Skip to content

Commit

Permalink
update to use fed credential
Browse files Browse the repository at this point in the history
  • Loading branch information
zedy committed Jul 22, 2024
1 parent f7cc4e5 commit eb9062f
Show file tree
Hide file tree
Showing 8 changed files with 263 additions and 18 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,9 @@ runs:
- name: Azure Login
uses: azure/login@v2
with:
creds: ${{ env.AZURE_CREDENTIALS }}
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
enable-AzPSSession: true

# [Set Deployment Location] task(s)
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/avm.template.module.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ env:
ARM_MGMTGROUP_ID: "${{ secrets.ARM_MGMTGROUP_ID }}"
ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}"
TOKEN_NAMEPREFIX: "${{ secrets.TOKEN_NAMEPREFIX }}"
AZURE_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}"
AZURE_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}"
AZURE_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}"

jobs:
#########################
Expand Down
131 changes: 121 additions & 10 deletions avm/res/container-service/managed-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,124 @@ The following section provides usage examples for the module, which were used to
>**Note**: To reference the module, please use the following syntax `br/public:avm/res/container-service/managed-cluster:<version>`.
- [Using Azure CNI Network Plugin.](#example-1-using-azure-cni-network-plugin)
- [Using only defaults](#example-2-using-only-defaults)
- [Using Kubenet Network Plugin.](#example-3-using-kubenet-network-plugin)
- [Using Private Cluster.](#example-4-using-private-cluster)
- [WAF-aligned](#example-5-waf-aligned)
- [Using only defaults and use AKS Automatic mode](#example-1-using-only-defaults-and-use-aks-automatic-mode)
- [Using Azure CNI Network Plugin.](#example-2-using-azure-cni-network-plugin)
- [Using only defaults](#example-3-using-only-defaults)
- [Using Kubenet Network Plugin.](#example-4-using-kubenet-network-plugin)
- [Using Private Cluster.](#example-5-using-private-cluster)
- [WAF-aligned](#example-6-waf-aligned)

### Example 1: _Using Azure CNI Network Plugin._
### Example 1: _Using only defaults and use AKS Automatic mode_

This instance deploys the module with the set of automatic parameters.


<details>

<summary>via Bicep module</summary>

```bicep
module managedCluster 'br/public:avm/res/container-service/managed-cluster:<version>' = {
name: 'managedClusterDeployment'
params: {
// Required parameters
name: 'csauto001'
primaryAgentPoolProfile: [
{
count: 3
mode: 'System'
name: 'systempool'
vmSize: 'Standard_DS2_v2'
}
]
// Non-required parameters
automatic: true
location: '<location>'
maintenanceWindow: {
durationHours: 4
schedule: {
absoluteMonthly: '<absoluteMonthly>'
daily: '<daily>'
relativeMonthly: '<relativeMonthly>'
weekly: {
dayOfWeek: 'Sunday'
intervalWeeks: 1
}
}
startDate: '2024-07-03'
startTime: '00:00'
utcOffset: '+00:00'
}
managedIdentities: {
systemAssigned: true
}
}
}
```

</details>
<p>

<details>

<summary>via JSON Parameter file</summary>

```json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
// Required parameters
"name": {
"value": "csauto001"
},
"primaryAgentPoolProfile": {
"value": [
{
"count": 3,
"mode": "System",
"name": "systempool",
"vmSize": "Standard_DS2_v2"
}
]
},
// Non-required parameters
"automatic": {
"value": true
},
"location": {
"value": "<location>"
},
"maintenanceWindow": {
"value": {
"durationHours": 4,
"schedule": {
"absoluteMonthly": "<absoluteMonthly>",
"daily": "<daily>",
"relativeMonthly": "<relativeMonthly>",
"weekly": {
"dayOfWeek": "Sunday",
"intervalWeeks": 1
}
},
"startDate": "2024-07-03",
"startTime": "00:00",
"utcOffset": "+00:00"
}
},
"managedIdentities": {
"value": {
"systemAssigned": true
}
}
}
}
```

</details>
<p>

### Example 2: _Using Azure CNI Network Plugin._

This instance deploys the module with Azure CNI network plugin .

Expand Down Expand Up @@ -538,7 +649,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
</details>
<p>

### Example 2: _Using only defaults_
### Example 3: _Using only defaults_

This instance deploys the module with the minimum set of required parameters.

Expand Down Expand Up @@ -612,7 +723,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
</details>
<p>

### Example 3: _Using Kubenet Network Plugin._
### Example 4: _Using Kubenet Network Plugin._

This instance deploys the module with Kubenet network plugin .

Expand Down Expand Up @@ -884,7 +995,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
</details>
<p>

### Example 4: _Using Private Cluster._
### Example 5: _Using Private Cluster._

This instance deploys the module with a private cluster instance.

Expand Down Expand Up @@ -1102,7 +1213,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
</details>
<p>

### Example 5: _WAF-aligned_
### Example 6: _WAF-aligned_

This instance deploys the module in alignment with the best-practices of the Well-Architected Framework.

Expand Down
29 changes: 26 additions & 3 deletions avm/res/container-service/managed-cluster/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.27.1.19265",
"templateHash": "14986963864114287459"
"templateHash": "2000328037027470902"
},
"name": "Azure Kubernetes Service (AKS) Managed Clusters",
"description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.",
Expand Down Expand Up @@ -1833,7 +1833,7 @@
"_generator": {
"name": "bicep",
"version": "0.27.1.19265",
"templateHash": "18344615743873477382"
"templateHash": "3745346013567294748"
},
"name": "Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations",
"description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations.",
Expand Down Expand Up @@ -1868,7 +1868,30 @@
"maintenanceWindow": "[parameters('maintenanceWindow')]"
}
}
]
],
"outputs": {
"name": {
"type": "string",
"metadata": {
"description": "The name of the maintenance configuration."
},
"value": "[parameters('name')]"
},
"resourceId": {
"type": "string",
"metadata": {
"description": "The resource ID of the maintenance configuration."
},
"value": "[resourceId('Microsoft.ContainerService/managedClusters/maintenanceConfigurations', parameters('managedClusterName'), parameters('name'))]"
},
"resourceGroupName": {
"type": "string",
"metadata": {
"description": "The resource group the agent pool was deployed into."
},
"value": "[resourceGroup().name]"
}
}
}
},
"dependsOn": [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,11 @@ The name of the parent managed cluster. Required if the template is used in a st

## Outputs

| Output | Type |
| :-- | :-- |
| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the maintenance configuration. |
| `resourceGroupName` | string | The resource group the agent pool was deployed into. |
| `resourceId` | string | The resource ID of the maintenance configuration. |

## Cross-referenced modules

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,12 @@ resource aksManagedAutoUpgradeSchedule 'Microsoft.ContainerService/managedCluste
maintenanceWindow: maintenanceWindow
}
}

@description('The name of the maintenance configuration.')
output name string = aksManagedAutoUpgradeSchedule.name

@description('The resource ID of the maintenance configuration.')
output resourceId string = aksManagedAutoUpgradeSchedule.id

@description('The resource group the agent pool was deployed into.')
output resourceGroupName string = resourceGroup().name
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.27.1.19265",
"templateHash": "18344615743873477382"
"templateHash": "3745346013567294748"
},
"name": "Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations",
"description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations.",
Expand Down Expand Up @@ -40,5 +40,28 @@
"maintenanceWindow": "[parameters('maintenanceWindow')]"
}
}
]
],
"outputs": {
"name": {
"type": "string",
"metadata": {
"description": "The name of the maintenance configuration."
},
"value": "[parameters('name')]"
},
"resourceId": {
"type": "string",
"metadata": {
"description": "The resource ID of the maintenance configuration."
},
"value": "[resourceId('Microsoft.ContainerService/managedClusters/maintenanceConfigurations', parameters('managedClusterName'), parameters('name'))]"
},
"resourceGroupName": {
"type": "string",
"metadata": {
"description": "The resource group the agent pool was deployed into."
},
"value": "[resourceGroup().name]"
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
targetScope = 'subscription'

metadata name = 'Using only defaults and use AKS Automatic mode'
metadata description = 'This instance deploys the module with the set of automatic parameters.'

// ========== //
// Parameters //
// ========== //

@description('Optional. The name of the resource group to deploy for testing purposes.')
@maxLength(90)
param resourceGroupName string = 'dep-${namePrefix}-containerservice.managedclusters-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param resourceLocation string = deployment().location

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
param serviceShort string = 'csauto'

@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// ============ //
// Dependencies //
// ============ //

// General resources
// =================
resource resourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = {
name: resourceGroupName
location: resourceLocation
}

@batchSize(1)
module testDeployment '../../../main.bicep' = [
for iteration in ['init', 'idem']: {
scope: resourceGroup
name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}'
params: {
name: '${namePrefix}${serviceShort}001'
location: resourceLocation
automatic: true
managedIdentities: {
systemAssigned: true
}
maintenanceWindow: {
schedule: {
daily: null
weekly: {
intervalWeeks: 1
dayOfWeek: 'Sunday'
}
absoluteMonthly: null
relativeMonthly: null
}
durationHours: 4
utcOffset: '+00:00'
startDate: '2024-07-03'
startTime: '00:00'
}
primaryAgentPoolProfile: [
{
name: 'systempool'
count: 3
vmSize: 'Standard_DS2_v2'
mode: 'System'
}
]
}
}
]

0 comments on commit eb9062f

Please sign in to comment.