update automatic cluster param

zedy-wj · Sep 18, 2024 · f533047 · f533047
1 parent 262c26e
commit f533047
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 1 deletion.
diff --git a/avm/res/container-service/managed-cluster/README.md b/avm/res/container-service/managed-cluster/README.md
@@ -92,6 +92,12 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
     managedIdentities: {
       systemAssigned: true
     }
+    nodeProvisioningProfile: {
+      mode: 'Auto'
+    }
+    nodeResourceGroupProfile: {
+      restrictionLevel: 'ReadOnly'
+    }
     outboundType: 'managedNATGateway'
     publicNetworkAccess: 'Enabled'
     skuName: 'Automatic'
@@ -172,6 +178,16 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
         "systemAssigned": true
       }
     },
+    "nodeProvisioningProfile": {
+      "value": {
+        "mode": "Auto"
+      }
+    },
+    "nodeResourceGroupProfile": {
+      "value": {
+        "restrictionLevel": "ReadOnly"
+      }
+    },
     "outboundType": {
       "value": "managedNATGateway"
     },
@@ -1683,7 +1699,9 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:<vers
 | [`networkPlugin`](#parameter-networkplugin) | string | Specifies the network plugin used for building Kubernetes network. |
 | [`networkPluginMode`](#parameter-networkpluginmode) | string | Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. |
 | [`networkPolicy`](#parameter-networkpolicy) | string | Specifies the network policy used for building Kubernetes network. - calico or azure. |
+| [`nodeProvisioningProfile`](#parameter-nodeprovisioningprofile) | object | Node provisioning settings that apply to the whole cluster. |
 | [`nodeResourceGroup`](#parameter-noderesourcegroup) | string | Name of the resource group containing agent pool nodes. |
+| [`nodeResourceGroupProfile`](#parameter-noderesourcegroupprofile) | object | The node resource group configuration profile. |
 | [`omsAgentEnabled`](#parameter-omsagentenabled) | bool | Specifies whether the OMS agent is enabled. |
 | [`openServiceMeshEnabled`](#parameter-openservicemeshenabled) | bool | Specifies whether the openServiceMesh add-on is enabled or not. |
 | [`outboundType`](#parameter-outboundtype) | string | Specifies outbound (egress) routing method. |
@@ -3130,6 +3148,13 @@ Specifies the network policy used for building Kubernetes network. - calico or a
   ]
   ```
 
+### Parameter: `nodeProvisioningProfile`
+
+Node provisioning settings that apply to the whole cluster.
+
+- Required: No
+- Type: object
+
 ### Parameter: `nodeResourceGroup`
 
 Name of the resource group containing agent pool nodes.
@@ -3138,6 +3163,13 @@ Name of the resource group containing agent pool nodes.
 - Type: string
 - Default: `[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]`
 
+### Parameter: `nodeResourceGroupProfile`
+
+The node resource group configuration profile.
+
+- Required: No
+- Type: object
+
 ### Parameter: `omsAgentEnabled`
 
 Specifies whether the OMS agent is enabled.

diff --git a/avm/res/container-service/managed-cluster/main.bicep b/avm/res/container-service/managed-cluster/main.bicep
@@ -131,9 +131,15 @@ param aadProfileEnableAzureRBAC bool = enableRBAC
 @description('Optional. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled.')
 param disableLocalAccounts bool = false
 
+@description('Optional. Node provisioning settings that apply to the whole cluster.')
+param nodeProvisioningProfile object?
+
 @description('Optional. Name of the resource group containing agent pool nodes.')
 param nodeResourceGroup string = '${resourceGroup().name}_aks_${name}_nodes'
 
+@description('Optional. The node resource group configuration profile.')
+param nodeResourceGroupProfile object?
+
 @description('Optional. IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer.')
 param authorizedIPRanges array?
 
@@ -628,6 +634,8 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2024-03-02-p
     enableRBAC: enableRBAC
     disableLocalAccounts: disableLocalAccounts
     nodeResourceGroup: nodeResourceGroup
+    nodeResourceGroupProfile: nodeResourceGroupProfile
+    nodeProvisioningProfile: nodeProvisioningProfile
     enablePodSecurityPolicy: enablePodSecurityPolicy
     workloadAutoScalerProfile: {
       keda: {

diff --git a/avm/res/container-service/managed-cluster/main.json b/avm/res/container-service/managed-cluster/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.27.1.19265",
-      "templateHash": "18137628139682240871"
+      "templateHash": "15001425399593651235"
     },
     "name": "Azure Kubernetes Service (AKS) Managed Clusters",
     "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.",
@@ -930,13 +930,27 @@
         "description": "Optional. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled."
       }
     },
+    "nodeProvisioningProfile": {
+      "type": "object",
+      "nullable": true,
+      "metadata": {
+        "description": "Optional. Node provisioning settings that apply to the whole cluster."
+      }
+    },
     "nodeResourceGroup": {
       "type": "string",
       "defaultValue": "[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]",
       "metadata": {
         "description": "Optional. Name of the resource group containing agent pool nodes."
       }
     },
+    "nodeResourceGroupProfile": {
+      "type": "object",
+      "nullable": true,
+      "metadata": {
+        "description": "Optional. The node resource group configuration profile."
+      }
+    },
     "authorizedIPRanges": {
       "type": "array",
       "nullable": true,
@@ -1625,6 +1639,8 @@
         "enableRBAC": "[parameters('enableRBAC')]",
         "disableLocalAccounts": "[parameters('disableLocalAccounts')]",
         "nodeResourceGroup": "[parameters('nodeResourceGroup')]",
+        "nodeResourceGroupProfile": "[parameters('nodeResourceGroupProfile')]",
+        "nodeProvisioningProfile": "[parameters('nodeProvisioningProfile')]",
         "enablePodSecurityPolicy": "[parameters('enablePodSecurityPolicy')]",
         "workloadAutoScalerProfile": {
           "keda": {

diff --git a/avm/res/container-service/managed-cluster/tests/e2e/automatic/main.test.bicep b/avm/res/container-service/managed-cluster/tests/e2e/automatic/main.test.bicep
@@ -64,6 +64,12 @@ module testDeployment '../../../main.bicep' = [
       managedIdentities: {
         systemAssigned: true
       }
+      nodeProvisioningProfile: {
+        mode: 'Auto'
+      }
+      nodeResourceGroupProfile: {
+        restrictionLevel: 'ReadOnly'
+      }
       outboundType: 'managedNATGateway'
       primaryAgentPoolProfile: [
         {