": {
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]"
- },
- "clusterName": {
- "type": "string",
- "defaultValue": ""
- },
- "nodeCount": {
- "type": "int",
- "defaultValue": 1
- },
- "vmSize": {
- "type": "string",
- "defaultValue": "standard_d2s_v3"
- },
- "kubernetesVersion": {
- "type": "string",
- "defaultValue": "1.29"
- }
- },
- "variables": {
- "rand": "[substring(uniqueString(resourceGroup().id), 0, 6)]",
- "clusterName_var": "[if(not(equals(parameters('clusterName'), '')), parameters('clusterName'), 'aks1')]",
- "roleDefinitionId": {
- "Owner": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
- "Contributor": "b24988ac-6180-42a0-ab88-20f7382dd24c",
- "Reader": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "AcrPull": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
- "StorageBlobDataContributor": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
- "ServiceBusDataOwner": "090c5cfd-751d-490a-894a-3ce6f1109419",
- "KubernetesServiceClusterUserRole": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f"
- },
- "roleAssignmentAcrDefinition": "AcrPull",
- "roleAssignmentStorageAccountDefinition": "StorageBlobDataContributor",
- "roleAssignmentServiceBusDefinition": "ServiceBusDataOwner",
- "roleAssignmentDeploymentContributorDefinition": "Contributor"
- },
- "resources": [
- {
- "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
- "apiVersion": "2018-11-30",
- "name": "[format('{0}-identity', resourceGroup().name)]",
- "location": "[parameters('location')]"
- },
- {
- "type": "Microsoft.ContainerService/managedClusters",
- "apiVersion": "2021-05-01",
- "name": "[variables('clusterName_var')]",
- "location": "[parameters('location')]",
- "identity": {
- "type": "UserAssigned",
- "userAssignedIdentities": {
- "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name)))]": {}
- }
- },
- "properties": {
- "kubernetesVersion": "[parameters('kubernetesVersion')]",
- "dnsPrefix": "[variables('clusterName_var')]",
- "enableRBAC": true,
- "agentPoolProfiles": [
- {
- "name": "pool0",
- "count": "[parameters('nodeCount')]",
- "vmSize": "[parameters('vmSize')]",
- "mode": "System"
- }
- ]
- },
- "dependsOn": [
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name))]"
- ]
- },
- {
- "type": "Microsoft.ContainerRegistry/registries",
- "apiVersion": "2019-05-01",
- "name": "[format('acr{0}', variables('rand'))]",
- "location": "[parameters('location')]",
- "sku": {
- "name": "Standard"
- },
- "properties": {
- "adminUserEnabled": true
- }
- },
- {
- "type": "Microsoft.Storage/storageAccounts",
- "apiVersion": "2021-02-01",
- "name": "[format('storage{0}', variables('rand'))]",
- "location": "[parameters('location')]",
- "kind": "BlockBlobStorage",
- "sku": {
- "name": "Premium_LRS"
- },
- "properties": {
- "minimumTlsVersion": "TLS1_2"
- }
- },
- {
- "type": "Microsoft.ServiceBus/namespaces",
- "apiVersion": "2021-06-01-preview",
- "name": "[format('servicebus{0}', variables('rand'))]",
- "location": "[parameters('location')]",
- "sku": {
- "capacity": 1,
- "name": "Standard",
- "tier": "Standard"
- },
- "properties": {
- "disableLocalAuth": false
- }
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', format('acr{0}', variables('rand')))]",
- "name": "[guid(resourceId('Microsoft.ContainerRegistry/registries', format('acr{0}', variables('rand'))), variables('roleAssignmentAcrDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentAcrDefinition')])]",
- "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', variables('clusterName_var')), '2021-05-01').identityProfile.kubeletidentity.objectId]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ContainerService/managedClusters', variables('clusterName_var'))]",
- "[resourceId('Microsoft.ContainerRegistry/registries', format('acr{0}', variables('rand')))]"
- ]
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "scope": "[format('Microsoft.Storage/storageAccounts/{0}', format('storage{0}', variables('rand')))]",
- "name": "[guid(resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', variables('rand'))), variables('roleAssignmentStorageAccountDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentStorageAccountDefinition')])]",
- "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name)), '2018-11-30').principalId]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ContainerService/managedClusters', variables('clusterName_var'))]",
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name))]",
- "[resourceId('Microsoft.Storage/storageAccounts', format('storage{0}', variables('rand')))]"
- ]
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "scope": "[format('Microsoft.ServiceBus/namespaces/{0}', format('servicebus{0}', variables('rand')))]",
- "name": "[guid(resourceId('Microsoft.ServiceBus/namespaces', format('servicebus{0}', variables('rand'))), variables('roleAssignmentServiceBusDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentServiceBusDefinition')])]",
- "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name)), '2018-11-30').principalId]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ContainerService/managedClusters', variables('clusterName_var'))]",
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity', resourceGroup().name))]",
- "[resourceId('Microsoft.ServiceBus/namespaces', format('servicebus{0}', variables('rand')))]"
- ]
- },
- {
- "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
- "apiVersion": "2018-11-30",
- "name": "[format('{0}-identity-deploy', resourceGroup().name)]",
- "location": "[parameters('location')]"
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name)), variables('roleAssignmentDeploymentContributorDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentDeploymentContributorDefinition')])]",
- "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name)), '2018-11-30').principalId]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ContainerService/managedClusters', variables('clusterName_var'))]",
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name))]"
- ]
- }
- ]
- }
- },
- "dependsOn": [
- "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroup'))]"
- ]
- },
- {
- "condition": "[parameters('deployScript')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-deployscript', parameters('resourceGroup'))]",
- "resourceGroup": "[parameters('resourceGroup')]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "location": {
- "value": "[parameters('location')]"
- },
- "scriptUri": {
- "value": "[parameters('scriptUri')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.28.1.47646",
- "templateHash": "9861108784878104103"
- }
- },
- "parameters": {
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]"
- },
- "utcValue": {
- "type": "string",
- "defaultValue": "[utcNow()]"
- },
- "resourceGroupName": {
- "type": "string",
- "defaultValue": "[resourceGroup().name]"
- },
- "scriptUri": {
- "type": "string",
- "defaultValue": ""
- }
- },
- "variables": {
- "roleDefinitionId": {
- "Owner": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
- "Contributor": "b24988ac-6180-42a0-ab88-20f7382dd24c",
- "Reader": "acdd72a7-3385-48ef-bd42-f606fba81ae7"
- },
- "roleAssignmentDeploymentContributorDefinition": "Contributor"
- },
- "resources": [
- {
- "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
- "apiVersion": "2018-11-30",
- "name": "[format('{0}-identity-deploy', resourceGroup().name)]",
- "location": "[parameters('location')]"
- },
- {
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2020-08-01-preview",
- "name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name)), variables('roleAssignmentDeploymentContributorDefinition'))]",
- "properties": {
- "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId')[variables('roleAssignmentDeploymentContributorDefinition')])]",
- "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name)), '2018-11-30').principalId]"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name))]"
- ]
- },
- {
- "type": "Microsoft.Resources/deploymentScripts",
- "apiVersion": "2020-10-01",
- "name": "deploy-script",
- "location": "[parameters('location')]",
- "kind": "AzureCLI",
- "identity": {
- "type": "UserAssigned",
- "userAssignedIdentities": {
- "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name)))]": {}
- }
- },
- "properties": {
- "environmentVariables": [
- {
- "name": "RESOURCE_GROUP",
- "value": "[parameters('resourceGroupName')]"
- },
- {
- "name": "AKS_NAME",
- "value": "aks1"
- },
- {
- "name": "NAMESPACE",
- "value": "keda-http"
- }
- ],
- "forceUpdateTag": "[parameters('utcValue')]",
- "azCliVersion": "2.28.0",
- "timeout": "PT30M",
- "primaryScriptUri": "[parameters('scriptUri')]",
- "cleanupPreference": "OnSuccess",
- "retentionInterval": "P1D"
- },
- "dependsOn": [
- "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-identity-deploy', resourceGroup().name))]"
- ]
- }
- ]
- }
- },
- "dependsOn": [
- "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroup')), 'Microsoft.Resources/deployments', format('{0}-aks', parameters('resourceGroup')))]",
- "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroup'))]"
- ]
- }
- ]
-}
\ No newline at end of file
diff --git a/cloud-native/aks-bicep/README.md b/cloud-native/aks-bicep/README.md
deleted file mode 100644
index 9e355df..0000000
--- a/cloud-native/aks-bicep/README.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Explore Open Source workloads with Azure Kubernetes Service (AKS) and Bicep
-
-In this lab you will deploy an Azure Kubernetes Service (AKS) cluster and other Azure services (Container Registry, Managed Identity, Storage Account, Service Bus, Key Vault), the open source KEDA (Kubernetes Event-driven Autoscaling) project with [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) and [Bicep](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview).
-
-## Requirements
-
-- An **Azure Subscription** (e.g. [Free](https://aka.ms/azure-free-account) or [Student](https://aka.ms/azure-student-account) account)
-- The [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
-- Bash shell (e.g. macOS, Linux, [Windows Subsystem for Linux (WSL)](https://docs.microsoft.com/en-us/windows/wsl/about), [Multipass](https://multipass.run/), [Azure Cloud Shell](https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart), [GitHub Codespaces](https://github.com/features/codespaces), etc)
-- A [GitHub Account](https://github.com)
-
-## Instructions
-
-Use the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) and [Bicep](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview) templates to deploy the infrastructure for your application.
-
-Login to the Azure CLI.
-
-```bash
-az login
-```
-
-Install kubectl using the Azure CLI, if required.
-
-```bash
-az aks install-cli
-```
-
-Deploy the Bicep template for your Azure Kubernetes Service (AKS) cluster.
-
-```bash
-cd cloud-native/aks-bicep/01-aks
-bash deploy-main.sh
-```
-
-Invoke kubectl command on AKS cluster.
-
-```bash
-RESOURCE_GROUP='220600-keda'
-AKS_NAME='aks1'
-
-az aks command invoke \
- --resource-group $RESOURCE_GROUP \
- --name $AKS_NAME \
- --command 'kubectl run nginx --image=nginx'
-```
diff --git a/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/README.md b/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/README.md
deleted file mode 100644
index f83aa18..0000000
--- a/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/README.md
+++ /dev/null
@@ -1,225 +0,0 @@
-# Part 2: Bookstore application deployment
-
-With an AKS cluster deployed, let's focus on deploying an application and configuring it to work with OSM and NGINX ingress.
-
-The sample app deployed here is the same application demonstrated in [OSM's Getting Started guide](https://release-v1-2.docs.openservicemesh.io/docs/getting_started/install_apps/). The getting started guide uses [port-forwarding for exposing the application](https://release-v1-2.docs.openservicemesh.io/docs/getting_started/install_apps/#view-the-application-uis), but you will use the managed NGINX ingress controller instead. You will also need to deploy OSM `IngressBackend` configurations to route NGINX-managed ingress traffic to OSM-managed service backends.
-
-## Application overview
-
-Here is a simple diagram of the application pods that will be deployed into the cluster.
-
-![Bookstore Application Diagram](./bookstore_app.png)
-
-The `mysql` database pod is where book transactions are recorded. The `bookwarehouse` pod is responsible for reading/writing data to the database and should only be reachable from the `bookstore` pod. The `bookbuyer` and `bookthief` pods act as clients of the `bookstore` app. As the names suggest, one buys books from the bookstore while the other steals books.
-
-The intent of this part of the lab is to just get the application up an running and demonstrate a working service mesh in permissive mode (the default).
-
-Please ensure you have completed the steps in [Part 1](../README.md) before you proceed.
-
-Make sure you are in the correct working directory (`cloud-native/aks-open-service-mesh/02-deploying-bookstore-app`)
-
-```bash
-cd 02-deploying-bookstore-app
-```
-
-## Deploy the namespaces to Kubernetes
-
-As mentioned in Part 1, you need to add namespaces to OSM so that it can start managing traffic for them.
-
-Run the following commands to create the application namespaces.
-
-```bash
-kubectl create namespace bookstore
-kubectl create namespace bookbuyer
-kubectl create namespace bookthief
-kubectl create namespace bookwarehouse
-```
-
-Onboard the applications to OSM by adding the namespaces to OSM.
-
-```bash
-osm namespace add bookstore bookbuyer bookthief bookwarehouse
-```
-
-You should see output similar to the following:
-
-```text
-Namespace [bookstore] successfully added to mesh [osm]
-Namespace [bookbuyer] successfully added to mesh [osm]
-Namespace [bookthief] successfully added to mesh [osm]
-Namespace [bookwarehouse] successfully added to mesh [osm]
-```
-
-Let's take a look at the labels that have been added to these namespaces.
-
-```bash
-kubectl get namespace -A --show-labels | grep book
-```
-
-The namespaces have also been annotated by OSM to specify whether or not the control plane should be injecting data plane side cars into pods. You can see the annotation for each with these commands.
-
-```bash
-kubectl get namespace bookstore -o jsonpath='{.metadata.annotations}'
-kubectl get namespace bookbuyer -o jsonpath='{.metadata.annotations}'
-kubectl get namespace bookthief -o jsonpath='{.metadata.annotations}'
-kubectl get namespace bookwarehouse -o jsonpath='{.metadata.annotations}'
-```
-
-You can also verify using the OSM CLI.
-
-```bash
-osm namespace list
-```
-
-## Deploy the application to Kubernetes
-
-The deployment manifests are hosted in the [OSM docs repo](https://github.com/openservicemesh/osm-docs/tree/main/manifests/apps), so you can deploy them directly from there.
-
-Run the following commands to deploy the applications.
-
-```bash
-kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/apps/bookbuyer.yaml
-kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/apps/bookthief.yaml
-kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/apps/bookstore.yaml
-kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/apps/bookwarehouse.yaml
-kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/apps/mysql.yaml
-```
-
-## Exploring the `bookbuyer` pod and viewing `osm` configuration
-
-Check on the `bookbuyer` pods
-
-```bash
-kubectl get pod -n bookbuyer
-```
-
-You should see an output similar to this:
-
-```text
-NAME READY STATUS RESTARTS AGE
-bookbuyer-6c759555b8-n4m7c 2/2 Running 0 112s
-```
-
-Do you notice the `READY` column reporting `2/2`? This means OSM sidecar injector has done its job. If you inspect the `bookbuyer` pod, you will see some event logs that indicate OSM was in there initializing itself and injecting the Envoy Proxy sidecar.
-
-```bash
-kubectl describe pod -l app=bookbuyer -n bookbuyer
-```
-
-## Exposing the `bookbuyer`, `bookthief` and `bookstore` web applications
-
-Let's make use of the NGINX ingress and expose the `bookbuyer`, `bookthief` and `bookstore` web applications so that we can connect to them from a web browser.
-
-> These web applications are setup to auto-refresh with a running counter indicating how many books were purchased, stolen, and the version of bookstore that was running at the time of transaction.
-
-Expose the `bookbuyer` app by deploying a service and ingress.
-
-```bash
-kubectl apply -f ./bookbuyer-ui.yaml
-```
-
-Check the status of the ingress.
-
-```bash
-kubectl get ingress -n bookbuyer
-```
-
-You should see output similar to this:
-
-```text
-NAME CLASS HOSTS ADDRESS PORTS AGE
-bookbuyer webapprouting.kubernetes.azure.com * 4.236.214.31 80 51s
-```
-
-A public IP address has been assigned to the ingress; however, the site will not work yet. The `bookstore` namespace is participating in the service mesh, so an `IngressBackend` resource is required to allow HTTP communication between the ingress and the backend service.
-
-Deploy the `IngressBackend` for `bookbuyer` with the following command:
-
-```bash
-kubectl apply -f ./bookbuyer-ui-ingressbackend.yaml
-```
-
-Check the status of the ingress backend.
-
-```bash
-kubectl get ingressbackend -n bookbuyer
-```
-
-You should see output similar to this:
-
-```text
-NAME STATUS
-bookbuyer committed
-```
-
-> Once you see a `STATUS` of `committed`, your application should be accessible to the internet.
-
-Repeat the steps above for `bookthief` and `bookstore` apps.
-
-```bash
-kubectl apply -f ./bookthief-ui.yaml
-kubectl apply -f ./bookstore-ui.yaml
-kubectl apply -f ./bookthief-ui-ingressbackend.yaml
-kubectl apply -f ./bookstore-ui-ingressbackend.yaml
-```
-
-Run the following command again to view the status of the `IngressBackends`.
-
-```bash
-kubectl get ingressbackend -A
-```
-
-You should see output similar to this:
-
-```text
-NAMESPACE NAME STATUS
-bookbuyer bookbuyer committed
-bookstore bookstore committed
-bookthief bookthief committed
-```
-
-Now you should be able to access all of the sites. Issue the commands below and click each link to open the site in a web browser.
-
-```bash
-nginx_ingress_host="$(kubectl -n app-routing-system get service nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"
-
-# these are the urls you should open in your browser
-echo http://$nginx_ingress_host/bookbuyer
-echo http://$nginx_ingress_host/bookthief
-echo http://$nginx_ingress_host/bookstore
-```
-
-You should see each application auto-incrementing its sales, thefts, and books sold counters.
-
-### Bookbuyer
-
-![bookbuyer](./bookbuyer.png)
-
-### Bookthief
-
-![bookthief](./bookthief.png)
-
-### Bookstore v1
-
-![bookstore-v1](./bookstore-v1.png)
-
-## Next steps
-
-We've successfully deployed the `bookbuyer`, `bookthief`, and `bookstore` applications and exposed their frontend UIs via ingress and configured OSM to allow traffic between the ingress endpoints and backend services. By default, OSM is configured in permissive traffic policy mode and we've enabled traffic to flow between ingress and backend service pods.
-
-Now, head over to [Part 3: Applying Zero-Trust to the Bookstore application](../03-applying-zero-trust/README.md) to apply some Zero-Trust principles!
-
-## Resources
-
-* [Bookstore Sample Application][osm_bookstore_sample]
-* [OSM and NGINX Ingress Controller Configuration][osm_nginx_ing]
-* [OSM Permissive Traffic Policy][osm_permissive_traffic_policy]
-* [Kubernetes: Service][k8s_svc]
-* [Kubernetes: Ingress][k8s_ing]
-
-
-[osm_bookstore_sample]:https://release-v1-2.docs.openservicemesh.io/docs/getting_started/install_apps/
-[osm_nginx_ing]:https://release-v1-2.docs.openservicemesh.io/docs/demos/ingress_k8s_nginx/
-[osm_permissive_traffic_policy]:https://release-v1-2.docs.openservicemesh.io/docs/guides/traffic_management/permissive_mode/
-[k8s_svc]:https://kubernetes.io/docs/concepts/services-networking/service/
-[k8s_ing]:https://kubernetes.io/docs/concepts/services-networking/ingress/
diff --git a/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer-ui-ingressbackend.yaml b/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer-ui-ingressbackend.yaml
deleted file mode 100644
index 2073fd2..0000000
--- a/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer-ui-ingressbackend.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: policy.openservicemesh.io/v1alpha1
-kind: IngressBackend
-metadata:
- name: bookbuyer
- namespace: bookbuyer
-spec:
- backends:
- - name: bookbuyer
- port:
- number: 14001 # targetPort of bookbuyer service
- protocol: http
- sources:
- - kind: Service
- namespace: app-routing-system
- name: nginx
\ No newline at end of file
diff --git a/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer-ui.yaml b/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer-ui.yaml
deleted file mode 100644
index 24a6f7f..0000000
--- a/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer-ui.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: bookbuyer
- namespace: bookbuyer
- labels:
- app: bookbuyer
- service: bookbuyer
-spec:
- ports:
- - name: http
- port: 14001
- selector:
- app: bookbuyer
- version: v1
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: bookbuyer
- namespace: bookbuyer
- annotations:
- nginx.ingress.kubernetes.io/rewrite-target: /
-spec:
- ingressClassName: webapprouting.kubernetes.azure.com # managed nginx ingress class name
- rules:
- - http:
- paths:
- - path: /bookbuyer
- pathType: Prefix
- backend:
- service:
- name: bookbuyer
- port:
- number: 14001
\ No newline at end of file
diff --git a/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer.png b/cloud-native/aks-open-service-mesh/02-deploying-bookstore-app/bookbuyer.png
deleted file mode 100644
index 5babaaf995a98307fe935ca97f6d462b5ce17c8b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 57396
zcma&O19W817eAO}V%xTDPHaqU+qUgYCicYW*yhBxt%+@I=KIs^?tjnOKK;(CzIE}b
zd#k%%-FII{D9DM!L1RM$0Rh2DN{A=|0eztW0s?7=1o@6B&0UhfD0dc1S0b$r@wtnON?65Xbmo$}?
z1)~0JLjr*UV*~xs0Q`CI1LOR+Ee1>p^yMG=r`a$IAkcsF$bFvwyd*x4KQjM1gZu>f
z562gZpI`pd25JApDwE?a@Ogr=m(Xwm0)j#La{vRSXJUSiiqk?_-C12$hTF)_hTg!~
z&d`M3-Nycp6cDdF_h-|_#Myw*-NxG1iQAoz_#Y1L&-NcO12N%0EY4PZ#OksNgu-@?
zCWP$tjP#7e{LqAiguIT%rre4mV*eKZ{KQ9W?(A&O&A{O1=0@+vLT~42#=ykI#l^tL
z%)rb{_sK!$wlMww5c|{fFR_2d^)GY0f0S`6Sh$;5Ylv9b
znAkdfLgVLPWaRzF%>S$Be?b3|RR5nOCnLw-l7IF5KP83jtnD0?>6-}J%tX=;2O~uy2nV*@L;r~Sbw-hhKAK(7v>wg9EAL?f$`Js6k{yQu9p}()@
z-2nl81(FmIRCWhG&4SQJonIJiTD0~g;v)iu1T9drU>89IrOFG}|KcV7cKXKWqpEyb
z0!b_@ssI|Vo46q@BuPRVaBJOo@vynZh}CGqp`kvM?cs5f#dDbaG+uqP=``6vQm&bCEor`eH<1)X#2*q7nD{GbI1rM(5Fsh2M5!_<#V^<6
zrTgOmA5YhDROk?I9wI##n|HSdma5J!pGDtJu)+u+B*OoSwi6S^hkLo5yskJQ+#NZ9
zsa5N`2zqt!-DIe}zfigPBmZTC5M-R_=l4-v@8eGKqRoj+-Mg}r3WQGYv#iNY0@U23lHE;
za8Hk6mva6EG2CAXgs;`K^5slxI<$gE(vb^HB<(L)mr%emDr>DiRh;BCZvs5`&jn&-
z!T)v4=TN(;0)m?{hbKB9vhed|V*N!be~io{r$Ix}Cm@S-qX8%AS}~hj(MW4!De(Wx
zE+}Du4bMY_Nsj|sk_xc4+O;^PM#?IC!mlrAoh+CAU9)tTvpeP9zqe;*kt}VP%D6MEX@B3
zUjVwizjDfrG^}{a&6h-J&~^&{Wy}qXynlymY6kNAv7@gjlhO1O@CX^m2FlOXVJ}nV
zz(1~;0)dk7c9es}f?ogyD^+1ms}Kt6QP#j$)qm!~NAb+Y5(V3Y3@hYg0nlPj8chFY{#a;aZ~NBPPt1^6q`?@2rAlv;Af=
zfjiXtA_~B>GZ$S(5%7^k<(vB)E30
zPOqNHS*u{%U-4~*1Wi9VnK7U9W=PSAbASX-N}6|lvR>3P$#N}9OOq;eR^MbVg<_&k
z0#UJOXhnGv^|KzXtYBlWGo{A&2c5IrU)l~@sh3j)*j$CMv8|l$az!Oq0ZL2ZzG6F%
zjDL7BvfNTzR<>1NeCNKD
znUCd5%Xig{=XFoOgxT>pZa==&d1OH~D7SY_({AxNe`GN%UMGLe@^lp4SaH!|gzM;d
z1M~Eh=qlU|Aj%!Rb#-)lb{=X1ZEwxWWbfF1;BwnwH@#oW$-*y`;Q<-Ha~U>?X{Q*B
z3CIvGPqBqv!?mn0#|tz)7jlegsSKMo)~zwP=z6)PQ?-&3`jz<2N1;N9YLF;E|7D|`
z_@M&z_2rA1|KMqseCNmHIf=Ghe#Dgi-RwimhtK%^X+kmQ?%)L$oD_iL?7)%I;RvOh
z<+{cZ*_aHxcRky35d8ggK0>J-Ep}+U|w7;jBPg
zbEX)IL2eI&z*~1!*N4xqG)>L>-C{MkQyVqO4}*kkuUFj=?f1jum{(yt{*Ul!<7b3n8MTH(E@G;pZXG1yL1&Ti5c^=_4aQWh|V|?wDo-iOW
zHBM3)+IQVWFs@r?fkC<`%K@9_JqqcYWhABz$Ko41d%HW?wO+Y+DLI>+98TsW@KL3d
zQDh?5`LQhbX4k71)989-2T=FC06r8zW`5b6bD2_CgS$JMS0P1qIpw&{AV_Ymwdi@G
zLHE5{Lz#V~2>+MmPFh=vcc@rQZq7O%Zh^3wY?S7yri4R2BIyUvbU^EEsMr8ub!0FA
z{}E6QcxNRdsL_TFF}zC-Dnx5c!KL^We1G<%?A!2@O3yCXADGVHBt3eL>PA&R>MUM*
z2vy#U?vCGe?q8oQ-UXcCU+Zhx5gRjk*;S+z30oK$r(n@yIbzn+0Xym$J%#@I5q
zJga?Nj}NcYY$xtGN{v#-W{vgb%p1}%R2f^e&!B-5^$2>rsOJ0D|G?aY<{CZlYyG|Y
zps~Dp;G-CSBmXp9;nY=K+Fe6ZrKRmg>GzSYmg5t?3_5rCxq598?ge8YFNqda5o(V#
z%@#P2NY%3UQfaxHpKZPKIgB(jT|SMEExxNiav?MD`S@K;!!@VG+P-w?WT5WpGqy4x
z>NRV|Kl#P2qhKL5y6sL%U=S={4%JICLSCK;ZOQ>hE#4#Cyy}U=hUAakA%1gG!7xl+
zYuX#=9w$;Q#`(e#hD~?U*{6#qD;qv=1O6qdJW-jLiV845;05WRLNt;s-6pl>tg}hA
zTbXq?5VWYhY%+b(XpnxXFwSwotE#E%@^O=6oI~q<5#qH{@QZ7F@A&n8oubv*+-LNQ
zoyvTO4#l820e|wtrF0!55cgpa7I8cxji*E*vMB?41gRm@y`NrPg-?bE`P_LrW4)#p
z%v;kfAca^ch`?w6CT11B{qpkHm@8E{evprt=T6@X#V(Mbbeg+V%Rn~U`+tv29|oIz;moQ>X{^o*F;cBUcvZkT#W%P!a~9Q?zRCX
z6ttw6yGat>&l51h;J2Pv<7sw&k9V>h+A+lkdMAyYH&@oU*gX5wlU+L9Y}lL;92;-1
zF%O;ky-||%r^K^rp!EBzN4sv>A7(Eb0K3+@l7d@6oORR45)Xd=p}5|d&uhy^Z0mMe
zF+r!*)5x8hz%_BF%K~k~Iz{6JK?EmD{y53xyV-f({!nxzWZU6%%7XRl!#D!C7Avcs(vR2qS-#t1=cDhn
zA(Q5Av?zCnfcBd42|O(ZFge{<)#DDQ%IL6SW1^LpX=eu((=mQ?x+;_u?!?~30zKxgIvAq&-Hlz4`tMMBLtj7Ie>$1Rm
zVCMEB95#pL?~Dt-7N<$U(@O2SG!~e8&{_3Ixxt7RRma?3=_l7f|K3RfPN_E7a)R10
zXz?7k3m)&^zpps5{XidP<{)g09w6WeR$Co)EggAhmImZ}tY0d>xbGAclFE5(wV?Ug
zX*W8q53d8rW7?2z1X5+YeRZc+BjnMxZ(?h-U+rh`yx`%Rw_SbXM>%}nn!Rjn>F(p|
z&&81vv}NBRR<-9t<`0pePMnA7+qH1Q)@bD~s%kqsUgMF77z7w`U3R`{=$5WK73jY;
zmJ6`sQdZ5Bq1K+Ru?TzC!^6N?)=zt7za#Qfq>iWZ-%q#M3bk4dvR24V4j5dK(pQw6
z&+(Hn^DZ$ZsPGrqnGx=jVlcx*NiXLnc!+Y&@<8!3H!(UjS)lyjvI$B5(Y
zYMwJtNF@mBE$z?HzV#fK0vP@QgNMS_<%Ic8NlDAEqzRv9QnLePD+tmyRF8w@U_Gj5
zg6B0;k6Y20OcOq@-xsJ7xY+f8j7yUe|5Gz%Zidy{++u|kelvmLLs1fRmb%pT_W<8i*j&wFoWA}@U5dmtV{a=gZBK@B^Ujbyt1UcR{-txYY)Na
z!b-kq!~x}(~
zcG!yd2>*P02l2B>*LzPjNio(ztT?TF0&J9>_vu*;GR)8Ym@*j!3;p$SF8;f=6TdsM
zr`764`8tHnrs^c0JIny$$IV#Q7;KJx1yP>)^|%^?j>*kUii$D`^J!2@kzkICZBC^6
zyB7ugZuA%S9!dIWmTRMSZ!l2lTyE8QZm!r-+_@&0qGoQkU2An>c5>*eQ*~h&rqiLP
z-6}ZDt)T1o^H~lg?2m=0xL&75<7MhkbfE<3udW{nRrhBeVBW~CNgM`lgBw9^GVN3>
zBzW=0Jd3p2*Kc96B?Td97Vcui-BB33`+!+z&m3*&CM9ocSfQx*$OeW=0te7BeZMcqekuh#|!Sa6c}1?vr#?SX(tBbX9L
zK?^NceEcPzn_at&2MhJhyu^fqg#WHHJA*>
z&yirNITurva79eD&`q|RDSGPK%HGLmVxqzDUAFc%74W7pjgK2AESC^0u!Q^%&taI?
z!kz=87sQ6(Oe)O;8);l#qwK4)JE;-=z^WezFez|tu0R8nNPN4j<^%I9^p8{_f-K51fKAZRFOKpPD}Ib@(Y`tz23Tt?B}h;P
zr@;Jxse4Z@xAsm_ey}Dgi=0ecUFICGuQOf$Wq0xVDq4
zA5;0mQmuHMUIYz(4J~j4inTI4NpbE
zeS;GSS7*rVV(BY4FYTVpx;CQPB1WZBa3?!=;kt^$2n6t?9fex6IxZi_-0zX-Yb;7WG%|4Lji10iZvAd!nm2&y02_t58ZMy{Frzkl3_P%DVwF?WG8W56QOY!l%
z(GT0=WG|A(gRy`1+7VPSLv|iD+H&%ZPiY0MnJl+bF1eAT&u5GFh1%;~C$T;n>NsOu
z@FOjDcj$0a}+EH@En(S*CpiozXn}PVB%;BHR%nUJMvgNU!wv)x(XjMo2kcy+qnZd?ksNbEjgx1Bh^QiD`)ZlmsPZp1G0*5fAw%Cq@?z
zR7(F6RSFwhJDKN0JY@}XnLSf6Zyl)&{7?Sqn*3|oN&89IAu(6$1c?w&CyBpSRB+0L
zy`t=&bWy-)98hUxsFm0cKmb@FJuEP?E=DNLywsm;S~D-C0&7P%yU{nivN@4qWulZp
z(R^Lq3D6~ldo}FUER)}e^`M3IJ=un=&NJIZGNGv
zuyHve7Ip9dc0h}&IU5Y=2w2QSLx9hJ>%zO
z#(=JtP$R9RLr!i89#TC-HKALXj8!GVQeLYcx{i4uFT6z}Mu|n_Cm0gp
z{QgT673;i2nbXzX-b-1j*dHYRT~J$t1qIxLWi)JHWEy0aer{na6d)-mpH}!gHHm#n
z3yv{kNS`rjRK)+_76THXE!>BYO=pebeMLUOcA@Zx95UHyX4J4QD3i_D%NUT4j*O(H
zqUZCZJ>0~5`Os`@sI5IvG$LB~<<>d(?EG|JEazyV*ZEeQjq=AA?Zkx4iJC|kWZyhh
zBBLYx0S?Lw&64ZYQS=p;MYoe4Z5AE*cDeeTmxXJf8&S?zFzZB5vsR)&g
zs*!?Wswb-A-)XogBmFZw90@-)Y8dBGg9;roF2PK@5+JX?3~vZ>0LxG8o%vwOK=X
z*epU>jR{+G6=7O8{c|>pj&{ltkRP<46arBOrxGe
zTOc@?xG@M(M*B2_5$cb&={qnL4Ws0NVufc!pKeX7uw)twvjo$OOH-?9BX5|c@R~*X
zZWi&7@TFX}rW93)2aa5@xf=2!k;e*>U87vJPS>=8EovSlVx(r8{4f~Qikg~Aduf1y
zp8dGr>>>ejy!cv<^cUH|TLUYza()SW@)`Y#qC2eGJT=luB=ntS3~ft;koqirEjfU-
zEN@`W_>rG>Nqc^tizUCkmYJieJIrTCEh!O|02{a6?Ssg-NPea{C?Nq^K}EveUetu_
zgLbN<$t)NvN;hPZqPT#ZjKWU6Y2kC7Ncx;khzg)$F}MLYZ!Sl*FwP5SD-Bkg^y@dz
zHcmJ$qA7Fb13b}SQUU!tnvTGDbC|&?Qu=9z)aHT5Kh&vy|jhP!NPLk#B
zGqm$y!(hW8&@F*5g{_1wQ=r(_xtE5XQFoa-LIqc0UfdJ{1Y8pCfYxdWP{2svBn<>y
z;N`WdOGLk+x463XCMjHo2r*MydKKe5wU600b*FFxXlcky<3DT7&JAp3zB&qo}w@I5-S7kM|n;WWi
zZ;
zD6DL>&A8THjje=YqK8LUUY=$mb(BoFlwEW0E2qk?qAEp8DmuP=MM@d+1QA-rVPlXe
z4aINt71JZAj=9>Fl2XWOi>65!IC5Fh;Sv4e`6B3~Q;@EBjUPhyWgjvxLKN-*#K#I&
z9haIDhg=5mNg-16tGdn1k
z8a~Lv<4ntAHT_C(h8k*ADoskk#AL8+*9E#L>E~>5e|n+oa|XB21PF!A=DHD18bROF
z(o|))oJ)Q6rs#sx^*S?wHK`>=Lqj96ZI7@+M@N62T#!}Jaq>-l*@>!RteePU?s_^H
z4G#}T;Lm*84r9?Ee}GE5KVgU>3R0hVe}fQ6!E6<30%$9nsl+eK66oNKad4q&Wn2%q<
zE=&Y6?z#9y9p5Jlmx(eobc&j6z`{g)-VbLoLgD-_{4U!ceK~O
zPO@29y6`LLxL?-jI@p4cs+0S953FYQ;l~N^-mPJXXt^uo5j~im$8p~od7OjS0eB@U
zaQW-whRw^%N~TVnOV3zF;V%-TLImT9ihj)Q3+0NC$ITq|?&Q&OSCkeBSvHoi<#G+y
zX%?Fm)FqF;4`C`3muwKP{m4VVRAMWRdt_cZk){5DDAuqsUGoNp@
zJQ*Cy?QnF0nUX@G7C|cKzfkD`4hm!RqTlv#;H9EiV;^?%GF`Uo_Q&t=v~)>ll-E4(Yahjwot9mWGfn{!JlhJ~Qhj8^a-+>?Fw`z#MfGT-Tv}RH`}IsVpO+mz&vxS~c}h}}
z-(!#0W!m=dAN?@zH#r>9Vi_yDc9N12W)qqFhYHWv#6VcL_dFMPT#l%IZtHw!LeBWH
z^pq{+;aqlIP#TBZ`!nHyO9YRxR3^Jc8;Pw=7-okO4GKt=5H4$%99n~v%2_>P&R^+M
zk@M;(7}j%HbZSxs6-r7g4YCL@Fw$~T))^aOWGQ9@ys3!v^Ad1~&UbzrO~3@e_}-^+
zdg=RH8Uq&0@81w+PfNofa%Kf8k&Djs`}Q9>;?v@ZQ>0k2O%xpsH8rIyu1Zk`T3lxwTCUet+U29V!XSzue%PSc2+c<)AKr`ASYD*Ua^_1
z%zE`yZ}kxi>si!BK}WBgw|qETetRfO8VU=ODO9v#?P1CGGT46g@UBufbYzBIct~i3ws;J3=#kaQt#@7<^n1I!MYt2JoBK@wvD8`CQ+PBw`
zy$?v2!?^PR&bZLLB}tw2~v2%TR0b^XDqwzk$LY~z`s-5HPD_0elw^I=^-Nq86w
zZXljyu>JX1dJG}JJ4q9aVvVM%eZo7Ti%!dRF-vJXn8)QKFd2
zt)3v@;xR`?NKT6x8ziLdslYbZvjKO?(XcSP-&48YzQrqKf<1waCVxzLySO956Y$d#
z5dlZknN7Yw9a4KcCe{6#%3UlfETq$I4}OAYO!n-9>r0dZdkwc*tmN@vhA>srVFOL_
z{&>SxHC}7ZaN&L<@GDPcKg-7BakX84Mi>nXrKhHTe|r#^TB|l#q@bXH3L(y1sWlm0
z=6w8uu;%uAYMb3=r8}R?YQfC&ZJ&d4Vq&gOUfb3^}S%j4(NsW+eZ@Pu*`veSXsqO8fnX<3_nqO2S&1xXEhc
zXfmBvo2#s;>7iMU4?6|LLuqj~x5u@yv9j{w1XiyPM3bqCWFnF5O(9YDfX6CuCIERJ
zpU0E(!d=xgZbMKoouus@$ujVobSGc@y6X3QQ!l0R(67NflsN0vL9;>s7rGU^$s|v(xn*#2(uL%(l&jc*ebc7bRZo
z5n_N8!xd>DSiXdSXZ~*4Om7Pzthz@uF?*wEYmTZh<2#~&!w%@LNC)hYeLaCO^nO^j
zK36;e0`C&R{oCIga0V(oZs&m-78XZ04DG?7j)b|UzPG^7UFO?{d(B7SY9HwhC(pMX
zKUPg5{NA51{4hO&FKni|fiG9l(9wlbwtl1Ocy8VFKwKPRM8w#Hh)>rz1x2kBAJm-Cv$h
zme=$-V8Ida6XWA+4Ev=@3V;7L-}||8dTR8!FdWS^z~FCh`o8#>n2?De-x4n}t#KMM
z8KTIlsHimC%eV;g2o>*~>VIA@#Y99zcs-m4HH)+JpdY3TSE=u<9+6nn;ppVWM$Bj#m
z+bo3~8-_K@R3Rg3fy7gmd;mF^f3D_i$(lM--90#D#T<$``
zC~%IA>G=E4-bi8>$LoMs6sB*}Qc2`gbajjj9HgWYxj(GxkRo>rJ8kRbb+O%xTboZn
z5sEV$G>Ruk<+%?co&{%rgNvk6psg%3TI_QI7o>qSo;NJG%5rUrB6jQo%b4D3yW~Fp
z02APQ{gr@1A$x!;T`mVpvQu-rUoO8LxKeMxx6|SIa0WBq;B^=a90Va8WAkDL&^bYr
z>7vzi-~G+>-QiJ~^0$B%yWPj)f%R9lD?$+)@&qKuvl=Y5cHvmA)8x
zeQXBz=lA&wC`2ep+PGOAzn}ntZ^3r_Zc+KHFlJRI-wO@o@}jO^0!#PzokhJ>XZ*^!
zyCS^h$W)tWb*SgPvPg2va{iVq0?NR>uoH0j*rv%eLRIRbNjw)PyNhbw-Mu4*z`Q1bEg)Dty$4u
zC>%utsJ^*8UK%6^O`=f9b+d*1`rO2A-Ji@+C7>O`K0+yjt%KV_g7pp2a)%1CI+IgT
zS==1ZjiEtIgX7#57Y!Wf4t?WS|d
z72-HbelKnrw7^YX&me=7g$gn;xOgd2GBddxYI?jS77`(}R*z8u6Obwu
z3=Gfx5i0*;BK-8*5F03omG7^_3G6oOJ+`)h9iSqh
zLu$3Eba56c;w4cb?g_qv`gpd%Mo2h2f6(VjI8#4}h?+E1s)ij3C&-6MCX&yae
z0fv1#M4)RQ8U0*Bot&3l{6*b7@Kq67zLc`s?o@mU(@yf4yU!YJOjWIjjEW>|SvsF4
z34<8agYyFtK>nR+)8~hPzvTCOt0y`ZZ^iBRQlrkxN$5HvK2ptf+~({`L7#@p$sSK?
zsdlA=gp^RLiZ!jKAc6WjLlg$v+&*y#1bc!u=XseXhA7|2fZaI3;dsCpwtxXKje?R+
zAFquyhF+9}vg*s-1u^u1vZ!gx<&5
zN(WAFrIBeEQeW7|WuKeT;Ce5wK{oG{j
zPCaB`>z3m#ykIS(wD-Z`z7Zrs*v{^*eMjnE@A-7T#&@MDt<<=2SB%0dI-(;NMvWYD(jp%r59YKR>`#GeKq@v^k~Ts8hewu)@74TG+r#LWbLwc7>o#
zo}?>q%MGft6@}zRZaeyY>pT3BB-_5|%8%3RAaJx~<-}#*XOE^HL4N_6dt}mPTJ;Ml
z%E3h~pVV6E*&BrFk;%z6*!zu_$q!-@A!SF&K{-6sHn;M}{Y9nXNV#m@_ii60yUv#h
zx{uT5JSR^P^{Li*KY}&CYORNf4lft9-=jRv=kK>DUFdsYwfZ;
zUB?r*;fi(zeUw4ldYhY5!_@`4wvwxbecxrVQ<_X;8{~=(X)Ry&5zn$zUA
zcyH6DZxnpD`}A{yEBm>dsHMwUX9q>`rV2-I^Fkhg&v(&S(q3YI;11J(*W*H&NenZE
zHoE1*;AWXcwmH69KR{J0AuDUX!K$fLsc44+?gYVh8Vtr)s3}NTXiiWt41pjdsBsQE
zC$V_WIIbbWd{X>lVwpuqsDXFKl+4WY}1<+kM=xd?FE=in1Ll*x(x5{$x
zHQE@j-+<=ojkQYS^_v4`&?_5$S_oJ=7&PO`QXd(2MmL^Ns?^)2_@z?(EddF1IU
zqj+rW`i@iRHD;bmSz%!u*}B2dFbD?UqJym9CMhPSdq41o(T)W4^(Xm#_@B0X)ITF+
zPz)navG7#Sn2I?|ZF&{>G=?dtH3p@psEnGE8h#;iKz=k+!DA^lmOQQRF94f9W>{lU
z`;$;Miy_6TjDNdK(~D>Fei}}qa!Y@l4uwL{!#?CQx?$#|zRFmqBD6(ButQ+_wy~7LJ$y-MR1p1cNE-?Z?mqK+*|)}Xk;(14w)B}z
z!Van%`UNhJhRTSHC_go5O%80!-Xb%wE>t2_3~-w=<1@cz%@3a|;#nxJ`Vi-*60X2G<==
zl4Ws-^Ye%<^xH27JrLDPEi9U3(%T)@(|_$H3JO;W!JlropE--B;E2as(
zfjqfp04&eOc-OK7{OCI`7~kNSv}mni5>^nsZu`~<2)s_G&9XhPXuu349*;nN!{yt*`ea%cnhV4j#^Db2fp;WDcq-`UQT?s22g>
zAZpaVe0h*3;J7!fkBXUx3J77VM>KlB_uCX&T8Lukh#o2v$M;1~*XTp1PK
z;1)5h>;3s;oFfj4&lA
z`BF`&n4^ee0_gTi5sMk4WGN>#Gqkjbej0RQufQe#dfP6>MB`^oJ01g%l?7RCg`Ew~
z?5$=s~XLguVJi4Myr6EA4iXed3;E?rA_W&CHwmlaa|3LfpJ=PbK50C
zh7}pdA*rg&jb?o5+znpe-n^Ux0zPZ6
z>zaz+w?`&j?~Z*jBz7Hd@X1bPKlQKV8wc4fVLlTVT{IA1I}Dl#1>)vIYh-C9fMdcN
zh`z^h#R1eRML?Kd)QR$pOetOsLP_4$_dwyVIMn8^ZFuD$PN(q()K!7}%2Dz6jBN1{
z1nn>CUrhaO$cmte31DPoI&Sby{l9v>V#Y*A2OBnjbRLZbJj_H**5yBHf2P0&3Ej@k
zee%v>5??;=AH)r=kv+a{AqtIgTKD$#>Uunhn!*YoDq{=`owuHB#0k8IyFl@2SKCjE
z6ZpX5sI7kuuN2D{3_HQ8ctKdCyicar3Eg^lDcbzZSUfC++?-xfnA%GXnd&ae|3)L-
zb`8vk)Wf}5CF&>i{|=SZ*E>HwndA2kW@tM{$?FP+$ekISF7QF|`0+FHJ3`vsNtJY(
z7i`<9CP^g>k;diC-S6qFasBRKadS@2lC8GhTSeX&{YaT|;wUq&_bFWVb5-Evwam4|
zIaKYzR!bWKOy2&L>P0<2yqS{2NddJVdplc?>;YH&%0s=!@!gliqgT~v-YA~tP%L$j
zu{FnBP6ungFK3medt3KGJzPeUC;Vm_Zf(L4HLDxs;S=(8J{f}RL{qG6=a-Y2hd|pO>EX%_kTwO^0kQ7k&3FrcSZLD(zCF4dw$`o$MRDb-^Z9P
zJP~F-M*HxnFPn3;vvC@!V(w7OshKVwN7W~(pa(!X!0aeQh`Pv-p%kmA;l!YG(j&bo
z*wjn(_s)hA`-G^_qGrf85a*V(GHL`4Ym{RmY$mTedKfRAOEuE%*Qj9yylis&<&!ihl}9A
zg}`?UG;p*uf~`%CjJeg9-+RtYOi;<08E-tti4drNU2X>to^+EKaBr0vVR}(f-S8FV5xY
zT;4&sk@#{p+NPfulGGf^F3}C47O0qC<6@%FqN>C7zrGCJF?)KXi(2m0I_9(q>Xku
zDClqgQQv|KmFR?mB#Id=O;labItyjMVZc-9hK53e^n4U=VRfQ)Xp4;q4~H}_+;uS;bQRY*!c=R8
z-XMQnR@pJdKwuXi2J?zmHr&PdMJg4op9cV_RvaAGu`0Mr^wn6y3vn@S@%L>*GU3TZMjdS)Z;Q+tyDC!N56xgj&MC&-0{W>1
z69{dW=>6TEutQWB>%+L)?SOvROIjyA;n~>U_5D>d+u6@*`^5PlY2m;y@eAZdmqs$A
zXc1tFxv0VmVj)Y|vghH~B{y`zP1c
z`M`$cbOL+)tu$XbACFmmc22HU%;+CH2~93R23$_q-N_Ict~L6M7E6_ijRs>49IB$$
zZue(0X@EgJ_BNHOrC0~1U_b7AD({#M@`eXMLgw#bdXg@CVUlwukW
ztk3BKO02set#pH3gltU9{k~}tPGz%OtU#Nja|e-2(QCccw-8QI3$giV7emI37_u3y
zvpv>Zj(N6dYi4>K$XIw(Wv8XySl`$gluuK4Ytc}b!Rozx);HHLi27i#Whkdi+QZ1Q
z%{bDk&ILmP=iCKQ6aOiD(sl+BGBSq%{EAX|j@l5mtS&?fPlO5W*XlDNk5V`80aeVG
zq(@3gR57=5sj0||CN4iD{n1Tefrfe%0+5rGg4<|gVSr_+A>W9Ke}tJ0OI8F(n4-~$
zf*8bWcdy%EBg71cRD+s2m)Y_E@A=v95lqfYU(XxFRJoD(cH>xw&U0
zx|BWWC73blDA{}q>TW+%F6bX+aX^MGGJ=w<)l1ivr~58qQz~JwmajVW>*SxcRWu=0
zM4-u$&Z0Xj#A>6GkDV%I@&D9ieS_4Gha6L{r))XuTsG;AX_fp_?MC<~fQY~spAUdu$6{#w
zQ*iY!@=ps;2^Y2)oTPtZ{Eu+BzZ)ni)o{c{5~0d!x{m-yJRfDAY-&MrQ$>(_M$kiy2|JCFD8G@9!
z07aL-%-KtQ(v)Zu|MndL%4gx6(NAT(zhpC!KWV5iCdhxGAN=&^6DH-KD!Kpqz4(*H
z)i3madq$ZFIOW8p#ZH{Qb^sKL1T7G=L7luFbwM3I6Kx?C)G)rjN#Hc}Bv=!a?a
zThID|OYNf6ZQh7axnMUwUpY~^tW)A-mq&8M|JgO19mN7Cw2t*+H
zD=n%PttkM_%#1B#JidoHNkvP`zQFIKp5{kiIePxIam*YjRQWMINWifEOa^TOxKl-s
zKD!nTpdsg?Y)Oe6zz8X)0z=m*g}n@3P-46zhHHv7eO;5*Q&Q5rGIuzOLNNjxqwM(&
zUT>AWL^c>!7E73qbF!75EJVsE@VH8vCT0}I`CF@e%)jRTpP2EJY+dKlqpIic&qIH+
z5&tIYX)jSdXNijW-C`!~R!mwpMpX@f7FB>P`+ei*;*qmvg{tGdh^&QzhDLb5bxA3F
zc>?5r{tIA!)Y!3ZSXm38RH`hLi`a%8BUGV?V+CkCTh*e4Z;VU|0r_1ZwwKs+h>b_e
zbuE&i!_3GbjK?q`UA~$csClNZm9#KCJ>>dN>WaqmrFcf-Ff2R5e$-
z5>gQ&jSfA2stj>t{+KXoKYH4{9=e=4O{P>~6czljEtok3(?L%tci5bgPpeG1lr>!;
zR|1!|L?tyCJ%35*|6=be|JrQ2Zd;(ZyA`)0!L7Kv6Fj)PdvSLu9-vrpcc-{(fzsky
z+$BKar1$gQ&wKuc^E-UtLvl^7kv)6QthHy&E5`ZBJy;|NaU@5N4mmxR`a9Y>Te(i#
zMa$smGJ3{hwvW_@|9d+0VmX&~u=T1TI^n^;s}_&fD@szZP>&WbX8;HnEsy}^E#h1B
znDGbX8IwPxxyBAvEECC3jQ5L&+S%Qzg6N9mY8OzXsIoNii|3408>*T#0eCB>9Y?r1
ztq1X2qX6>vZhG}}nEL>R3j+aiBB_$*Nn#5Fm5iLi994?PT
z%A7F)C(gtp8FJ|EO9SUoupNbTy|r?rv_xr?x9Y7vvADvjJM{N-&;QQlS8V5l;|60K
zLI-kZtLQ;Yb>#5E!b0)dR%<(3cld5PS!#T_&AAZ$%BH4C<0dI@q8n)74G|3U{iZ~h
zEUN~K95aL+x{irUgCpvpn}vK`a%4){yQUUkA>aKY20es)dTpsaZM)-!B6X;Pqw>+X
zem(aPG7_>^Xtxkr69qhBp8b;s0y$h*itj^!K0T4^=yDq8%w=m}eY-nz^pFGK({~PW
zT6m&Hsk-~7>0emuVVE|r=0L}G7X`;q-#eT0GLC;;Z2KzAz`NqSn)4D{LaCj3(&HCzZf)Iiip4
zOsNVB&^^FN1a0vAF4f1Ov`U7p#(z073E2Bg_n$ZlRZBnwmy(@KBUFsGz`%V^mkKJ6
zg3nzyX4BHv9#{i{K%sNeWgG=>D&%2kExy5Es#qUIjeeyR+dr9PbTj?Vf70JrELtxguxINU^@`f^KRY9WFP&)rc=U>L
z+xV2sW&J)tINfsZTwJ8!MQ29qhq(5=aLTX^uD93Eu2i6o#d&u2yb$g+JEZzzfskwn
z4kkc(VczIjA0EBRzD*vL|F;fCM-1MajRB#{s=46wf;_GYg;isp`aiib3sH(icOLe1c~Dr$sBtF
zJV*`l<P_A_IAgGO
zUN>$A_RunBaZ=_j2lGpPEzXHZZrf{q>8&|lec?^Dl(FOwbeR?X1La9jY1}>;%
zjJ1Q&L8d&f?ZR}lRa?z(MNX@KKhCjlH6qkJpA1IkOy@1Q!dT0oPJh&jC7o_WG;5=O
z71WED2kWW->*#|gvV$ht0AS!+8D)Ar<~MX5^4pe4wUK10>tP;AaGhr2b#!)8wr!iBY>0F2`^6D$Bg
zMH$1$kHRtgFmT1N`t8Su8aTvXjI2zd`~CLA#J{va&WyaQBBg~e2=XY%R~M0Rg=O|z
zrdna)prqQ%leBMZiJ%E{}K;R!6N(f(tw{(^wYeD#l%j^({Lr1cd
zs16~eGF^AebM%wwj2L}1>AFG4nf~aI%-`K6@h8P$AlWn-vp|^{Cjk(r;0pf?ceJY<
z;TCs^mNZRzeC1O=|0=#h
z1UrM1u;9y!%333&HUL~_Ee{yPKRB}$)AOEda~US_aeLn;pX6-=j0Poh~txx{8)q28Pa_F1ACkh28;)5X$9g%#ZNw
zC-2R0C4RxX>^LIQ=m~ycKWZMZXRmI$c%&3>x?7h%s6bf+tZI+Fi@29pHC+r)5t#1}&@tw95H_HiL-7uHtFRP0WvtE_#e2Tx2hdOT0DMBZK>-853G2@$Aa>w~DGC
z@vIW?I>vlX&r{~!JJe!~cxuQ@-5BZ2-}z`KMnuOuJ%dELqWm3wgO`lu$^`BsIJ$6^
zQ>RpRPkay@#@ahi4}^XY%>w>s9T|)-+Sh&5pkx*n5TX}y#6fgv#Y5;|w;&@kB0I!U
zH5eWp&6q~Ysxvt@HDp>&Rlp`lB`C-&S-EJkhgijJ!bObfh+*?CpGcaRC5iCSmvq
zzL(Sf4~up>+5Y**l7SD#wlF7VAv96RRtioONBIS!!Z!;YZan}v4;QO2Zi<8%S*Iq-
z=tf9p8*xG^FG+RGe{`py+g>Of0`|5znSOf)cqppVl+@8Nm$io5r!?iEqGR0t^rKXT
zAU!QDPe@-+%`p0T24h)ei*PD2UkfSXy79M&u$002|?t7IdjJlZ`h0#S0yl4S9E8JV(B(a%rKUKQ)M*16OIjEqquAX!HaIeYYMLrK9#=gkUdx6SoOk~``6-k-W1ask#
zaR11Rd)eOu8`hJz$!-R}O@{t8GyD6_&W-`CC(2rIuuu1_S5U0B*F&Hc4C&?U>#{ZRIR1g$$QShX37c@nJhxcCf)k
zT`*NH-VsZ+lbYx|`|DPDk2IeKe$2&ZDiW9efTvy}52~&n?k~&C&NNCg()6#;s*Dss
zsq~@rCreRe3>R-KhwGBiH|JgiGB*{zG1new1DoAvr@)?LwSwQ?;OCG=s(O9x*gOml
zULe3Ntgp`{Ued8r-_P%gSkzeSxfz+mTZtn5yGslH>z=SLlaV^P5@@q=`!yTGitT(mSs+z
z(6mL1AW9pj2$z4moC$}FDy|%qJrfxE<=i;%liPr8nN`y*%z!z)J*3=e!|Q!WGsq#^<*T2Y(lf2Py64UNblUNFh`94H95>%D
zkf-S~aET{Qgkwj&nh3yNywx#a`(F9L+Z6a?>b`{IiJI1z8EInv=3m@_VivJY1LR%J
z-IQG4;(z^fgUMY-V?Bf@Ugzpt*s_U!QeAs8CO+$kxzs~_6*ot6eVM2&F8tPBd^0?(
zC7-;McsU$w8qY?0H3wE;&
zq^?jzrWkf!>|xTtEbyS9iKnG1r`?&{slY@4;?=KuG$)4a?xJr*!$y!#I=?8oQX`Eh
z!L|cGx%;-rx92a6PlZd&VlZn*_ScipK135GfQb~Cg*3zWtaOQQ>gLOH-+Hpgf1Y^0
zTHV`p{qIzva7JwVE<_j^V$2au3$=Zkl0~{;M5pzE@zaluh&%Gqm5avsS?|O{hluT~
z4$Ifg>NPd3t4(Z!^{}p-baTWT#i{D$2Vt^Ckq^=psWhXiIg*KB)v;sMRI_Vioh;N$
zERfGtCB7P)AdYa@Y&A^RyIND@vksxw%|4?X;7gBOUFr}8M#Wbr+Wb(l%>NZ2mW?6?yVG83_
zX3+>8^K!s6tJ;1#A*0tJ8~h@>vuYTCaP2;
zt-n{e3gs;&fzDv#PawVS&DT)9r>%GCX;xRPvw6So5j5OV7fM^
z`oBx{7)XF0UJ4`XE>9uNI>pEXu~j^XwJy0Ki5cR~$QS99sP!)NL8)Ss_`Pbphou3m
z+4C%@X5o{TFN0wh+8B)tT%GFHSb>?8)@-`e-wNZufdEE|gvFboSC>o5lBk4VbRC
z0Xl}E2MMP66nLZgJI8xTaYisYWNIdpc7i-#d>pFLkHa*e)a)BtqD54Ls5Bglna1(Z8U~+AY4Bm02#wGHRb95p
zHx)a9HTlf~<*j%*(AX{Y!C&96YyWYD-*d)$vNz}Dx?GocsNO|LmbS_|QKWNe3r|9~
zb8^n@YDq<5O0ZQ~NRotrc34;ZZ1Z-;afy46xgBn4MW)%Fz!Z=2ZfAerMJ9Rk*-iFW
z;m%CpCB|pWE+v1z;<-qXuS>no#GRNb1>3$Rk)Wu#et8Y)8wg&m(Yx=v9XNVnpIuf0
zErHYvhY`!HcgmW=-&sTCRJcZ@%}(Rk`%$E*wPqLJilQIlz_Q)&v>~SpeBHexnKs{2jE4HIr8u!<
zMMLLE9je;?A5W<}33gS-KCyZ$c;C(-v_G;FN`x4FQ7rtjJ&v*Q_c~dL0B>yh5-%uFq6ZRk4Amw+nSr*ireO+2|aKxI-B!zDtV
z>wh!u+~t8K+``hX$Ba3%uia5gG~pOOIctzrIE+aHFPA}HBdoUXTH@DP!M3h8qU$O5|OQzI{;7i5C
z2bA$$#4c{G{VX>-6G6z+p%*Whmmr0+=r0BMAF^muwlD3dgTe%uFr_iQCuOX6{&-7)
zS#|gA>-_V$LwE)ql&Z?u_qepGty_n?_bhtn$K)`vIWPTRT$wB94Z-gENp@Mt
z1o#b1dmVa(Iu#V92wL@h;C-J;Xy*F?tJnzY}Z8*Y_{^^r$Eb?yhsY
zm*1v8{>!^;Hc&gSYuq&)3wb>BWA%wcya2X3UtasUCAt44{}3@@c8`&hP}Ux7rdR!W
zIHiLZ8|%1^$z>|)NdtE*M*oq8g`x*L;trTy@dcazrR)NrA|ewr1VP#K|1+vkw(zfd$D8(9_w4_+D<~hz
zwO(Dn`?CMvsz4o{Xa$offGhW3r0OlzrWKUDeD;4^=JVfnQHVlWS7<-~|Em4dzyH72
z{=cpL%clK5Izxkshw`l)9UYaFl%OfATwGi{JS{dBp9~oV1b$g_75?1aHBXb@llzmy
z>%@~YRd=#jnPC99FOKT9uhKf+8i>?AmXnjSZGPOoFYf5@U9JIH6I6+wY+^cJ!Kfe51S>h^puprxucb}Jx3paXH^q3?8E7Ott6m$QW<%!Y=6;(WOy|-oW#9a?tF^GO
zXs<0OEQC1-30W=QB7eEq8aSBDf@RtJdUCllVgxKDk?0e
z!DBy(p~@@L(h*L-EXY`EkIbR}V&K}?-QG2OBR-s6ACW@ONnIS*_BK!@3SLEF{4rN$
z^ji0!*XFk~by|zKL1FE>m{(w(%48oX&uIPf#dxzXcvj`v?HizFZz7}jdRkz^|61w(
zYz-o#OWa`dcys6pf&QT!w+O$^tmh!uYES)nRVg3+Od~N&BgMcWR2*kf6DKz+NFybC
zD3&s50nm^u*OVkiEubP!(j}sD8&kCG%~-mJ2BiOY6-p3eNftI4pxGeD{}dfq1R&cxJ7oljxO3Ov@|=-5JY%G@Chc-R7s
zrBVBDp%}HDe>#7HYGd0}H!qEE$~
z2l&>y{Z?}FUHG+r*E0X-d3VjWvbrNtT=B@miHPbg(qv5EgyCI-$rup1~7Guu;%S9B!15&25>E8)LR~B^gi$5x_6*sf
zi^;>Y@v0_TioeyeAXgBDnaFyhP+M{I=^~WeT+AFv@b@r912SNAc9wbUy9l%V%PszpPJ0!gmtr)?!WlUlXR)62!
z(dYY5^B>H5W=l6I@vh<0!{Id8W9EFW2*b(WiV5WJgP}u}{XBY5pZMtnCZXQgHwwVO
zU)#Fw%O_aqZkeQ8BoT%JXba+hpDv;?_Sc-M_6ypgc#J|>5D{S*XK1)Nm3EN;!%qkz
z58q&Qx7zt%9(G(@-^Aw)$@DLX_dB$%rIU6by;Z;pYxK50$n`pt-dyp9nz&xSu4U60
zU5@*X|DR){Qa8x+^8wTiHP8gRA`FFFElCY_NH7^_HVC$aY^OO7jE_gcc?WLE8!$d=p
z-R#X?>w~0ZbkTIY#&J$(4hAa$>q`W;2|}HFvfae-b2VMIQ?S@gsn*~lL{m=M5Aycl
zzQ~4P#ZLa1NgF^oVR*0B50w^}9IkfyWH)@WuJ}Xi?jlk|P-dEkBc$7`8wm^fh7mW;uL)w_G(WnI0aGN%ypIMwp)zJvFARe`P)s=PJ@b
z%DBMFDNHa}hiZ0*-@%KL;CRs$&H+jGiwjIeO<`y0wthEwg-%(i#LS2Ymo
zkJhd|7Qe>v;5ABfDNXI^_T^y&{AvdHBB{?ma>7I-Dxp!KR(=%5YTu5IHrhF29_%dY
zk?Y)#l#CquAx}2bLp>qYfs`IA@JA+HYYHdq>kQO`Gqz&*Z^E{(8s^lDoMzzEL>+DG
zni6R^iK)$)DyoBEZQ7+cU9Qr80`iV3?qI2kILYmI&1$Toiv8BF^Z1{kv(;K|G%*|KV?8w#o$cf%QZiYXY#~DbfvSVlk$WG-rGongfA>_k+_tN7mox?F98s|
zsPkNY6hX*y?Ajktn|BE-g;mcW{~(w1SKh%3hW)*?)+ea?T9NhrVRRU}q_NToPA)S5YC+
zoB{Cxzt78rQcZ@iDSX4$A21BRQ1h>Wwly4l*=GKzE%oM~NMM{!IX{Z}M(RF149Y`B
z-@eD^flqzf!?sBqSO$5mm5Tg1RP^Q0ov8xEc4Rhv+Jq(lvG!iqlBgS%KlF9
z$|()Amo65;RS{6Rp_yUmYxB=wG$|X~Xwt`u`-CLXHw+B#qDicO#!D#xAPrkl@2g`JR6?G
zMIxH;DN$eT-{fHBwUlyOof@H2Gxe6I>L>F%!E(;*kG(K7(%ut7wvv`h<99=pH3y<<
z@kxnQfhy1L47GXytFpMsX4^PuQsVnj6>T{x0ozrg+9)
z<=!o?cEBi{@tskH>l%7!c~VoWd3%OmrVkKRktMT)q>0oXCvuSj>(;i$7XgjRQ`kB&
zMAGSKKqC`~>wID1&{>MfVz?bWx)zA+Ha-vs)Wa|
zv{XInxfl<$PEH)ni81fE-zbTEzqQ|iJ5k%#tlVJ2d3v4w5KQ`4pUNv*zB
zFm*053hCJnd6Uzkm(@@w@D(ahv(Ak7qU~#f)~d8<;5KZv71FFC=-Kpmt;uSrK$6f_(l}%f)ryA1kHjH;M9d^i}CI`X&q^!f`jC1lHAi2^8T3~EcQ?ahl
z;smPU`nm%YYS
zDUvLeeO#u#Ij8?Qy3F0zy%nMTW!ceurIY7=wAoIpJjfo%bA?v#^Lrkws9@YtfgK&v
z#@i+R1H>QpM6s9=12usmJ6sc8zHsASXtTlKN_v0HQZKP6PEXw0F#K9nG
zX5$!;H-EqXDW>Qo{oNV8l)EK@zS9ezyN%lYl7pjL4r13y!$iNKJS;1LirRXK?BVwo
zL2Z!Hvh$kv(YS_u6PtX>8Pd~QhB_{yMIJkHg(vO(zLt`_v>r56eNlo@DCo${BMB1l
z_oCP;TsKWA*_~Y*xL&*N_O=5u$!l&r
z&r!eJ9*}OqtF@78Ok#CVALR1z?>V{K?Y5HAajEgSzr#
zdO|&ZWO7<6Ouxghb&N!U%B^(9s7c@NPug!U$2jkJTvesUf{_MIzqrDyMqY$p7`XEf3waK46enZr`xr@bjHr)Romx_wb}vg&?eS@WI;AswU6NrC=yj`v<93b&Q7q%u&PP?R|jHLVA&R+E?85-5l
z=D7?50pfz{&v)lWAjvxB69=a~reM>-v2UK{5im#g}QU>QVFrv6!STMgUA~@C~Zt
z7GT_^KUM>VpR)Y^bS=)RekmvO%RuPpGkSkiYDZrVM#eZq#mtHs_-q^k6-cocWO+b8
zoMH?xusk3tjg)+ViHrOAR8mpJ_qGPP98kmpe29`!6obF~Tq>im=3U6Q&!s$i{ISd$
zC3U)L#Z*`5V7;KXa*1+EK`U9VeRAQEwwQ@4b~y>G5O#I`cf|a4PZ(P(svP|#Xeffe
zA}W$nTFM455F@yf^avz5UpnrE>lR@6#-h+8O9b4KwDJlED+23C(1`{Qm6&}J-ukIO
zXN6%jQDM+nz?AUSFk~dt8HUYQODi_HRC>2J7)&4+<)q^)R=Cz7bP;*Q*PFt|TfJ6QbW#m1+OZ8^!P
zCtNZ^}%RWPqEy+*YTZ
zpLEzB{v&%=U3`A;k145ra<@SH7Aby^{QgaC=EH;+R&&+I#MZ%G{Q*xeA&kYtt)_l3+ph}uhabxPg7uaoB>rOJj3dfuQOjSk_`6<852&R-Y;`k>V!oiIM+&t={BlTHKlWOyO(
zuE{@$NQTp0``70OSuSOHGg!Fe;7qCQO#uA40adNpcntkUwmAl7?AIZGQ!oV{>%id@
z&y#B7udlqWaGqXB&P*!r_sQZkhu)asHQ2MRh|GZ`NAqC?Fn-L>bv`h^=FZogAy=H)
z-furwepX#>UIKm9-SzN9)u2jrxdl_W?W_RGDrqLtd+}0(;L;MTK|4;Q{FPFkorf*OdqKWR1Bhj
zY>-~iC$6(gGLaX~Ssj;qMrQZGa$k{d#ojT~o#}}DiYsA7l1ecpVi#WprJ;cdD=JAy
zN6pu1>RQuM_ElCL)wZFb46y(8`XyRD(43d)T6|8cdZ$5eb}3DMs1XkdQpBVY*4j42
zLWLQcC3EA84*9vy+D0kAUvTDS}H>LB^kMipZx{i4HO|
zqVZma=)x}ckc9T>GQs1V^6f2e@YDUVQ&so}2+jI?6tjFQDSeuS0?2>yY=9UDyIAY^Ii}CLH;RL-<32M1!BH
z5Og%HbR_8zzx~~7xvX^Bi=27JpKXC@(K{Fos3{S}1GWyz(A5*cmq|nXS3dU^Tp4QL^E|%xBX}dx#T*((kVVjw?7wBSxsdduZ)hFPfA-@Ku5cAX}6s
zH`-nb_Ak1l-KoS6uiwI#~27H1+RU`v+(xru`FTya{P0Inx@2XqzWzrF4fze=<~z
z(^Xxt75HUJl&iaB&2WaAOOD1?P77X7B4WUrh~Ry{=-oW!wX$o6!7=>~%Q|ki(
zo#Noa;iY9=TllhP+v$2*5S$)$9j?^^tIF4bidZ$l^QWD#kX7WKn`@NAik;GHaj-u!
zKmTB@Lr+HKy|i0aq#V^|_;|SVC;U5U3XZ|Rq(wP0kxU7b-KgybTv0@hNW50I3a>Yf
zB@|~7oQd0nW6o;g@PgItD&Wz>Cf{
zz#hVn<&n9Y68B&t%Asz;R`kBL|I2J$<2R04u$Ddyc2ZEq@rF@Kod22(eKOF5+*}lnf7B|t?eCQQfU3wtf}Qgt~Zh^R))mqPkuA<*KM#JOx7PZgjS?L-vSsdT3>yg|t&$OGW@?|P~THXWLcq({+
z_sgFvP-`&@XmOxC=|NT};jy(cj&UT4?OC(y>eF8tkoCFcae*TB1Mi#5$RvfoQHAEs
zTi|kUue~3T;F@5~Xns+f6IMF!Q)dnEpp~i(_`)s2qKSA#5xtEU2xdJ*|bG-6i
zv~;8{QBiMAh83CjE_P#tLKUJgnAX}J-ABOMnA*{Gu_i(C$rQy$Wf^_vboFzy!I*sc
z2HZs{b1mR~47TPwRv9XogRX;b6q?$TQ%dK@G4!-6bXaHjU?9Gk{`ZbTSM)Mf*36f-XA5)n-Z4
zO!ZV&yC?!Xu0st|nkU7VnJ*<)ZoBpiVryEn0*I!z*oH*P{!`^K@i&86*#ZPP5euK5
z^=%Wbnd#&9p%_QmK$M2kbOSv_hEx;S?YCfm>7~c5@(-!G)VQh+hFt!$_1+ID19jQ^
z)6Ev+ololp>I_Jb)Uo8oDR-X0h}4Ra@jBZW{?bM0!0XY~A;;(6teJRI1{H;GEZDPJ
zO`+l7*uOhC_2~Lwy{UMSl4M4~rx2}Vd$K|U6s8RM>TD{F(Ljl?5WN(@Jom7gmH;xe?SH!$Yc*@8s*FzO`
z??JYW(5)s#-CUZHygk!?;%9o3
z=~UzBnI=}dHxIA{PY-tCf`D#*oGZ=iZ8uMni_&o%aU%^<}
zoPEOxaISZWaHxky=f8na6b73xIfyfky1&&Li5dKcsd5_)dAI)(|1Vai`+X?ZCCPxV
zgUXIe*Mq@&b^dQvpz8>lFGqUvKhtT0b+I@9aCZIh)0W-}8K+K7z`TISz
zIZ1tjNM#-SNRz++smed4#Gs{6`YoycTZ&Bu3O@S4aCShO^Pgfmn9z|3smqf6>+Apd
zbTT!l!Y;2b4)8y}8w7_h3GG%2d%BeWJOF*$HMA$P>Dh{)e8PW<1;4{m^ivyP(m}0V9+l~go|}@Z=cJiM
zC^;0*yY6jB6!7$G<7I&SMKz_WewetmbM16L&EFz%k{8=Z(yqE0e?tnz5#{;yDx=q6
zk5OCK8Jz|!N5`c8c0t~l4o)ljyeP}uijGNq^Dl{jE^uUu6K78#(YpUZ|T`c2^DnS2$g2bI9b
zg&PsG7brntblQ-
zekjp7%v}@Q&^zVe*f=Lm@^=pAIQ2k2?*%})LjMW<^{X+JfE0guY(D#r!>_H~rw;ko
z;Dgnhue`aO`|4$|vLmC;ws4p3^9=9T=#a2qieb
z)*ehl#pYfaH!c&rCbRGnRA{oab=~#_G2aqsYh9}a*921uZbwnmS=|1CnrM1!mjy47
zHw+<~Jf<5WcWma8+qZbry#Y@R7XT%p#!Gr2Q%=HA
zMX;WywetpS+DJPEV=XuxTh7X=bT{F&+E_VTI-=5YwuRWg6np~YFB47XU{-g`56
z?LrEzfE-FWj%2ow0b-3@9^#-xDXUk}RtdCQPBSx3){i3U1YI&fo`(_SP%iK%1)_
zO*!K|%sCCcd*G}(%Y1%n2@{DK0qUFfW>H>iB$z+-4G+AYSc&9F5kmK;-(1V{ZGcN;*h&P((cVh`?%Kmmjz!T%^e7Yvg+^MXT|v8at>t!
zUZB5A{`9?6c=6XWjxrx5y$NOD^4>7=<6pPH7WkJRVOpnJgmPqlOS)D=w8M%VV??$J
z#y(htE}jd8oWWfoyHLaQ=~-+z?WkF~3ou+BQomfW?6G$<+pg8S8+3X~0spH7V1hZ&
zJQceQ8J7lZhL)#v{W*0af8j9-@c=ERAE@Wki$KQ8>dROf%JpXi)((}i-iDro9ZB!R
zrAax=*#qzpD%vSLNi?zAx*oP;sc|??q`iMGmaLl9=&ksTw#|%
zQsuZ1s2k%!-p7Khod;+GARW*vZGm+VcH#qghqkSVJ%9*~F5$Oqw(0(@5xaXyQcs%8
z+zD+?f%OluLf0oWR!_Y7Tc;b7-ovDlxc9eEoUt+g4|C;IrVl0m7IStv`qh@g9dsrC
z0uAncUm2+`_Wt_KfYavXgr({>v1vsI|2-z7f|TX1eQp~p(~z0Jl)Mdx)qB*9my?*@
z--WT(I~A2R$Y`F+P7Pyptv$EZ?FJ2sba;{~YOVfWe{Pp+mG25AL|&ou{M>J2$DKE5
zbsN9+3zD}S#66K10!h<
z=NA|Zw+F$|cER+|LnkC|I!%tPYo0}UYN>3pvb}XYU|-jY6*MPr3F5zN8MjsGLERvi
z5+=~$A=KwW<-iDRRD^E7Z%OIpzuc5w-%yFf)Ii%Mb7dOTjja2quxbx1a7SCOy(&?2
ze0%W@$|>3zJ^dubp~rczM#k9V%tuePF|=-$D8y$^1v8cuZUFTOepGOwhL)T=ACId-
zl{P$RHz^}YQ^;93{P#KYb<2UImXb^>(=@3D5)Mer0x%Quusk|M0cq$WI4-V|3GfU(
z=X`f`2v^~0Z(YaW&q)g!bVILlHlFF|k#d^&IU4gBs!v-tgc0y_$UB);07yh1=;O_!
z8s!A?3TF+Aj*pMfG1MwEx=$=Ln|brGN7)AI=5qI=NY7jn{l2ilyKXKaTc+d!y6I)U
z@Koekv>rkh9?z^y7CM2T)V>tqJX1=Mr%?gk5i~QU2!M`!GceDa#4M!!!sNJE3&)K
zJ%ERSMt_}y?=037a58GR+Hs%m*IG&PtNDRkfE_i~?ar9lWAtLCYx>uAV5$A*)dvSv
zU<536MTn~s)bxRcP`{xCC&+KQd-fZ|lH8l-3tVP}Mz=Hg^Qw-E&vjs`g9W>yH@>A=
zs%HGc64OEIlyp{@b?WAP)39V0L1&~>;G4!HQ+`g7&u&8r^RMCA~tU0&t_%
zlp!zuvOxGZ$Arp(o$o_Y4(5g%Ui`%Gcj@Xtud$Y#F=yFk)i_k2@11g2Ed>m?%O27E
zsfr!p#8kn15~7Q@=RFJ?dEW95$U}zXXIUB^;ps6>45-rEP;5OanuHnSbS)Do>kpA0
zU|Qs!ViQp!eMV3l{4A{n0yfiw=I?5Z;?>-sc`;d^i%Al4>huS)%u_nQUU?MAHyRdb
zMU9>$nnQ21oON{YlZYbv>7wJ|!pnOHtn~#tMRW)MO&nqBCDz^3x)H8~BoCZTwe!}s
z8oBNvoQx~{tW=i2s*r~!D7=ccELJnKXNY=iHSMUd24?P8Rt#F4&jSpFwM;!RpjiN%
zt2GaZZ{KzNO|uw0KsvEB6z?$P4cNVr{@MaOaQ!ie%6Z80T@;BK2d26b&|^r1r-ON2
zWhE3F&+|OdfG2)cR#yfZ;vm3pxESlzh0w7C@8P+Yz%1Tt8eHK;2TjpwRxr7mc_8AzO%iqAcb`v*%u>U^hYD44>F^Cv
zk)=oM>i_7jNq*bkT@g#?#)$oxxiJ+~xKpA2qXW37yC;Fp3^19)o=p;V_wwRt5h&qK
zRirBiJTs*+B^*xMChcg8Iew6!#&IhtsbYtb@@&FPb!7C)GG=A35@VviYc4@<$&j1$md#t`a
z=N(dBy>B6pW@6HKje3Q_At%W1cL`!UTqB?WPafIb+u-vtwQuz)>?bTmkC2~mbti?uK8eH
z+ekIFQ#SNzHxLP;!g(ouK5%)Px#VjRDQCJBoFX5M%{tBT)o9xV4}N>
zi{8{B>>A{otqpD@f%}doQ(H2(S}KG%tp@GhdAc;)Q1WTN)9vSks>dzhs1TuuMG$&D
znv%`tp9)__5k1<}BYoN!SQ{X6X;*qD=NJw0d{Q3=&1}t4e|K=x_Px7PE#~wZ?X|aB
zB&4F|WOZC=)aVh_!zX}IW?)1EdOc96R9MZ?kq6ra3U{EN76+~C#0%c^YT|`WoV>?e
zq1=Sa?07o|tIwDM)$8AdHU!^^GEP5DO-Y=Rh`L{qgR&L+rj67RY~WslfLsjRWVLZB
z=sOEZmla!~npRJEu1xdasu0+)&x!)C+RPh1j7ScSut0x&>tzrxgBrI}Z#$H}nWQvK
zQ%1eM#zlQ{>*9!V><kh2fQM
z%z?axzmQqGC`axb12#odgpDB_;j1~+gk7tfXzNxHn<_h!5J9ZkXJlvpr@glfi?VIs
zeie~!Bm|_pI|KxgkQQWy?vjuW2|*O3QDVpeL_}cd?vU=1RGI;#OG*&dIo|jEY|p#B
z|Fzb(KCBOGTeqJ?oNH#Tnd`jHL4uo@KWLoUF6I-HZ`pTELeK?6ncNLyQ4lYiB^O6N!gaqPLH_@)hS^eV`lk
z#Z7lsear!7(msR^#U`gF?^mXgu49-3WZUiMBafL+WE!;%$!@O)zY2@BaEqW_Z7<2npCnR0cbcdEjPEw^K?8^g2Go%-B?iS}zY{Lnf
zj;>g|euxW(Qb0!bj(?EVJ$Pnsm{9Z=wD3H8v3R{AGS`S$Vwm=Fi5qK*PNxq?khOvt
zB0K!^`H^AW^1f=iK;cDqrr{UkH7dlyPl>j$lcUV*%lV{u9XXu9X;~JZxhE!O0{d50
z_PWMM{d8QI($BCrS}{i)3{i#WlZ}qeu_@un3BmE9;+OY#OGaX6YtcK3*|)GS>GL|C(6u$ia>95p
zr=SHvZVJ+sv=U>q@7)+|)>bq{cYqnzS>3lQD5~CUQb1s_)dVg7n4RT=SCe6{Te~3j
zOnwed)@@>9XsQOBGFGMTXt^IDc5oECwtDxv`m*#6k=VU~F#l0?PF(5WZl^I?f|EN+
zE#5-ma;=#cAq)lD{nNLpeSMA
zh$asb=HIq|s26OBbSH3sadm>6a=)S-9<{M{t{hctS4tM_lGhJ=Z1cR<>bE|+h17l!
z;Q*+8dA;jY(FI41wo|M~X5M~LV+{CE+ab$ojW{Pi0qErdP21<2Qg
zM^%pyaqlS@2-()9vn1qnuVD?SJBWLwW
z@F7=dIv9Jn{Wfa}>oiF70V4WT7+JVxedNF_Gu%z%uBMSe5ulY~e<;>%R4sb(=v=v%
zbzz>0u}-fsS+khUU@wW`LCa<7!81s~mde!<*$J4*j`t)R~yhl$v0;qX=^;
z9=0%|o|0euk=xJ}y@p67I0<%){E_2^PoT!_e3u-(N8U!qIH~Y!RMFr+0>t?uL&&k15skW)8d4UJOtxRWH5
zhyuxnvk+Yt<(dn|=agERx2;I*{&};>5%*W3gx0nRV>tTaq3&ID(sCydkCvADiT;en
zo3Lv12m}}t)boloPrf+7kfMa_I{{-s)uaK}wz6W?NN(*-o4DRjBu7rSmKVqKy%dna
zSbQcSy^Y9yL6voxRl8G%-`x#W&evPY2pv9e<`k$L`gBRb=O22{t0$$~
z@EKyGvs-FSK;qkB&5Tv6hx=|qo=}SzKx=6{tb(nw3rc-z>|&lcHe+6aAvp~=gs#J%
z_co!&xp%yerZljl7F7RpODp{*SooDhC;V1bik*cO6=i*GzoB1v9r|$!g!sjqClM?)
z%FUrhP?Jc~lG-8SMA+Q#@?wOpx)iMB@N&yvc2FJ)m!$FT#o4pK@VE=^Lx20gfs;lKPWR=tt4iK45R3VF=liM;7aHlRG~wG+<8hR+T5%F5A&4?2ZcuONX`HW3#&?&vZOTN#R@3
z?KFX{UDVFAJCt5Vd)42aXePckRly%E_eZJ_3{WbP9vZ+Ubk!9QWq2`IbiDU*)tj69
z)l@PdQ8Vv@`~_>K>%pC{K7>(ZIz~mDdQ0ye+5K0ek-AtqyeUp@0c5jV5rl?gda#ho
z!cKDNpHP#u+(?htIh-@TnV@mTx<(QudafN2?
z+3PkK%r_<5GEh{p3W1*5Zc|(&hnWo-V6~M9lSqm`hb0F30eWbah=qA_$FoJ2et^Lp
zmfOfx*Ta0(46dQ#(rWZX>L5j1$_h}!B5)qm@ZCN5c@=q}yP
zADSrSjM`$))Gq~L@w&u`-&wMm(kd|QI|B-8soy;G&q^}%Ni&fjQVgJdy$+fkId>%A
zdMSRk&lkL3Xy6;xXO2_oFV0%ohp&mDlyJaE;iX_zHSWjj1FJSF_ZH;J0!_O9rcp+I
zx^9)WbKanjy$trf72fAkSR9A+4bl3eWg8HY
z8H@6ajrwQQXKA(pn4veXmwz*&_Nq1WsTB|OX%^ReRxHGJu-V}6Z~5G{ZZ^sgb?9Y-
zM5V+u5=h5XBWyGgOlt+RBUU~}=H_nU{PAjta)c@;{PZaM2Ev=9<+#XswOjU_#s?V-
zHeB+3$lg8)hz)bc;?lc*w+?F~C`PW%hkZsD^LW=Z$8u$)tkW$vQbPWB_Uv9yjRV1#wcd9N*h0OZ`W95Nxw+8P3wV9eoXI2A?iQuk
zT8W8VFTZEA$~kg_l+%QRR@}TIB5sA7kAVw&;eZROe>`{>DfN4u)p}Lbm6!3ew$`V
zzYpgZ5pvldK$ASnd>E`S>W|R+V_VDbbF{4XAy3~AoS!&oge7-u8t?h)1`H*)Tb$dI
zrOesthY@9poJnX@onwi_@4ZbooqE&4-^OJLdh8LLOGEj)1g2|@Dy*+QUO^D{i#|i{
z8SzXy{dH&02kS3rvZg0W_J5x)$aJSDvsxv4k`-9F5l_#o$oYlSI6o`qe5IH_mZ<9W
z7#S|tgM20cd$iWD*X-9E5=}mAH<~{1RM)k(u#vv@148_Kqb(dV7p?kBU@Elhq?s|^
z^kE(Jh4u6xRSNgCS+~Q3b4FS%yo~GHwrMa-#LHCwvuLGT{kCJ@Ygkv~1KE(QYL@G#
z4v_V?@^0w7o6#k)CeXr|K{CrkQ4*V5gyieNW#fXFZ^4*XieagEcow+s$%4EV+G`8z
zgZc(kJO$!bR|Wm6mReiwv`iYheBDL6T`4vFSIzk|wMX@a5Ro`cY17_a%f2VfV{qw{
zX(lnuG?pijNCbtaP+Qh|A8yNNLgAzC$V4IYsHJCbI(w}2Jhd#U^5CgS_WY8M+TB@F
z(3LDh&>sqAl_ByO{Tb@WAZu`uCyBxeaFrHq8u#+T&ZWBLH`$C0k5#QdQ1nI$m)L%X%IND^hPPD@&Zd
z^-i)h?du1z#OZ&zy@i(mU@e&mE09e)16o7cxg9qWgWv#aDZnQxEbaQ3p3UV{8gmC=veOgWrHQJ
z#tDKo#5wPneruFvwNw7*opPoHPSM@^UD=SBJ)Bgh$1rMDe?6p59Y%q;Yxq}TIvwJr
zBS8WQB+*c6Dl4{96RHFMwF53l;3jmD@;D?+KYSi7xPYU?8eTpT|Iw9~H^M#D`4;=Z
zS6-;}8s5xU*r{-+TKV~Fiw4cTenVTZgK@)8YVAQ!gkd<=338W*D+S$y7~eTp+G(vX
ze%zCqWzQ;b$cMotiXbD4t@g#mbeDGJqMpeYEiI1J-BuVqI))(Il1o01|q)mi=Q>
zXHRo+7~a5T4@5cdMh1zOsQjfPa$@(^R=pbuxs$CR#C2QD>ej;;8LqT@cy%CGSeJkO
z_F27~=@GhyY0xEO|7--u4q@O~`&{`n?reJb@ZECyAfFwlHkvkbavxho4HL&Zh9yZ3
zYbi*)Dwa|jtU@`K`aqJmm)%5WA*7+yWe?u2B#oFiE?|TX0$yOq+v0SUnoG5SI1{Xqj`GUy@_XeiZ^;!($^|mZHjvfcI(aJE7`Y-u<|*=pPS;91Z6DTqJJsbJd&OX2&yG
zm*t@O93cctcbM2n`l{n6PT-cflKuj!Fa35ahI1)w`3*AS&DXc?`@4l$`+l$Dt$%nV
zYPdPkqz_#^%OGuhG9ihFp<<=Z5SV)zZeCcwiMaG}qv4V$t$m;CL~q`Vs`%f2BcV(J
zO0>~c;y+5XEEl@b)P#!Wca47p?JkxNn^Z|HIsfR;BRDr9x?IxFCI6`AD3SkvKZK5P
z(a*}Aguk_HGb3=}x}F>UM-eX~dg56%_O<%yKgzZ%kkz|Zoj3l`$1CMzC;ojAD1PAI
zGx2}%ohbcQ+iB?gf6EQ%D>$qlqDsxXw(tW`twyqPDlTJWzr^
zIe>RjC2-E2$x8!C;Fi>sI_N+V7OMgc02Xis1=fpxo*MrSCfc$Is3DKFHChZ{d5O?3
z)9ic;c<0&_IwJEh|2&g)Q;GjQnexDT$n^rd#H4YlDlq239GY#u
zJnTmqlj(rc4H+7b&{%ih|AM)&q2ayk-49R(oz4SoG!i{QwBjuT!EyIH9jzl=b(hcY
zV~RTuhqhYM9#M8k)3J(;(j6(+mv_AcB*FWFfbFvGwSMypup93uMika|X7Vs%JQPxP
zBVHeL4iGwu0~8i?$i7-sp75wPS6s#b$0<*=9AjOKwI=QId8<^rl*ZaW@
z{sPFR`>*CBdInCH*dzhM!DLn4b(C=`HTgy(WgV2K7bupYuSXGZhc$CKv5tqMO=%nZZ|Jv3M~RpG8j$+{X3&XF%q
zW^6BZY65|x=`(E}n(jU%QJDWuhr8GpeE&$2Dg+7c|M=hpt(}|)oXOHO%1S=f6v_3H
zio#ediviG7I3!Ozi|AVwl$)nuJs%6O(cIL0IPEoKyRKH1fs)-fb
zA}~b7TQ;vt?}e-Gx;6I>f?gjM2S&k^4Cp5!WudQD`^jn~CeVCzS0B}(oYZ=q@3f`B
zAVJi-h7!LwLY3JCvV6d&%|gFO+r{!qN(UX&19o!}oSx?$E8>J}e0?mYKMD%VaYPMs
zmS;cUi_MnKT8HySs_Kz?!3vB*;+xLI1UWDy*JV!1-j(I1-`h**%D`DCEbrZ+@KXX1TND&M`NVXn;vrCPpfg=
zZ`*G(N=2d8jrGjH2TeXpAr$2kZ(=@wHNVaNj1b<^+D>Em=#Qixa%Ztt(4YpuCR)Sn
z?06(&d^E8N(h`wNZ^arJ@WFuPA_*s^W$sq9_BCLp_E@`O+yS%Z4S2>P3_H&NyOG}X
zP!g~&Kv!N3I|3aZM!qp$u>6SIS<+K0=<^Wq@;)v{6#j}2ccd`eKb=%rIpSLNy7Ij+7PE;QINf4!&^YaoQTZ_mBm?e$HO9~9h?Xx%ahu$jO
zQ&dZo+XMb=$lwu6Gd}0t1A$$j`>$ca1|4-`jJCgO%G|SqbVjKTWy=kEKZU)&%qw*!
zNa>%!i6y_qqMP#@zz6sDYg+XQ!?rnl8+ls**oDNAeIYI($kna1xOS#?Z>@pm8GH{a
z8o{P?wM@~Xr|?Qfsvi>*;^}>M7{cdoK17oyG3XSxd#l}jI@%@-u$MX;
z1h~;xB?Aeb?+40%
z(#m9Z!a3DMB)*Hadf(0HG=`(x;O~4&50-*SKfcY&@h@;#5smDjgnSRzBp?n_@p7lc
z%F1SXF3|Tbp0gKBrZZMpA)&A%8&n1BR~gtoUa2Ps1;KKGHeT~ft6};cf9@s@53EJ_
zZupUP8565hsZ^!6C6r;#{DZc!4?1G3YgO2FpKc(@7HX_DS^DsMLx70lpuO>s3u`TQ
z10-FUwa$Ullma2VMP?rsHgNTLEj{Jdy<(qP7Mo|?<`bQBv(vhO+K%mocYy}QR9}fA
zw2rK4*ggPRy3WnQ`13@y`0|ypkFvh22nV>kfSyB3#Q9`Rvj`$Mu(ICJ7zh`8Q9YCc
zl~7`+yyt3VPJ&qD5ryp+Nv2_(;iNvRjDA5?#gHQ(H7o@w*Gk)Y{
z$FwQEer8rj*5X@$&D~t9FOZm~pI_XwgQ8hDa^Y=B$9`bV*qwSA-enfp!w_1!8KNNN
zw_T?6iAS--ftkX1=8qaq&-^PHru;_@H~GD(OSt}sz_Hr)ztwOE#Kt@Y0O4o4oVqma
z;JYjqYOoRip5`SG4CTM)OmAo!08P8`a)dJaVx
zSLJjRPAej}!@g}DOANA`)kQ?z$6v67D65*aTIJ{n^W#khTPM+KKX4*r>Mx(~
zwPwZ7#=`Szg-E!ZSCzah+Wdu3sz*dZ12>;$ZsNo=wxutNqi0dG?U6GR9Kq%|)$eL=
zd~+dOM^5})h8GvYs~svzrH=|{BUr9pLnyQ*ZB4f4O{1*&6v*mM{XTz3M;S6f3tiXq
zU@jP?fb*%h0q4W-3F^SkTk8e&0*FqaD)VTJPkq3h+PlYyVLitD7S#5|`KJRR1
zlWLd?WNmr>)0$ej@x9vC`YwNO-v-~uZr6&emlNv-P2f_9F+37EJS>T0Gii5X#TvZa
zP)xov=BcKQ^I&cMtWK+w_Q%3J4IZdXp>WVz#tk1icC-F4%c4P`uj6L|*2qV-%5Fsn
zXY-Tt)dtugv&I$UgM$uICb^vY=^)CQa;@~R=s#MwpKCc~1lBFZoO+8ED>3Z*g8h<>
zRK#qO_4T`%VQ+&d_-*4nTh#=!!c;u7iVu;3(rC|(OzWVX#j|AbQ1PW*i@xK);xiDW
zvX^&w7itW{^oVQa@mWKu-49`#sh@7`M|F{6odhi-hSE#C-qk+@TK9(xSFWg8-enKt
zPGa}g4`)NadHLp^zQ
zXh)d{x&XpPniN%NK0GB`vJJM>@!GDkqwbj(v$cL-Zd2Szi?PwQ40d;VI&J(Wd-PCZ
z&9!4xO>l#}yPQWDnnA08xxd>opIs`>$9YQOFi&ivwgZ_d22n=axaL=}n%-JEWOele
z-CQogU-l(sD@qbp!?7kgYutMA=AeepC;TFHh&7yUb&l56nTkK>A{pvm{7{%Hy<-;}
z{B!|9N9o~#(zp#;wcNQ+EPU7_akJ_1eif%`40==8=4JXFCZb?{HAM2)p09TIx
zCPn^I)-^mxr%&gIXB+Isnk9l=?@