Skip to content

Commit

Permalink
feat: added option to enable image cleaner to container service aks. …
Browse files Browse the repository at this point in the history
…- `avm/res/container-service/managed-cluster` (Azure#1697)

## Description

This gives you user the option to enable image cleaner on an AKS cluster
<!--
>Thank you for your contribution !
> Please include a summary of the change and which issue is fixed.
> Please also include the context.
> List any dependencies that are required for this change.

Fixes Azure#123
Fixes Azure#456
Closes Azure#123
Closes Azure#456
-->

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.container-service.managed-cluster](https://github.com/PixelRobots/bicep-registry-modules/actions/workflows/avm.res.container-service.managed-cluster.yml/badge.svg?branch=feat-rh-image-clean)](https://github.com/PixelRobots/bicep-registry-modules/actions/workflows/avm.res.container-service.managed-cluster.yml)
|

## Type of Change

<!-- Use the check-boxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utlities (Non-module effecting
changes)
- [X] Azure Verified Module updates:
- [ ] Bugfix containing backwards compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation

## Checklist

- [X] I'm sure there are no other open Pull Requests for the same
update/change
- [X] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to day with the contribution guide at
https://aka.ms/avm/contribute/bicep -->

---------

Signed-off-by: PixelRobots <[email protected]>
Co-authored-by: Ilhaan Rasheed <[email protected]>
Co-authored-by: Alexander Sehr <[email protected]>
  • Loading branch information
3 people authored May 6, 2024
1 parent a787ece commit 72e5982
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 2 deletions.
18 changes: 18 additions & 0 deletions avm/res/container-service/managed-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -1494,6 +1494,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
| [`enableAzureMonitorProfileMetrics`](#parameter-enableazuremonitorprofilemetrics) | bool | Whether the metric state of the kubenetes cluster is enabled. |
| [`enableContainerInsights`](#parameter-enablecontainerinsights) | bool | Indicates if Azure Monitor Container Insights Logs Addon is enabled. |
| [`enableDnsZoneContributorRoleAssignment`](#parameter-enablednszonecontributorroleassignment) | bool | Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided. |
| [`enableImageCleaner`](#parameter-enableimagecleaner) | bool | Whether to enable Image Cleaner for Kubernetes. |
| [`enableKeyvaultSecretsProvider`](#parameter-enablekeyvaultsecretsprovider) | bool | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. |
| [`enableOidcIssuerProfile`](#parameter-enableoidcissuerprofile) | bool | Whether the The OIDC issuer profile of the Managed Cluster is enabled. |
| [`enablePodSecurityPolicy`](#parameter-enablepodsecuritypolicy) | bool | Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription. |
Expand All @@ -1512,6 +1513,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
| [`httpApplicationRoutingEnabled`](#parameter-httpapplicationroutingenabled) | bool | Specifies whether the httpApplicationRouting add-on is enabled or not. |
| [`httpProxyConfig`](#parameter-httpproxyconfig) | object | Configurations for provisioning the cluster with HTTP proxy servers. |
| [`identityProfile`](#parameter-identityprofile) | object | Identities associated with the cluster. |
| [`imageCleanerIntervalHours`](#parameter-imagecleanerintervalhours) | int | The interval in hours Image Cleaner will run. The maximum value is three months. |
| [`ingressApplicationGatewayEnabled`](#parameter-ingressapplicationgatewayenabled) | bool | Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. |
| [`kedaAddon`](#parameter-kedaaddon) | bool | Enables Kubernetes Event-driven Autoscaling (KEDA). |
| [`kubeDashboardEnabled`](#parameter-kubedashboardenabled) | bool | Specifies whether the kubeDashboard add-on is enabled or not. |
Expand Down Expand Up @@ -2544,6 +2546,14 @@ Specifies whether assing the DNS zone contributor role to the cluster service pr
- Type: bool
- Default: `True`

### Parameter: `enableImageCleaner`

Whether to enable Image Cleaner for Kubernetes.

- Required: No
- Type: bool
- Default: `False`

### Parameter: `enableKeyvaultSecretsProvider`

Specifies whether the KeyvaultSecretsProvider add-on is enabled or not.
Expand Down Expand Up @@ -2779,6 +2789,14 @@ Identities associated with the cluster.
- Required: No
- Type: object

### Parameter: `imageCleanerIntervalHours`

The interval in hours Image Cleaner will run. The maximum value is three months.

- Required: No
- Type: int
- Default: `24`

### Parameter: `ingressApplicationGatewayEnabled`

Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not.
Expand Down
13 changes: 13 additions & 0 deletions avm/res/container-service/managed-cluster/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,13 @@ param enableWorkloadIdentity bool = false
@description('Optional. Whether to enable Azure Defender.')
param enableAzureDefender bool = false

@description('Optional. Whether to enable Image Cleaner for Kubernetes.')
param enableImageCleaner bool = false

@description('Optional. The interval in hours Image Cleaner will run. The maximum value is three months.')
@minValue(24)
param imageCleanerIntervalHours int = 24

@description('Optional. Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription.')
param enablePodSecurityPolicy bool = false

Expand Down Expand Up @@ -734,6 +741,12 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2023-07-02-p
enabled: enableWorkloadIdentity
}
: null
imageCleaner: enableImageCleaner
? {
enabled: enableImageCleaner
intervalHours: imageCleanerIntervalHours
}
: null
}
storageProfile: {
blobCSIDriver: {
Expand Down
20 changes: 18 additions & 2 deletions avm/res/container-service/managed-cluster/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.26.170.59819",
"templateHash": "10554258944393732282"
"templateHash": "12963223629809121473"
},
"name": "Azure Kubernetes Service (AKS) Managed Clusters",
"description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.",
Expand Down Expand Up @@ -1270,6 +1270,21 @@
"description": "Optional. Whether to enable Azure Defender."
}
},
"enableImageCleaner": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Optional. Whether to enable Image Cleaner for Kubernetes."
}
},
"imageCleanerIntervalHours": {
"type": "int",
"defaultValue": 24,
"minValue": 24,
"metadata": {
"description": "Optional. The interval in hours Image Cleaner will run. The maximum value is three months."
}
},
"enablePodSecurityPolicy": {
"type": "bool",
"defaultValue": false,
Expand Down Expand Up @@ -1665,7 +1680,8 @@
},
"securityProfile": {
"defender": "[if(parameters('enableAzureDefender'), createObject('securityMonitoring', createObject('enabled', parameters('enableAzureDefender')), 'logAnalyticsWorkspaceResourceId', parameters('monitoringWorkspaceId')), null())]",
"workloadIdentity": "[if(parameters('enableWorkloadIdentity'), createObject('enabled', parameters('enableWorkloadIdentity')), null())]"
"workloadIdentity": "[if(parameters('enableWorkloadIdentity'), createObject('enabled', parameters('enableWorkloadIdentity')), null())]",
"imageCleaner": "[if(parameters('enableImageCleaner'), createObject('enabled', parameters('enableImageCleaner'), 'intervalHours', parameters('imageCleanerIntervalHours')), null())]"
},
"storageProfile": {
"blobCSIDriver": {
Expand Down

0 comments on commit 72e5982

Please sign in to comment.