Skip to content

Commit

Permalink
feat: avm/res/container-service/managed-cluster Updates container s…
Browse files Browse the repository at this point in the history 
…ervice to support automatic clusters (#2787)

## Description

Related to PR: Azure/azure-dev#4069

Adds new automatic setting for container service managed cluster.

Set `azure/login@v2` to use federated credential. (Due to some security
policies, we are currently unable to use client secret for azure login.
After completing all changes to this PR, we will restore the login
method. This is currently only for testing the github pipeline.)

The failed test in the Pipeline Status Badge has nothing to do with this
PR. The specific information can be viewed at:
https://github.com/zedy-wj/bicep-registry-modules/actions/runs/10053355723/job/27786049197#step:4:649.

<!--
>Thank you for your contribution !
> Please include a summary of the change and which issue is fixed.
> Please also include the context.
> List any dependencies that are required for this change.

Fixes #123
Fixes #456
Closes #123
Closes #456
-->

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.container-service.managed-cluster](https://github.com/zedy-wj/bicep-registry-modules/actions/workflows/avm.res.container-service.managed-cluster.yml/badge.svg)](https://github.com/zedy-wj/bicep-registry-modules/actions/workflows/avm.res.container-service.managed-cluster.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [x] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation

## Checklist

- [x] I'm sure there are no other open Pull Requests for the same
update/change
- [x] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->

@jongio for notification.

---------

Co-authored-by: zedy <[email protected]>
  • Loading branch information
@zedy-wj
zedy-wj and zedy authored Jul 25, 2024
1 parent 1a47b12 commit 8eb3b70
Show file tree
Hide file tree
Showing 7 changed files with 518 additions and 10 deletions.
153 changes: 143 additions & 10 deletions avm/res/container-service/managed-cluster/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.ContainerService/managedClusters` | [2024-03-02-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2024-03-02-preview/managedClusters) |
| `Microsoft.ContainerService/managedClusters/agentPools` | [2023-07-02-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2023-07-02-preview/managedClusters/agentPools) |
| `Microsoft.ContainerService/managedClusters/maintenanceConfigurations` | [2023-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2023-10-01/managedClusters/maintenanceConfigurations) |
| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
| `Microsoft.KubernetesConfiguration/extensions` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/extensions) |
| `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) |
Expand All @@ -31,13 +32,124 @@ The following section provides usage examples for the module, which were used to
>**Note**: To reference the module, please use the following syntax `br/public:avm/res/container-service/managed-cluster:<version>`.
- [Using Azure CNI Network Plugin.](#example-1-using-azure-cni-network-plugin)
- [Using only defaults](#example-2-using-only-defaults)
- [Using Kubenet Network Plugin.](#example-3-using-kubenet-network-plugin)
- [Using Private Cluster.](#example-4-using-private-cluster)
- [WAF-aligned](#example-5-waf-aligned)
- [Using only defaults and use AKS Automatic mode](#example-1-using-only-defaults-and-use-aks-automatic-mode)
- [Using Azure CNI Network Plugin.](#example-2-using-azure-cni-network-plugin)
- [Using only defaults](#example-3-using-only-defaults)
- [Using Kubenet Network Plugin.](#example-4-using-kubenet-network-plugin)
- [Using Private Cluster.](#example-5-using-private-cluster)
- [WAF-aligned](#example-6-waf-aligned)

### Example 1: _Using Azure CNI Network Plugin._
### Example 1: _Using only defaults and use AKS Automatic mode_

This instance deploys the module with the set of automatic parameters.


<details>

<summary>via Bicep module</summary>

```bicep
module managedCluster 'br/public:avm/res/container-service/managed-cluster:<version>' = {
name: 'managedClusterDeployment'
params: {
// Required parameters
name: 'csauto001'
primaryAgentPoolProfile: [
{
count: 3
mode: 'System'
name: 'systempool'
vmSize: 'Standard_DS2_v2'
}
]
// Non-required parameters
location: '<location>'
maintenanceConfiguration: {
maintenanceWindow: {
durationHours: 4
schedule: {
absoluteMonthly: '<absoluteMonthly>'
daily: '<daily>'
relativeMonthly: '<relativeMonthly>'
weekly: {
dayOfWeek: 'Sunday'
intervalWeeks: 1
}
}
startDate: '2024-07-03'
startTime: '00:00'
utcOffset: '+00:00'
}
}
managedIdentities: {
systemAssigned: true
}
}
}
```

</details>
<p>

<details>

<summary>via JSON Parameter file</summary>

```json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
// Required parameters
"name": {
"value": "csauto001"
},
"primaryAgentPoolProfile": {
"value": [
{
"count": 3,
"mode": "System",
"name": "systempool",
"vmSize": "Standard_DS2_v2"
}
]
},
// Non-required parameters
"location": {
"value": "<location>"
},
"maintenanceConfiguration": {
"value": {
"maintenanceWindow": {
"durationHours": 4,
"schedule": {
"absoluteMonthly": "<absoluteMonthly>",
"daily": "<daily>",
"relativeMonthly": "<relativeMonthly>",
"weekly": {
"dayOfWeek": "Sunday",
"intervalWeeks": 1
}
},
"startDate": "2024-07-03",
"startTime": "00:00",
"utcOffset": "+00:00"
}
}
},
"managedIdentities": {
"value": {
"systemAssigned": true
}
}
}
}
```

</details>
<p>

### Example 2: _Using Azure CNI Network Plugin._

This instance deploys the module with Azure CNI network plugin .

Expand Down Expand Up @@ -537,7 +649,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
</details>
<p>

### Example 2: _Using only defaults_
### Example 3: _Using only defaults_

This instance deploys the module with the minimum set of required parameters.

Expand Down Expand Up @@ -611,7 +723,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
</details>
<p>

### Example 3: _Using Kubenet Network Plugin._
### Example 4: _Using Kubenet Network Plugin._

This instance deploys the module with Kubenet network plugin .

Expand Down Expand Up @@ -883,7 +995,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
</details>
<p>

### Example 4: _Using Private Cluster._
### Example 5: _Using Private Cluster._

This instance deploys the module with a private cluster instance.

Expand Down Expand Up @@ -1101,7 +1213,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
</details>
<p>

### Example 5: _WAF-aligned_
### Example 6: _WAF-aligned_

This instance deploys the module in alignment with the best-practices of the Well-Architected Framework.

Expand Down Expand Up @@ -1511,6 +1623,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
| [`loadBalancerSku`](#parameter-loadbalancersku) | string | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. |
| [`location`](#parameter-location) | string | Specifies the location of AKS cluster. It picks up Resource Group's location by default. |
| [`lock`](#parameter-lock) | object | The lock settings of the service. |
| [`maintenanceConfiguration`](#parameter-maintenanceconfiguration) | object | Whether or not to use AKS Automatic mode. |
| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. |
| [`managedOutboundIPCount`](#parameter-managedoutboundipcount) | int | Outbound IP Count for the Load balancer. |
| [`metricAnnotationsAllowList`](#parameter-metricannotationsallowlist) | string | A comma-separated list of Kubernetes cluster metrics annotations. |
Expand Down Expand Up @@ -2832,6 +2945,26 @@ Specify the name of lock.
- Required: No
- Type: string

### Parameter: `maintenanceConfiguration`

Whether or not to use AKS Automatic mode.

- Required: No
- Type: object

**Required parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`maintenanceWindow`](#parameter-maintenanceconfigurationmaintenancewindow) | object | Maintenance window for the maintenance configuration. |

### Parameter: `maintenanceConfiguration.maintenanceWindow`

Maintenance window for the maintenance configuration.

- Required: Yes
- Type: object

### Parameter: `managedIdentities`

The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.
Expand Down
16 changes: 16 additions & 0 deletions avm/res/container-service/managed-cluster/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,9 @@ param primaryAgentPoolProfile array
@description('Optional. Define one or more secondary/additional agent pools.')
param agentPools agentPoolType

@description('Optional. Whether or not to use AKS Automatic mode.')
param maintenanceConfiguration maintenanceConfigurationType

@description('Optional. Specifies whether the cost analysis add-on is enabled or not. If Enabled `enableStorageProfileDiskCSIDriver` is set to true as it is needed.')
param costAnalysisEnabled bool = false

Expand Down Expand Up @@ -737,6 +740,14 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2024-03-02-p
}
}

module managedCluster_maintenanceConfigurations 'maintenance-configurations/main.bicep' = if (!empty(maintenanceConfiguration)) {
name: '${uniqueString(deployment().name, location)}-ManagedCluster-MaintenanceConfigurations'
params: {
maintenanceWindow: maintenanceConfiguration!.maintenanceWindow
managedClusterName: managedCluster.name
}
}

module managedCluster_agentPools 'agent-pool/main.bicep' = [
for (agentPool, index) in (agentPools ?? []): {
name: '${uniqueString(deployment().name, location)}-ManagedCluster-AgentPool-${index}'
Expand Down Expand Up @@ -1173,3 +1184,8 @@ type customerManagedKeyType = {
@description('Required. Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.')
keyVaultNetworkAccess: ('Private' | 'Public')
}?

type maintenanceConfigurationType = {
@description('Required. Maintenance window for the maintenance configuration.')
maintenanceWindow: object
}?
109 changes: 109 additions & 0 deletions avm/res/container-service/managed-cluster/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -662,6 +662,18 @@
}
},
"nullable": true
},
"maintenanceConfigurationType": {
"type": "object",
"properties": {
"maintenanceWindow": {
"type": "object",
"metadata": {
"description": "Required. Maintenance window for the maintenance configuration."
}
}
},
"nullable": true
}
},
"parameters": {
Expand Down Expand Up @@ -966,6 +978,12 @@
"description": "Optional. Define one or more secondary/additional agent pools."
}
},
"maintenanceConfiguration": {
"$ref": "#/definitions/maintenanceConfigurationType",
"metadata": {
"description": "Optional. Whether or not to use AKS Automatic mode."
}
},
"costAnalysisEnabled": {
"type": "bool",
"defaultValue": false,
Expand Down Expand Up @@ -1775,6 +1793,97 @@
"managedCluster"
]
},
"managedCluster_maintenanceConfigurations": {
"condition": "[not(empty(parameters('maintenanceConfiguration')))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('{0}-ManagedCluster-MaintenanceConfigurations', uniqueString(deployment().name, parameters('location')))]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"maintenanceWindow": {
"value": "[parameters('maintenanceConfiguration').maintenanceWindow]"
},
"managedClusterName": {
"value": "[parameters('name')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.27.1.19265",
"templateHash": "17618545946010219594"
},
"name": "Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations",
"description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations.",
"owner": "Azure/module-maintainers"
},
"parameters": {
"maintenanceWindow": {
"type": "object",
"metadata": {
"description": "Required. Maintenance window for the maintenance configuration."
}
},
"managedClusterName": {
"type": "string",
"metadata": {
"description": "Conditional. The name of the parent managed cluster. Required if the template is used in a standalone deployment."
}
},
"name": {
"type": "string",
"defaultValue": "aksManagedAutoUpgradeSchedule",
"metadata": {
"description": "Optional. Name of the maintenance configuration."
}
}
},
"resources": [
{
"type": "Microsoft.ContainerService/managedClusters/maintenanceConfigurations",
"apiVersion": "2023-10-01",
"name": "[format('{0}/{1}', parameters('managedClusterName'), parameters('name'))]",
"properties": {
"maintenanceWindow": "[parameters('maintenanceWindow')]"
}
}
],
"outputs": {
"name": {
"type": "string",
"metadata": {
"description": "The name of the maintenance configuration."
},
"value": "[parameters('name')]"
},
"resourceId": {
"type": "string",
"metadata": {
"description": "The resource ID of the maintenance configuration."
},
"value": "[resourceId('Microsoft.ContainerService/managedClusters/maintenanceConfigurations', parameters('managedClusterName'), parameters('name'))]"
},
"resourceGroupName": {
"type": "string",
"metadata": {
"description": "The resource group the agent pool was deployed into."
},
"value": "[resourceGroup().name]"
}
}
}
},
"dependsOn": [
"managedCluster"
]
},
"managedCluster_agentPools": {
"copy": {
"name": "managedCluster_agentPools",
Expand Down
Loading

0 comments on commit 8eb3b70

Please sign in to comment.