Additional Infrastructure (#69)

Infrastructure added to support additional services.
Azure · Apr 26, 2024 · 4a3ebdb · 4a3ebdb
1 parent 1b3b03b
commit 4a3ebdb
Show file tree

Hide file tree

Showing 14 changed files with 8,218 additions and 1,242 deletions.
diff --git a/azuredeploy.json b/azuredeploy.json
diff --git a/bicep/main.bicep b/bicep/main.bicep
@@ -68,11 +68,10 @@ param clusterSoftware object = {
 }
 
 // This would be a type but bugs exist for ARM Templates so is object instead.
-@description('Cluster Network Overrides - {ingress} (Both/Internal/External), {serviceCidr}, {dockerBridgeCidr}, {dnsServiceIP}')
+@description('Cluster Network Overrides - {ingress} (Both/Internal/External), {serviceCidr}, {dnsServiceIP}')
 param clusterNetwork object = {
   ingress: ''
   serviceCidr: ''
-  dockerBridgeCidr: ''
   dnsServiceIP: ''
 }
 
@@ -146,21 +145,23 @@ var configuration = {
   ]
 }
 
+var rg_unique_id = '${replace(configuration.name, '-', '')}${uniqueString(resourceGroup().id, configuration.name)}'
 
 //*****************************************************************//
 //  Identity Resources                                             //
 //*****************************************************************//
-module stampIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.1.0' = {
+module stampIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.2.1' = {
   name: '${configuration.name}-user-managed-identity'
   params: {
     // Required parameters
-    name: 'id-${replace(configuration.name, '-', '')}${uniqueString(resourceGroup().id, configuration.name)}'
+    name: rg_unique_id
     location: location
     enableTelemetry: enableTelemetry
 
     // Assign Tags
     tags: {
       layer: configuration.displayName
+      id: rg_unique_id
     }
   }
 }
@@ -169,16 +170,17 @@ module stampIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:
 //*****************************************************************//
 //  Monitoring Resources                                           //
 //*****************************************************************//
-module logAnalytics 'br/public:avm/res/operational-insights/workspace:0.2.1' = {
+module logAnalytics 'br/public:avm/res/operational-insights/workspace:0.3.4' = {
   name: '${configuration.name}-log-analytics'
   params: {
-    name: 'log-${replace(configuration.name, '-', '')}${uniqueString(resourceGroup().id, configuration.name)}'
+    name: rg_unique_id
     location: location
     enableTelemetry: enableTelemetry
 
     // Assign Tags
     tags: {
       layer: configuration.displayName
+      id: rg_unique_id
     }
 
     skuName: configuration.logs.sku
@@ -197,6 +199,10 @@ module networkBlade 'modules/blade_network.bicep' = {
       displayName: 'Network Resources'
     }
 
+    tags: {
+      id: rg_unique_id
+    }
+
     location: location
     enableTelemetry: enableTelemetry
 
@@ -248,6 +254,10 @@ module commonBlade 'modules/blade_common.bicep' = {
       displayName: 'Common Resources'
     }
 
+    tags: {
+      id: rg_unique_id
+    }
+
     location: location
     enableTelemetry: enableTelemetry
     deploymentScriptIdentity: stampIdentity.outputs.name
@@ -285,6 +295,10 @@ module manageBlade 'modules/blade_manage.bicep' = {
       displayName: 'Manage Resources'
     }
 
+    tags: {
+      id: rg_unique_id
+    }
+
     manageLayerConfig: {
       machine: {
         vmSize: 'Standard_DS3_v2'
@@ -329,6 +343,10 @@ module partitionBlade 'modules/blade_partition.bicep' = {
       displayName: 'Partition Resources'
     }
 
+    tags: {
+      id: rg_unique_id
+    }
+
     location: location
     workspaceResourceId: logAnalytics.outputs.resourceId
 
@@ -362,6 +380,10 @@ module serviceBlade 'modules/blade_service.bicep' = {
       displayName: 'Service Resources'
     }
 
+    tags: {
+      id: rg_unique_id
+    }
+
     location: location
     enableTelemetry: enableTelemetry
 
@@ -376,6 +398,7 @@ module serviceBlade 'modules/blade_service.bicep' = {
     kvUri: commonBlade.outputs.keyvaultUri
     storageName: commonBlade.outputs.storageAccountName
     partitionStorageNames: partitionBlade.outputs.partitionStorageNames
+    partitionServiceBusNames: partitionBlade.outputs.partitionServiceBusNames
 
     aksSubnetId: networkBlade.outputs.aksSubnetId
     podSubnetId: enablePodSubnet ? networkBlade.outputs.podSubnetId : ''
@@ -385,7 +408,6 @@ module serviceBlade 'modules/blade_service.bicep' = {
     clusterIngress: clusterNetwork.ingress == '' ? 'Both' : clusterNetwork.ingress 
     serviceCidr: clusterNetwork.serviceCidr == '' ? '172.16.0.0/16' : clusterNetwork.serviceCidr
     dnsServiceIP: clusterNetwork.dnsServiceIP == '' ? '172.16.0.10' : clusterNetwork.v
-    dockerBridgeCidr: clusterNetwork.dockerBridgeCidr == '' ? '172.17.0.1/16' : clusterNetwork.dockerBridgeCidr
     networkPlugin: enablePodSubnet ? 'azure' : clusterNetworkPlugin
 
     softwareBranch: clusterSoftware.branch
@@ -415,5 +437,6 @@ module serviceBlade 'modules/blade_service.bicep' = {
 }
 
 output KEYVAULT_NAME string = commonBlade.outputs.keyvaultName
+output ACR_NAME string = serviceBlade.outputs.registryName
 
 //ACSCII Art link : https://textkool.com/en/ascii-art-generator?hl=default&vl=default&font=Star%20Wars&text=changeme
diff --git a/bicep/modules/aks_agent_pool.bicep b/bicep/modules/aks_agent_pool.bicep
@@ -43,11 +43,11 @@ param podSubnetId string
 ])
 param osType string = 'Linux'
 
-resource aks 'Microsoft.ContainerService/managedClusters@2021-10-01' existing = {
+resource aks 'Microsoft.ContainerService/managedClusters@2024-01-01' existing = {
   name: AksName
 }
 
-resource nodepool 'Microsoft.ContainerService/managedClusters/agentPools@2023-10-02-preview' = {
+resource nodepool 'Microsoft.ContainerService/managedClusters/agentPools@2023-11-01' = {
   parent: aks
   name: PoolName
   properties: {

diff --git a/bicep/modules/aks_cluster.bicep b/bicep/modules/aks_cluster.bicep
@@ -158,11 +158,6 @@ param podCidr string = '192.168.0.0/16'
 @description('The address range to use for services')
 param serviceCidr string = '172.16.0.0/16'
 
-@minLength(9)
-@maxLength(18)
-@description('The address range to use for the docker bridge')
-param dockerBridgeCidr string = '172.17.0.1/16'
-
 @minLength(7)
 @maxLength(15)
 @description('The IP address to reserve for DNS')
@@ -331,7 +326,7 @@ param istioRevision string = 'asm-1-18'
 */
 
 @description('The name of the AKS cluster.')
-var name = 'aks-${replace(resourceName, '-', '')}${uniqueString(resourceGroup().id, resourceName)}'
+var name = '${replace(resourceName, '-', '')}${uniqueString(resourceGroup().id, resourceName)}'
 
 var serviceMeshProfileObj = {
   istio: {
@@ -576,7 +571,6 @@ var aksProperties = union({
     podCidr: networkPlugin=='kubenet' || networkPluginMode=='Overlay' || cniDynamicIpAllocation ? podCidr : null
     serviceCidr: serviceCidr
     dnsServiceIP: dnsServiceIP
-    dockerBridgeCidr: dockerBridgeCidr
     outboundType: outboundTrafficType
     ebpfDataplane: networkPlugin=='azure' ? ebpfDataplane : ''
   }
@@ -649,7 +643,7 @@ var ingressModes = {
 | _| `._____||_______|_______/     \______/   \______/  | _| `._____| \______||_______|_______/    
 */
 
-resource aks 'Microsoft.ContainerService/managedClusters@2023-10-01' = {
+resource aks 'Microsoft.ContainerService/managedClusters@2023-11-01' = {
   name: length(name) > 63 ? substring(name, 0, 63) : name
   location: location
   tags: tags

diff --git a/bicep/modules/app-configuration/.bicep/key_values.bicep b/bicep/modules/app-configuration/.bicep/key_values.bicep
@@ -22,7 +22,7 @@ resource appConfiguration 'Microsoft.AppConfiguration/configurationStores@2022-0
 
 var keyValueName = empty(label) ? name : '${name}$${label}'
 
-resource keyValues 'Microsoft.AppConfiguration/configurationStores/keyValues@2022-05-01' = {
+resource keyValues 'Microsoft.AppConfiguration/configurationStores/keyValues@2023-03-01' = {
   name: keyValueName
   parent: appConfiguration
   properties: {

diff --git a/bicep/modules/app-configuration/main.bicep b/bicep/modules/app-configuration/main.bicep
@@ -139,7 +139,7 @@ var diagnosticsMetrics = [for metric in metricsToEnable: {
 var identityType = systemAssignedIdentity ? 'SystemAssigned' : !empty(userAssignedIdentities) ? 'UserAssigned' : 'None'
 
 
-resource configStore 'Microsoft.AppConfiguration/configurationStores@2022-05-01' = {
+resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
   name: length(name) > 50 ? substring(name, 0, 50) : name
   location: location
   tags: tags
@@ -178,7 +178,7 @@ module configurationStore_keyValues './.bicep/key_values.bicep' = [for (keyValue
 }]
 
 // Apply Resource Lock
-resource resource_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') {
+resource resource_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') {
   name: '${configStore.name}-${lock}-lock'
   properties: {
     level: lock

diff --git a/bicep/modules/blade_common.bicep b/bicep/modules/blade_common.bicep
@@ -13,6 +13,9 @@ type bladeSettings = {
 @description('Optional. Indicates whether public access is enabled for all blobs or containers in the storage account. For security reasons, it is recommended to set it to false.')
 param enableBlobPublicAccess bool
 
+@description('Optional. The tags to apply to the resources')
+param tags object = {}
+
 @description('The location of resources to deploy')
 param location string
 
@@ -96,7 +99,7 @@ var commonLayerConfig = {
 module insights 'br/public:avm/res/insights/component:0.3.0' = {
   name: '${bladeConfig.sectionName}-insights'
   params: {
-    name: 'ai-${replace(bladeConfig.sectionName, '-', '')}${uniqueString(resourceGroup().id, bladeConfig.sectionName)}'
+    name: '${replace(bladeConfig.sectionName, '-', '')}${uniqueString(resourceGroup().id, bladeConfig.sectionName)}'
     location: location
     enableTelemetry: enableTelemetry
     kind: commonLayerConfig.insights.sku
@@ -125,7 +128,7 @@ module insights 'br/public:avm/res/insights/component:0.3.0' = {
 |__|\__\ |_______|   |__|         \__/ /__/     \__\ \______/  |_______|    |__|                                                                     
 */
 
-var name = 'kv-${replace(bladeConfig.sectionName, '-', '')}${uniqueString(resourceGroup().id, bladeConfig.sectionName)}'
+var name = '${replace(bladeConfig.sectionName, '-', '')}${uniqueString(resourceGroup().id, bladeConfig.sectionName)}'
 
 @description('The list of secrets to persist to the Key Vault')
 var vaultSecrets = [ 
@@ -166,17 +169,20 @@ var roleAssignment = {
   principalType: 'ServicePrincipal'
 }
 
-module keyvault 'br/public:avm/res/key-vault/vault:0.3.4' = {
+module keyvault 'br/public:avm/res/key-vault/vault:0.5.1' = {
   name: '${bladeConfig.sectionName}-keyvault'
   params: {
     name: length(name) > 24 ? substring(name, 0, 24) : name
     location: location
     enableTelemetry: enableTelemetry
 
     // Assign Tags
-    tags: {
-      layer: bladeConfig.displayName
-    }
+    tags: union(
+      tags,
+      {
+        layer: bladeConfig.displayName
+      }
+    )
 
     enablePurgeProtection: false
 
@@ -284,13 +290,16 @@ var storageDnsZoneName = 'privatelink.${storageDNSZoneForwarder}'
 module configStorage './storage-account/main.bicep' = {
   name: '${bladeConfig.sectionName}-storage'
   params: {
-    name: 'sa${replace(bladeConfig.sectionName, '-', '')}${uniqueString(resourceGroup().id, bladeConfig.sectionName)}'
+    name: '${replace(bladeConfig.sectionName, '-', '')}${uniqueString(resourceGroup().id, bladeConfig.sectionName)}'
     location: location
 
     // Assign Tags
-    tags: {
-      layer: bladeConfig.displayName
-    }
+    tags: union(
+      tags,
+      {
+        layer: bladeConfig.displayName
+      }
+    )
 
     // Hook up Diagnostics
     diagnosticWorkspaceId: workspaceResourceId
@@ -356,9 +365,12 @@ module database './cosmos-db/main.bicep' = {
     resourceLocation: location
 
     // Assign Tags
-    tags: {
-      layer: bladeConfig.displayName
-    }
+    tags: union(
+      tags,
+      {
+        layer: bladeConfig.displayName
+      }
+    )
 
     // Hook up Diagnostics
     diagnosticWorkspaceId: workspaceResourceId

diff --git a/bicep/modules/blade_manage.bicep b/bicep/modules/blade_manage.bicep
@@ -43,6 +43,9 @@ param bladeConfig bladeSettings
 @description('The location of resources to deploy')
 param location string
 
+@description('The tags to apply to the resources')
+param tags object = {}
+
 @description('Feature Flag to Enable Telemetry')
 param enableTelemetry bool = false
 
@@ -81,14 +84,21 @@ param manageLayerConfig manageSettings
 |______/  /__/     \__\ |_______/       |__|     |__|  \______/  |__| \__| 
 */
 
-module bastionHost 'br/public:avm/res/network/bastion-host:0.1.1' = if (enableBastion) {
+module bastionHost 'br/public:avm/res/network/bastion-host:0.2.1' = if (enableBastion) {
   name: '${bladeConfig.sectionName}-bastion'
   params: {
     name: 'bh-${replace(bladeConfig.sectionName, '-', '')}${uniqueString(resourceGroup().id, bladeConfig.sectionName)}'
     skuName: manageLayerConfig.bastion.skuName
-    vNetId: vnetId
+    virtualNetworkResourceId: vnetId
     location: location
     enableTelemetry: enableTelemetry
+
+    tags: union(
+      tags,
+      {
+        layer: bladeConfig.displayName
+      }
+    )
   }  
 }
 
@@ -113,9 +123,12 @@ module virtualMachine './virtual_machine.bicep' = if (enableBastion) {
     vmSize: manageLayerConfig.machine.vmSize
 
     // Assign Tags
-    tags: {
-      layer: bladeConfig.displayName
-    }
+    tags: union(
+      tags,
+      {
+        layer: bladeConfig.displayName
+      }
+    )
 
     vmSubnetId: vmSubnetId
     vmAdminUsername: vmAdminUsername