From eb9062f8cae4bae1ae082329572b0de97eccf02b Mon Sep 17 00:00:00 2001 From: zedy Date: Mon, 22 Jul 2024 14:30:49 +0800 Subject: [PATCH] update to use fed credential --- .../avm-validateModuleDeployment/action.yml | 4 +- .github/workflows/avm.template.module.yml | 3 + .../managed-cluster/README.md | 131 ++++++++++++++++-- .../managed-cluster/main.json | 29 +++- .../maintenance-configurations/README.md | 7 +- .../maintenance-configurations/main.bicep | 9 ++ .../maintenance-configurations/main.json | 27 +++- .../tests/e2e/automatic/main.test.bicep | 71 ++++++++++ 8 files changed, 263 insertions(+), 18 deletions(-) create mode 100644 avm/res/container-service/managed-cluster/tests/e2e/automatic/main.test.bicep diff --git a/.github/actions/templates/avm-validateModuleDeployment/action.yml b/.github/actions/templates/avm-validateModuleDeployment/action.yml index b6e1145f7d..35ca763247 100644 --- a/.github/actions/templates/avm-validateModuleDeployment/action.yml +++ b/.github/actions/templates/avm-validateModuleDeployment/action.yml @@ -62,7 +62,9 @@ runs: - name: Azure Login uses: azure/login@v2 with: - creds: ${{ env.AZURE_CREDENTIALS }} + client-id: ${{ env.AZURE_CLIENT_ID }} + tenant-id: ${{ env.AZURE_TENANT_ID }} + subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} enable-AzPSSession: true # [Set Deployment Location] task(s) diff --git a/.github/workflows/avm.template.module.yml b/.github/workflows/avm.template.module.yml index efb117c5f6..d6ad08637b 100644 --- a/.github/workflows/avm.template.module.yml +++ b/.github/workflows/avm.template.module.yml @@ -25,6 +25,9 @@ env: ARM_MGMTGROUP_ID: "${{ secrets.ARM_MGMTGROUP_ID }}" ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}" TOKEN_NAMEPREFIX: "${{ secrets.TOKEN_NAMEPREFIX }}" + AZURE_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}" + AZURE_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}" + AZURE_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}" jobs: ######################### diff --git a/avm/res/container-service/managed-cluster/README.md b/avm/res/container-service/managed-cluster/README.md index e172503f64..5f2517d42d 100644 --- a/avm/res/container-service/managed-cluster/README.md +++ b/avm/res/container-service/managed-cluster/README.md @@ -32,13 +32,124 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/container-service/managed-cluster:`. -- [Using Azure CNI Network Plugin.](#example-1-using-azure-cni-network-plugin) -- [Using only defaults](#example-2-using-only-defaults) -- [Using Kubenet Network Plugin.](#example-3-using-kubenet-network-plugin) -- [Using Private Cluster.](#example-4-using-private-cluster) -- [WAF-aligned](#example-5-waf-aligned) +- [Using only defaults and use AKS Automatic mode](#example-1-using-only-defaults-and-use-aks-automatic-mode) +- [Using Azure CNI Network Plugin.](#example-2-using-azure-cni-network-plugin) +- [Using only defaults](#example-3-using-only-defaults) +- [Using Kubenet Network Plugin.](#example-4-using-kubenet-network-plugin) +- [Using Private Cluster.](#example-5-using-private-cluster) +- [WAF-aligned](#example-6-waf-aligned) -### Example 1: _Using Azure CNI Network Plugin._ +### Example 1: _Using only defaults and use AKS Automatic mode_ + +This instance deploys the module with the set of automatic parameters. + + +
+ +via Bicep module + +```bicep +module managedCluster 'br/public:avm/res/container-service/managed-cluster:' = { + name: 'managedClusterDeployment' + params: { + // Required parameters + name: 'csauto001' + primaryAgentPoolProfile: [ + { + count: 3 + mode: 'System' + name: 'systempool' + vmSize: 'Standard_DS2_v2' + } + ] + // Non-required parameters + automatic: true + location: '' + maintenanceWindow: { + durationHours: 4 + schedule: { + absoluteMonthly: '' + daily: '' + relativeMonthly: '' + weekly: { + dayOfWeek: 'Sunday' + intervalWeeks: 1 + } + } + startDate: '2024-07-03' + startTime: '00:00' + utcOffset: '+00:00' + } + managedIdentities: { + systemAssigned: true + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "csauto001" + }, + "primaryAgentPoolProfile": { + "value": [ + { + "count": 3, + "mode": "System", + "name": "systempool", + "vmSize": "Standard_DS2_v2" + } + ] + }, + // Non-required parameters + "automatic": { + "value": true + }, + "location": { + "value": "" + }, + "maintenanceWindow": { + "value": { + "durationHours": 4, + "schedule": { + "absoluteMonthly": "", + "daily": "", + "relativeMonthly": "", + "weekly": { + "dayOfWeek": "Sunday", + "intervalWeeks": 1 + } + }, + "startDate": "2024-07-03", + "startTime": "00:00", + "utcOffset": "+00:00" + } + }, + "managedIdentities": { + "value": { + "systemAssigned": true + } + } + } +} +``` + +
+

+ +### Example 2: _Using Azure CNI Network Plugin._ This instance deploys the module with Azure CNI network plugin . @@ -538,7 +649,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:

-### Example 2: _Using only defaults_ +### Example 3: _Using only defaults_ This instance deploys the module with the minimum set of required parameters. @@ -612,7 +723,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:

-### Example 3: _Using Kubenet Network Plugin._ +### Example 4: _Using Kubenet Network Plugin._ This instance deploys the module with Kubenet network plugin . @@ -884,7 +995,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:

-### Example 4: _Using Private Cluster._ +### Example 5: _Using Private Cluster._ This instance deploys the module with a private cluster instance. @@ -1102,7 +1213,7 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:

-### Example 5: _WAF-aligned_ +### Example 6: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Well-Architected Framework. diff --git a/avm/res/container-service/managed-cluster/main.json b/avm/res/container-service/managed-cluster/main.json index 2d1a509df7..25388bb120 100644 --- a/avm/res/container-service/managed-cluster/main.json +++ b/avm/res/container-service/managed-cluster/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "14986963864114287459" + "templateHash": "2000328037027470902" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", @@ -1833,7 +1833,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "18344615743873477382" + "templateHash": "3745346013567294748" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations.", @@ -1868,7 +1868,30 @@ "maintenanceWindow": "[parameters('maintenanceWindow')]" } } - ] + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the maintenance configuration." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the maintenance configuration." + }, + "value": "[resourceId('Microsoft.ContainerService/managedClusters/maintenanceConfigurations', parameters('managedClusterName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the agent pool was deployed into." + }, + "value": "[resourceGroup().name]" + } + } } }, "dependsOn": [ diff --git a/avm/res/container-service/managed-cluster/maintenance-configurations/README.md b/avm/res/container-service/managed-cluster/maintenance-configurations/README.md index e60f349ac1..0d27640073 100644 --- a/avm/res/container-service/managed-cluster/maintenance-configurations/README.md +++ b/avm/res/container-service/managed-cluster/maintenance-configurations/README.md @@ -55,8 +55,11 @@ The name of the parent managed cluster. Required if the template is used in a st ## Outputs -| Output | Type | -| :-- | :-- | +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the maintenance configuration. | +| `resourceGroupName` | string | The resource group the agent pool was deployed into. | +| `resourceId` | string | The resource ID of the maintenance configuration. | ## Cross-referenced modules diff --git a/avm/res/container-service/managed-cluster/maintenance-configurations/main.bicep b/avm/res/container-service/managed-cluster/maintenance-configurations/main.bicep index 2f2b8df064..b7a634772c 100644 --- a/avm/res/container-service/managed-cluster/maintenance-configurations/main.bicep +++ b/avm/res/container-service/managed-cluster/maintenance-configurations/main.bicep @@ -22,3 +22,12 @@ resource aksManagedAutoUpgradeSchedule 'Microsoft.ContainerService/managedCluste maintenanceWindow: maintenanceWindow } } + +@description('The name of the maintenance configuration.') +output name string = aksManagedAutoUpgradeSchedule.name + +@description('The resource ID of the maintenance configuration.') +output resourceId string = aksManagedAutoUpgradeSchedule.id + +@description('The resource group the agent pool was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/container-service/managed-cluster/maintenance-configurations/main.json b/avm/res/container-service/managed-cluster/maintenance-configurations/main.json index e8125e2b1f..ad8be37608 100644 --- a/avm/res/container-service/managed-cluster/maintenance-configurations/main.json +++ b/avm/res/container-service/managed-cluster/maintenance-configurations/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "18344615743873477382" + "templateHash": "3745346013567294748" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations.", @@ -40,5 +40,28 @@ "maintenanceWindow": "[parameters('maintenanceWindow')]" } } - ] + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the maintenance configuration." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the maintenance configuration." + }, + "value": "[resourceId('Microsoft.ContainerService/managedClusters/maintenanceConfigurations', parameters('managedClusterName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the agent pool was deployed into." + }, + "value": "[resourceGroup().name]" + } + } } \ No newline at end of file diff --git a/avm/res/container-service/managed-cluster/tests/e2e/automatic/main.test.bicep b/avm/res/container-service/managed-cluster/tests/e2e/automatic/main.test.bicep new file mode 100644 index 0000000000..29b17bf8c5 --- /dev/null +++ b/avm/res/container-service/managed-cluster/tests/e2e/automatic/main.test.bicep @@ -0,0 +1,71 @@ +targetScope = 'subscription' + +metadata name = 'Using only defaults and use AKS Automatic mode' +metadata description = 'This instance deploys the module with the set of automatic parameters.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-containerservice.managedclusters-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'csauto' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = { + name: resourceGroupName + location: resourceLocation +} + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + automatic: true + managedIdentities: { + systemAssigned: true + } + maintenanceWindow: { + schedule: { + daily: null + weekly: { + intervalWeeks: 1 + dayOfWeek: 'Sunday' + } + absoluteMonthly: null + relativeMonthly: null + } + durationHours: 4 + utcOffset: '+00:00' + startDate: '2024-07-03' + startTime: '00:00' + } + primaryAgentPoolProfile: [ + { + name: 'systempool' + count: 3 + vmSize: 'Standard_DS2_v2' + mode: 'System' + } + ] + } + } +]