From c6ef2804b7d5f041c21d16d981564e30b60c044c Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 13:50:02 -0400 Subject: [PATCH 01/16] initial Commit --- .../managed-clusters/.test/main.test.bicep | 8 + .../.test/privateCluster/dependencies.bicep | 86 ++++++ .../.test/privateCluster/main.test.bicep | 165 +++++++++++ .../managed-clusters/README.md | 261 +++++++++++++++++- .../managed-clusters/main.bicep | 6 +- .../managed-clusters/main.json | 12 +- 6 files changed, 528 insertions(+), 10 deletions(-) create mode 100644 modules/container-service/managed-clusters/.test/privateCluster/dependencies.bicep create mode 100644 modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep diff --git a/modules/container-service/managed-clusters/.test/main.test.bicep b/modules/container-service/managed-clusters/.test/main.test.bicep index 1f15355ccf..9c774406c8 100644 --- a/modules/container-service/managed-clusters/.test/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/main.test.bicep @@ -29,3 +29,11 @@ module min 'min/main.test.bicep' = { namePrefix: namePrefix } } + +// TEST 4 - Private AKS Cluster +module privateCluster 'privateCluster/main.test.bicep' = { + name: '${uniqueString(deployment().name)}-privateCluster-test' + params: { + namePrefix: namePrefix + } +} diff --git a/modules/container-service/managed-clusters/.test/privateCluster/dependencies.bicep b/modules/container-service/managed-clusters/.test/privateCluster/dependencies.bicep new file mode 100644 index 0000000000..0fc2176705 --- /dev/null +++ b/modules/container-service/managed-clusters/.test/privateCluster/dependencies.bicep @@ -0,0 +1,86 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +@description('Required. The name of the DNS Zone to create.') +param dnsZoneName string + +@description('Required. The Private DNS Zone Name to create for Private AKS Cluster.') +param privateDnsZoneName string + +@description('Required. The Name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { + name: managedIdentityName + location: location +} + +resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = { + name: dnsZoneName + location: 'global' +} + +resource privateDnsZone 'Microsoft.Network/dnsZones@2018-05-01' = { + name: privateDnsZoneName + location: 'global' +} + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: addressPrefix + } + } + ] + } +} + +resource msivNetRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid(resourceGroup().id, 'NetworkContributor', managedIdentity.id) + scope: virtualNetwork + properties: { + principalId: managedIdentity.properties.principalId + roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') // Network Contributor + principalType: 'ServicePrincipal' + } +} + +resource msiprivDNSZoneRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid(resourceGroup().id, 'PrivateDNSZoneContributor', managedIdentity.id) + scope: privateDnsZone + properties: { + principalId: managedIdentity.properties.principalId + roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') // Private DNS Zone Contributor + principalType: 'ServicePrincipal' + } +} + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The resource ID of the created DNS Zone.') +output dnsZoneResourceId string = dnsZone.id + +@description('The resource ID of the private DNS Zone created.') +output privateDnsZoneResourceId string = privateDnsZone.id + +@description('The resource ID of the VirtualNetwork created.') +output vNetResourceId string = virtualNetwork.id diff --git a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep b/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep new file mode 100644 index 0000000000..50e9197562 --- /dev/null +++ b/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep @@ -0,0 +1,165 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.containerservice.managedclusters-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'csmkube' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-nestedDependencies' + params: { + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + dnsZoneName: 'dep-${namePrefix}-dns-${serviceShort}.com' + privateDnsZoneName: 'privatelink.${location}.azmk8s.io' + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep${namePrefix}diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}' + eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../main.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + primaryAgentPoolProfile: [ + { + availabilityZones: [ + '1' + ] + count: 1 + enableAutoScaling: true + maxCount: 3 + maxPods: 30 + minCount: 1 + mode: 'System' + name: 'systempool' + osDiskSizeGB: 0 + osType: 'Linux' + serviceCidr: '' + storageProfile: 'ManagedDisks' + type: 'VirtualMachineScaleSets' + vmSize: 'Standard_DS2_v2' + vnetSubnetID: '${nestedDependencies.outputs.vNetResourceId}/defaultSubnet' + } + ] + agentPools: [ + { + availabilityZones: [ + '1' + ] + count: 2 + enableAutoScaling: true + maxCount: 3 + maxPods: 30 + minCount: 1 + minPods: 2 + mode: 'User' + name: 'userpool1' + nodeLabels: {} + nodeTaints: [ + 'CriticalAddonsOnly=true:NoSchedule' + ] + osDiskSizeGB: 128 + osType: 'Linux' + scaleSetEvictionPolicy: 'Delete' + scaleSetPriority: 'Regular' + storageProfile: 'ManagedDisks' + type: 'VirtualMachineScaleSets' + vmSize: 'Standard_DS2_v2' + vnetSubnetID: '${nestedDependencies.outputs.vNetResourceId}/defaultSubnet' + } + { + availabilityZones: [ + '1' + ] + count: 2 + enableAutoScaling: true + maxCount: 3 + maxPods: 30 + minCount: 1 + minPods: 2 + mode: 'User' + name: 'userpool2' + nodeLabels: {} + nodeTaints: [ + 'CriticalAddonsOnly=true:NoSchedule' + ] + osDiskSizeGB: 128 + osType: 'Linux' + scaleSetEvictionPolicy: 'Delete' + scaleSetPriority: 'Regular' + storageProfile: 'ManagedDisks' + type: 'VirtualMachineScaleSets' + vmSize: 'Standard_DS2_v2' + } + ] + aksClusterNetworkPlugin: 'kubenet' + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + privateDNSZone: nestedDependencies.outputs.privateDnsZoneResourceId + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalIds: [ + nestedDependencies.outputs.managedIdentityPrincipalId + ] + principalType: 'ServicePrincipal' + } + ] + userAssignedIdentities: { + '${nestedDependencies.outputs.managedIdentityResourceId}': {} + } + tags: { + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } +} diff --git a/modules/container-service/managed-clusters/README.md b/modules/container-service/managed-clusters/README.md index e1d2a0bb46..38ffc7b558 100644 --- a/modules/container-service/managed-clusters/README.md +++ b/modules/container-service/managed-clusters/README.md @@ -122,10 +122,10 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster. | `podIdentityProfileEnable` | bool | `False` | | Whether the pod identity addon is enabled. | | `podIdentityProfileUserAssignedIdentities` | array | `[]` | | The pod identities to use in the cluster. | | `podIdentityProfileUserAssignedIdentityExceptions` | array | `[]` | | The pod identity exceptions to allow. | +| `privateDNSZone` | string | `'System'` | | Private DNS Zone configuration. Set to 'System' and AKS will create a private DNS zone in the node resource group. Set to 'None' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | -| `usePrivateDNSZone` | bool | `False` | | If AKS will create a Private DNS Zone in the Node Resource Group. | | `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | | `webApplicationRoutingEnabled` | bool | `False` | | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. | @@ -1085,3 +1085,262 @@ module managedClusters './container-service/managed-clusters/main.bicep' = {

+ +

Example 4: Privatecluster

+ +
+ +via Bicep module + +```bicep +module managedClusters './container-service/managed-clusters/main.bicep' = { + name: '${uniqueString(deployment().name, location)}-test-csmkube' + params: { + // Required parameters + name: 'csmkube001' + primaryAgentPoolProfile: [ + { + availabilityZones: [ + '1' + ] + count: 1 + enableAutoScaling: true + maxCount: 3 + maxPods: 30 + minCount: 1 + mode: 'System' + name: 'systempool' + osDiskSizeGB: 0 + osType: 'Linux' + serviceCidr: '' + storageProfile: 'ManagedDisks' + type: 'VirtualMachineScaleSets' + vmSize: 'Standard_DS2_v2' + vnetSubnetID: '' + } + ] + // Non-required parameters + agentPools: [ + { + availabilityZones: [ + '1' + ] + count: 2 + enableAutoScaling: true + maxCount: 3 + maxPods: 30 + minCount: 1 + minPods: 2 + mode: 'User' + name: 'userpool1' + nodeLabels: {} + nodeTaints: [ + 'CriticalAddonsOnly=true:NoSchedule' + ] + osDiskSizeGB: 128 + osType: 'Linux' + scaleSetEvictionPolicy: 'Delete' + scaleSetPriority: 'Regular' + storageProfile: 'ManagedDisks' + type: 'VirtualMachineScaleSets' + vmSize: 'Standard_DS2_v2' + vnetSubnetID: '' + } + { + availabilityZones: [ + '1' + ] + count: 2 + enableAutoScaling: true + maxCount: 3 + maxPods: 30 + minCount: 1 + minPods: 2 + mode: 'User' + name: 'userpool2' + nodeLabels: {} + nodeTaints: [ + 'CriticalAddonsOnly=true:NoSchedule' + ] + osDiskSizeGB: 128 + osType: 'Linux' + scaleSetEvictionPolicy: 'Delete' + scaleSetPriority: 'Regular' + storageProfile: 'ManagedDisks' + type: 'VirtualMachineScaleSets' + vmSize: 'Standard_DS2_v2' + } + ] + aksClusterNetworkPlugin: 'kubenet' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + enableDefaultTelemetry: '' + privateDNSZone: '' + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + tags: { + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + userAssignedIdentities: { + '': {} + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "csmkube001" + }, + "primaryAgentPoolProfile": { + "value": [ + { + "availabilityZones": [ + "1" + ], + "count": 1, + "enableAutoScaling": true, + "maxCount": 3, + "maxPods": 30, + "minCount": 1, + "mode": "System", + "name": "systempool", + "osDiskSizeGB": 0, + "osType": "Linux", + "serviceCidr": "", + "storageProfile": "ManagedDisks", + "type": "VirtualMachineScaleSets", + "vmSize": "Standard_DS2_v2", + "vnetSubnetID": "" + } + ] + }, + // Non-required parameters + "agentPools": { + "value": [ + { + "availabilityZones": [ + "1" + ], + "count": 2, + "enableAutoScaling": true, + "maxCount": 3, + "maxPods": 30, + "minCount": 1, + "minPods": 2, + "mode": "User", + "name": "userpool1", + "nodeLabels": {}, + "nodeTaints": [ + "CriticalAddonsOnly=true:NoSchedule" + ], + "osDiskSizeGB": 128, + "osType": "Linux", + "scaleSetEvictionPolicy": "Delete", + "scaleSetPriority": "Regular", + "storageProfile": "ManagedDisks", + "type": "VirtualMachineScaleSets", + "vmSize": "Standard_DS2_v2", + "vnetSubnetID": "" + }, + { + "availabilityZones": [ + "1" + ], + "count": 2, + "enableAutoScaling": true, + "maxCount": 3, + "maxPods": 30, + "minCount": 1, + "minPods": 2, + "mode": "User", + "name": "userpool2", + "nodeLabels": {}, + "nodeTaints": [ + "CriticalAddonsOnly=true:NoSchedule" + ], + "osDiskSizeGB": 128, + "osType": "Linux", + "scaleSetEvictionPolicy": "Delete", + "scaleSetPriority": "Regular", + "storageProfile": "ManagedDisks", + "type": "VirtualMachineScaleSets", + "vmSize": "Standard_DS2_v2" + } + ] + }, + "aksClusterNetworkPlugin": { + "value": "kubenet" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "" + }, + "diagnosticEventHubName": { + "value": "" + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "enableDefaultTelemetry": { + "value": "" + }, + "privateDNSZone": { + "value": "" + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "Role": "DeploymentValidation" + } + }, + "userAssignedIdentities": { + "value": { + "": {} + } + } + } +} +``` + +
+

diff --git a/modules/container-service/managed-clusters/main.bicep b/modules/container-service/managed-clusters/main.bicep index 4a0e21b9e6..13a4a6e218 100644 --- a/modules/container-service/managed-clusters/main.bicep +++ b/modules/container-service/managed-clusters/main.bicep @@ -120,8 +120,8 @@ param enablePrivateCluster bool = false @description('Optional. Whether to create additional public FQDN for private cluster or not.') param enablePrivateClusterPublicFQDN bool = false -@description('Optional. If AKS will create a Private DNS Zone in the Node Resource Group.') -param usePrivateDNSZone bool = false +@description('Optional. Private DNS Zone configuration. Set to \'System\' and AKS will create a private DNS zone in the node resource group. Set to \'None\' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone.') +param privateDNSZone string = 'System' @description('Required. Properties of the primary agent pool.') param primaryAgentPoolProfile array @@ -522,7 +522,7 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2023-05-02-p disableRunCommand: disableRunCommand enablePrivateCluster: enablePrivateCluster enablePrivateClusterPublicFQDN: enablePrivateClusterPublicFQDN - privateDNSZone: usePrivateDNSZone ? 'system' : '' + privateDNSZone: privateDNSZone } podIdentityProfile: { allowNetworkPluginKubenet: podIdentityProfileAllowNetworkPluginKubenet diff --git a/modules/container-service/managed-clusters/main.json b/modules/container-service/managed-clusters/main.json index 89926a2eae..cacf184592 100644 --- a/modules/container-service/managed-clusters/main.json +++ b/modules/container-service/managed-clusters/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.19.5.34762", - "templateHash": "15903452996250901966" + "templateHash": "7974498563441114899" } }, "parameters": { @@ -261,11 +261,11 @@ "description": "Optional. Whether to create additional public FQDN for private cluster or not." } }, - "usePrivateDNSZone": { - "type": "bool", - "defaultValue": false, + "privateDNSZone": { + "type": "string", + "defaultValue": "System", "metadata": { - "description": "Optional. If AKS will create a Private DNS Zone in the Node Resource Group." + "description": "Optional. Private DNS Zone configuration. Set to 'System' and AKS will create a private DNS zone in the node resource group. Set to 'None' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone." } }, "primaryAgentPoolProfile": { @@ -877,7 +877,7 @@ "disableRunCommand": "[parameters('disableRunCommand')]", "enablePrivateCluster": "[parameters('enablePrivateCluster')]", "enablePrivateClusterPublicFQDN": "[parameters('enablePrivateClusterPublicFQDN')]", - "privateDNSZone": "[if(parameters('usePrivateDNSZone'), 'system', '')]" + "privateDNSZone": "[parameters('privateDNSZone')]" }, "podIdentityProfile": { "allowNetworkPluginKubenet": "[parameters('podIdentityProfileAllowNetworkPluginKubenet')]", From 860a2d16dc7b3d3b78fff45ea362817b15cba702 Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 14:00:11 -0400 Subject: [PATCH 02/16] fixed subnet id --- .../managed-clusters/.test/privateCluster/main.test.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep b/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep index 50e9197562..d2e902a785 100644 --- a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep @@ -84,7 +84,7 @@ module testDeployment '../../main.bicep' = { storageProfile: 'ManagedDisks' type: 'VirtualMachineScaleSets' vmSize: 'Standard_DS2_v2' - vnetSubnetID: '${nestedDependencies.outputs.vNetResourceId}/defaultSubnet' + vnetSubnetID: '${nestedDependencies.outputs.vNetResourceId}/subnets/defaultSubnet' } ] agentPools: [ @@ -111,7 +111,7 @@ module testDeployment '../../main.bicep' = { storageProfile: 'ManagedDisks' type: 'VirtualMachineScaleSets' vmSize: 'Standard_DS2_v2' - vnetSubnetID: '${nestedDependencies.outputs.vNetResourceId}/defaultSubnet' + vnetSubnetID: '${nestedDependencies.outputs.vNetResourceId}/subnets/defaultSubnet' } { availabilityZones: [ From 3c0ada749b4c8e0fb77752668e127aa2663504ff Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 14:27:52 -0400 Subject: [PATCH 03/16] changed to disable Private DNS --- .../managed-clusters/.test/privateCluster/main.test.bicep | 1 + modules/container-service/managed-clusters/README.md | 6 +++++- modules/container-service/managed-clusters/main.bicep | 2 +- modules/container-service/managed-clusters/main.json | 4 ++-- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep b/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep index d2e902a785..8f8201c700 100644 --- a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep @@ -66,6 +66,7 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' + enablePrivateCluster: true primaryAgentPoolProfile: [ { availabilityZones: [ diff --git a/modules/container-service/managed-clusters/README.md b/modules/container-service/managed-clusters/README.md index 38ffc7b558..7e227be62a 100644 --- a/modules/container-service/managed-clusters/README.md +++ b/modules/container-service/managed-clusters/README.md @@ -122,7 +122,7 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster. | `podIdentityProfileEnable` | bool | `False` | | Whether the pod identity addon is enabled. | | `podIdentityProfileUserAssignedIdentities` | array | `[]` | | The pod identities to use in the cluster. | | `podIdentityProfileUserAssignedIdentityExceptions` | array | `[]` | | The pod identity exceptions to allow. | -| `privateDNSZone` | string | `'System'` | | Private DNS Zone configuration. Set to 'System' and AKS will create a private DNS zone in the node resource group. Set to 'None' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | +| `privateDNSZone` | string | `'None'` | | Private DNS Zone configuration. Set to 'System' and AKS will create a private DNS zone in the node resource group. Set to 'None' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | @@ -1178,6 +1178,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' + enablePrivateCluster: true privateDNSZone: '' roleAssignments: [ { @@ -1313,6 +1314,9 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "enableDefaultTelemetry": { "value": "" }, + "enablePrivateCluster": { + "value": true + }, "privateDNSZone": { "value": "" }, diff --git a/modules/container-service/managed-clusters/main.bicep b/modules/container-service/managed-clusters/main.bicep index 13a4a6e218..17ad545728 100644 --- a/modules/container-service/managed-clusters/main.bicep +++ b/modules/container-service/managed-clusters/main.bicep @@ -121,7 +121,7 @@ param enablePrivateCluster bool = false param enablePrivateClusterPublicFQDN bool = false @description('Optional. Private DNS Zone configuration. Set to \'System\' and AKS will create a private DNS zone in the node resource group. Set to \'None\' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone.') -param privateDNSZone string = 'System' +param privateDNSZone string = 'None' @description('Required. Properties of the primary agent pool.') param primaryAgentPoolProfile array diff --git a/modules/container-service/managed-clusters/main.json b/modules/container-service/managed-clusters/main.json index cacf184592..4fa561ec0e 100644 --- a/modules/container-service/managed-clusters/main.json +++ b/modules/container-service/managed-clusters/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.19.5.34762", - "templateHash": "7974498563441114899" + "templateHash": "18163829161136753721" } }, "parameters": { @@ -263,7 +263,7 @@ }, "privateDNSZone": { "type": "string", - "defaultValue": "System", + "defaultValue": "None", "metadata": { "description": "Optional. Private DNS Zone configuration. Set to 'System' and AKS will create a private DNS zone in the node resource group. Set to 'None' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone." } From 4831b0ca12f8491d9ea70a5b25633d1af1ec1a2f Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 14:42:42 -0400 Subject: [PATCH 04/16] changed privateDNSZone from 'none' to '' --- modules/container-service/managed-clusters/README.md | 2 +- modules/container-service/managed-clusters/main.bicep | 4 ++-- modules/container-service/managed-clusters/main.json | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/container-service/managed-clusters/README.md b/modules/container-service/managed-clusters/README.md index 7e227be62a..5653283250 100644 --- a/modules/container-service/managed-clusters/README.md +++ b/modules/container-service/managed-clusters/README.md @@ -122,7 +122,7 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster. | `podIdentityProfileEnable` | bool | `False` | | Whether the pod identity addon is enabled. | | `podIdentityProfileUserAssignedIdentities` | array | `[]` | | The pod identities to use in the cluster. | | `podIdentityProfileUserAssignedIdentityExceptions` | array | `[]` | | The pod identity exceptions to allow. | -| `privateDNSZone` | string | `'None'` | | Private DNS Zone configuration. Set to 'System' and AKS will create a private DNS zone in the node resource group. Set to 'None' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | +| `privateDNSZone` | string | `'none'` | | Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to 'none' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | diff --git a/modules/container-service/managed-clusters/main.bicep b/modules/container-service/managed-clusters/main.bicep index 17ad545728..2fe2b3bb26 100644 --- a/modules/container-service/managed-clusters/main.bicep +++ b/modules/container-service/managed-clusters/main.bicep @@ -120,8 +120,8 @@ param enablePrivateCluster bool = false @description('Optional. Whether to create additional public FQDN for private cluster or not.') param enablePrivateClusterPublicFQDN bool = false -@description('Optional. Private DNS Zone configuration. Set to \'System\' and AKS will create a private DNS zone in the node resource group. Set to \'None\' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone.') -param privateDNSZone string = 'None' +@description('Optional. Private DNS Zone configuration. Set to \'system\' and AKS will create a private DNS zone in the node resource group. Set to \'\' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone.') +param privateDNSZone string = '' @description('Required. Properties of the primary agent pool.') param primaryAgentPoolProfile array diff --git a/modules/container-service/managed-clusters/main.json b/modules/container-service/managed-clusters/main.json index 4fa561ec0e..baf3f91559 100644 --- a/modules/container-service/managed-clusters/main.json +++ b/modules/container-service/managed-clusters/main.json @@ -263,9 +263,9 @@ }, "privateDNSZone": { "type": "string", - "defaultValue": "None", + "defaultValue": "none", "metadata": { - "description": "Optional. Private DNS Zone configuration. Set to 'System' and AKS will create a private DNS zone in the node resource group. Set to 'None' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone." + "description": "Optional. Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to 'none' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone." } }, "primaryAgentPoolProfile": { From 3d5c719e069861c10465f37c45d6c063f235480e Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 14:52:08 -0400 Subject: [PATCH 05/16] added serviceCidr to test --- .../.test/privateCluster/main.test.bicep | 2 ++ modules/container-service/managed-clusters/README.md | 10 +++++++++- modules/container-service/managed-clusters/main.json | 6 +++--- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep b/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep index 8f8201c700..6bbf240091 100644 --- a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep @@ -140,6 +140,8 @@ module testDeployment '../../main.bicep' = { } ] aksClusterNetworkPlugin: 'kubenet' + aksClusterDnsServiceIP: '10.10.200.10' + aksClusterServiceCidr: '10.10.200.0/24' diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diff --git a/modules/container-service/managed-clusters/README.md b/modules/container-service/managed-clusters/README.md index 5653283250..926245be04 100644 --- a/modules/container-service/managed-clusters/README.md +++ b/modules/container-service/managed-clusters/README.md @@ -122,7 +122,7 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster. | `podIdentityProfileEnable` | bool | `False` | | Whether the pod identity addon is enabled. | | `podIdentityProfileUserAssignedIdentities` | array | `[]` | | The pod identities to use in the cluster. | | `podIdentityProfileUserAssignedIdentityExceptions` | array | `[]` | | The pod identity exceptions to allow. | -| `privateDNSZone` | string | `'none'` | | Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to 'none' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | +| `privateDNSZone` | string | `''` | | Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | @@ -1171,7 +1171,9 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { vmSize: 'Standard_DS2_v2' } ] + aksClusterDnsServiceIP: '10.10.200.10' aksClusterNetworkPlugin: 'kubenet' + aksClusterServiceCidr: '10.10.200.0/24' diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 @@ -1293,9 +1295,15 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { } ] }, + "aksClusterDnsServiceIP": { + "value": "10.10.200.10" + }, "aksClusterNetworkPlugin": { "value": "kubenet" }, + "aksClusterServiceCidr": { + "value": "10.10.200.0/24" + }, "diagnosticEventHubAuthorizationRuleId": { "value": "" }, diff --git a/modules/container-service/managed-clusters/main.json b/modules/container-service/managed-clusters/main.json index baf3f91559..cba0cd73bc 100644 --- a/modules/container-service/managed-clusters/main.json +++ b/modules/container-service/managed-clusters/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.19.5.34762", - "templateHash": "18163829161136753721" + "templateHash": "7238741749893507587" } }, "parameters": { @@ -263,9 +263,9 @@ }, "privateDNSZone": { "type": "string", - "defaultValue": "none", + "defaultValue": "", "metadata": { - "description": "Optional. Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to 'none' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone." + "description": "Optional. Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone." } }, "primaryAgentPoolProfile": { From 9b335217825ce985d2844097078a3ae4e861e15b Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 15:06:49 -0400 Subject: [PATCH 06/16] fixed serviceshort name --- .../managed-clusters/.test/privateCluster/main.test.bicep | 2 +- modules/container-service/managed-clusters/README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep b/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep index 6bbf240091..6243ae67cc 100644 --- a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep @@ -12,7 +12,7 @@ param resourceGroupName string = 'ms.containerservice.managedclusters-${serviceS param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'csmkube' +param serviceShort string = 'csmpriv' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/container-service/managed-clusters/README.md b/modules/container-service/managed-clusters/README.md index 926245be04..1137fd682a 100644 --- a/modules/container-service/managed-clusters/README.md +++ b/modules/container-service/managed-clusters/README.md @@ -1094,10 +1094,10 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { ```bicep module managedClusters './container-service/managed-clusters/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-csmkube' + name: '${uniqueString(deployment().name, location)}-test-csmpriv' params: { // Required parameters - name: 'csmkube001' + name: 'csmpriv001' primaryAgentPoolProfile: [ { availabilityZones: [ @@ -1216,7 +1216,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "parameters": { // Required parameters "name": { - "value": "csmkube001" + "value": "csmpriv001" }, "primaryAgentPoolProfile": { "value": [ From c7f75c31e93e02dd2651da189d2e0e04ddac605f Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 15:42:04 -0400 Subject: [PATCH 07/16] changed folder name --- .../managed-clusters/.test/main.test.bicep | 4 +-- .../dependencies.bicep | 8 ++--- .../{privateCluster => priv}/main.test.bicep | 12 ++------ .../managed-clusters/README.md | 30 +++++-------------- 4 files changed, 15 insertions(+), 39 deletions(-) rename modules/container-service/managed-clusters/.test/{privateCluster => priv}/dependencies.bicep (93%) rename modules/container-service/managed-clusters/.test/{privateCluster => priv}/main.test.bicep (94%) diff --git a/modules/container-service/managed-clusters/.test/main.test.bicep b/modules/container-service/managed-clusters/.test/main.test.bicep index 9c774406c8..6fe5953b62 100644 --- a/modules/container-service/managed-clusters/.test/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/main.test.bicep @@ -31,8 +31,8 @@ module min 'min/main.test.bicep' = { } // TEST 4 - Private AKS Cluster -module privateCluster 'privateCluster/main.test.bicep' = { - name: '${uniqueString(deployment().name)}-privateCluster-test' +module priv 'priv/main.test.bicep' = { + name: '${uniqueString(deployment().name)}-priv-test' params: { namePrefix: namePrefix } diff --git a/modules/container-service/managed-clusters/.test/privateCluster/dependencies.bicep b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep similarity index 93% rename from modules/container-service/managed-clusters/.test/privateCluster/dependencies.bicep rename to modules/container-service/managed-clusters/.test/priv/dependencies.bicep index 0fc2176705..e9b22ca393 100644 --- a/modules/container-service/managed-clusters/.test/privateCluster/dependencies.bicep +++ b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep @@ -50,9 +50,9 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } -resource msivNetRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { +resource msiVnetRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(resourceGroup().id, 'NetworkContributor', managedIdentity.id) - scope: virtualNetwork + scope: resourceGroup() properties: { principalId: managedIdentity.properties.principalId roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') // Network Contributor @@ -60,9 +60,9 @@ resource msivNetRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04- } } -resource msiprivDNSZoneRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { +resource msiPrivDnsZoneRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(resourceGroup().id, 'PrivateDNSZoneContributor', managedIdentity.id) - scope: privateDnsZone + scope: resourceGroup() properties: { principalId: managedIdentity.properties.principalId roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') // Private DNS Zone Contributor diff --git a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep b/modules/container-service/managed-clusters/.test/priv/main.test.bicep similarity index 94% rename from modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep rename to modules/container-service/managed-clusters/.test/priv/main.test.bicep index 6243ae67cc..5442d21afc 100644 --- a/modules/container-service/managed-clusters/.test/privateCluster/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/priv/main.test.bicep @@ -139,7 +139,8 @@ module testDeployment '../../main.bicep' = { vmSize: 'Standard_DS2_v2' } ] - aksClusterNetworkPlugin: 'kubenet' + aksClusterNetworkPlugin: 'azure' + aksClusterSkuTier: 'Paid' aksClusterDnsServiceIP: '10.10.200.10' aksClusterServiceCidr: '10.10.200.0/24' diagnosticLogsRetentionInDays: 7 @@ -148,15 +149,6 @@ module testDeployment '../../main.bicep' = { diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName privateDNSZone: nestedDependencies.outputs.privateDnsZoneResourceId - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - nestedDependencies.outputs.managedIdentityPrincipalId - ] - principalType: 'ServicePrincipal' - } - ] userAssignedIdentities: { '${nestedDependencies.outputs.managedIdentityResourceId}': {} } diff --git a/modules/container-service/managed-clusters/README.md b/modules/container-service/managed-clusters/README.md index 1137fd682a..739f4c7fe2 100644 --- a/modules/container-service/managed-clusters/README.md +++ b/modules/container-service/managed-clusters/README.md @@ -1086,7 +1086,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = {

-

Example 4: Privatecluster

+

Example 4: Priv

@@ -1172,8 +1172,9 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { } ] aksClusterDnsServiceIP: '10.10.200.10' - aksClusterNetworkPlugin: 'kubenet' + aksClusterNetworkPlugin: 'azure' aksClusterServiceCidr: '10.10.200.0/24' + aksClusterSkuTier: 'Paid' diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 @@ -1182,15 +1183,6 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { enableDefaultTelemetry: '' enablePrivateCluster: true privateDNSZone: '' - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] tags: { Environment: 'Non-Prod' Role: 'DeploymentValidation' @@ -1299,11 +1291,14 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "value": "10.10.200.10" }, "aksClusterNetworkPlugin": { - "value": "kubenet" + "value": "azure" }, "aksClusterServiceCidr": { "value": "10.10.200.0/24" }, + "aksClusterSkuTier": { + "value": "Paid" + }, "diagnosticEventHubAuthorizationRuleId": { "value": "" }, @@ -1328,17 +1323,6 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "privateDNSZone": { "value": "" }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, "tags": { "value": { "Environment": "Non-Prod", From 617526fc50ee14c16f7691dd46db58d60ec46525 Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 15:59:34 -0400 Subject: [PATCH 08/16] updated test --- .../.test/priv/dependencies.bicep | 22 +++++++++---------- .../.test/priv/main.test.bicep | 1 - 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/priv/dependencies.bicep b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep index e9b22ca393..ad22c50930 100644 --- a/modules/container-service/managed-clusters/.test/priv/dependencies.bicep +++ b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep @@ -4,9 +4,6 @@ param location string = resourceGroup().location @description('Required. The name of the Managed Identity to create.') param managedIdentityName string -@description('Required. The name of the DNS Zone to create.') -param dnsZoneName string - @description('Required. The Private DNS Zone Name to create for Private AKS Cluster.') param privateDnsZoneName string @@ -20,11 +17,6 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023- location: location } -resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = { - name: dnsZoneName - location: 'global' -} - resource privateDnsZone 'Microsoft.Network/dnsZones@2018-05-01' = { name: privateDnsZoneName location: 'global' @@ -50,6 +42,17 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } +resource privateDNSZoneVNetLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = { + name: 'pDnsLink-${virtualNetworkName}-${privateDnsZoneName}' + location: location + properties: { + registrationEnabled: true + virtualNetwork: { + id: virtualNetwork.id + } + } +} + resource msiVnetRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(resourceGroup().id, 'NetworkContributor', managedIdentity.id) scope: resourceGroup() @@ -76,9 +79,6 @@ output managedIdentityPrincipalId string = managedIdentity.properties.principalI @description('The resource ID of the created Managed Identity.') output managedIdentityResourceId string = managedIdentity.id -@description('The resource ID of the created DNS Zone.') -output dnsZoneResourceId string = dnsZone.id - @description('The resource ID of the private DNS Zone created.') output privateDnsZoneResourceId string = privateDnsZone.id diff --git a/modules/container-service/managed-clusters/.test/priv/main.test.bicep b/modules/container-service/managed-clusters/.test/priv/main.test.bicep index 5442d21afc..52d2fc7574 100644 --- a/modules/container-service/managed-clusters/.test/priv/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/priv/main.test.bicep @@ -36,7 +36,6 @@ module nestedDependencies 'dependencies.bicep' = { name: '${uniqueString(deployment().name, location)}-nestedDependencies' params: { managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' - dnsZoneName: 'dep-${namePrefix}-dns-${serviceShort}.com' privateDnsZoneName: 'privatelink.${location}.azmk8s.io' virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' } From 1a0d104661ebd76899576b9f952bdfb3f9f9d0b1 Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 16:10:48 -0400 Subject: [PATCH 09/16] updated dns link --- .../.test/priv/dependencies.bicep | 27 +++++++++---------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/priv/dependencies.bicep b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep index ad22c50930..c9e7487ae3 100644 --- a/modules/container-service/managed-clusters/.test/priv/dependencies.bicep +++ b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep @@ -17,9 +17,19 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023- location: location } -resource privateDnsZone 'Microsoft.Network/dnsZones@2018-05-01' = { +resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { name: privateDnsZoneName location: 'global' + resource privateDNSZoneVNetLink 'virtualNetworkLinks@2020-06-01' = { + name: 'pDnsLink-${virtualNetworkName}-${privateDnsZoneName}' + location: location + properties: { + registrationEnabled: true + virtualNetwork: { + id: virtualNetwork.id + } + } + } } resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { @@ -42,20 +52,9 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } -resource privateDNSZoneVNetLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = { - name: 'pDnsLink-${virtualNetworkName}-${privateDnsZoneName}' - location: location - properties: { - registrationEnabled: true - virtualNetwork: { - id: virtualNetwork.id - } - } -} - resource msiVnetRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(resourceGroup().id, 'NetworkContributor', managedIdentity.id) - scope: resourceGroup() + scope: virtualNetwork properties: { principalId: managedIdentity.properties.principalId roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') // Network Contributor @@ -65,7 +64,7 @@ resource msiVnetRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04- resource msiPrivDnsZoneRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(resourceGroup().id, 'PrivateDNSZoneContributor', managedIdentity.id) - scope: resourceGroup() + scope: privateDnsZone properties: { principalId: managedIdentity.properties.principalId roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') // Private DNS Zone Contributor From 23a7a1fd430e836cff040d95860b5adb0c3a6a86 Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 16:21:25 -0400 Subject: [PATCH 10/16] fixed nested test resource --- .../managed-clusters/.test/priv/dependencies.bicep | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/priv/dependencies.bicep b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep index c9e7487ae3..9b04f7a804 100644 --- a/modules/container-service/managed-clusters/.test/priv/dependencies.bicep +++ b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep @@ -20,9 +20,8 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023- resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { name: privateDnsZoneName location: 'global' - resource privateDNSZoneVNetLink 'virtualNetworkLinks@2020-06-01' = { + resource privateDNSZoneVNetLink 'virtualNetworkLinks' = { name: 'pDnsLink-${virtualNetworkName}-${privateDnsZoneName}' - location: location properties: { registrationEnabled: true virtualNetwork: { From 2a9fc7cb63d5ddf155d065de8001457f93cddbc8 Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 16:31:32 -0400 Subject: [PATCH 11/16] added location --- .../.test/priv/dependencies.bicep | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/priv/dependencies.bicep b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep index 9b04f7a804..be7ccff4c7 100644 --- a/modules/container-service/managed-clusters/.test/priv/dependencies.bicep +++ b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep @@ -20,15 +20,6 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023- resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { name: privateDnsZoneName location: 'global' - resource privateDNSZoneVNetLink 'virtualNetworkLinks' = { - name: 'pDnsLink-${virtualNetworkName}-${privateDnsZoneName}' - properties: { - registrationEnabled: true - virtualNetwork: { - id: virtualNetwork.id - } - } - } } resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { @@ -51,6 +42,18 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } +resource privateDNSZoneVNetLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = { + name: 'pDnsLink-${virtualNetworkName}-${privateDnsZoneName}' + location: location + parent: privateDnsZone + properties: { + registrationEnabled: true + virtualNetwork: { + id: virtualNetwork.id + } + } +} + resource msiVnetRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(resourceGroup().id, 'NetworkContributor', managedIdentity.id) scope: virtualNetwork From 451f2db410291e1051b370894be974e5f402bb44 Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 16:45:21 -0400 Subject: [PATCH 12/16] updated location --- .../managed-clusters/.test/priv/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/container-service/managed-clusters/.test/priv/dependencies.bicep b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep index be7ccff4c7..45db73ed47 100644 --- a/modules/container-service/managed-clusters/.test/priv/dependencies.bicep +++ b/modules/container-service/managed-clusters/.test/priv/dependencies.bicep @@ -44,7 +44,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { resource privateDNSZoneVNetLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = { name: 'pDnsLink-${virtualNetworkName}-${privateDnsZoneName}' - location: location + location: 'global' parent: privateDnsZone properties: { registrationEnabled: true From 890bf1a329d2bd8279f7800b38e4380d94dd9108 Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 17:01:34 -0400 Subject: [PATCH 13/16] updated skus --- .../managed-clusters/.test/priv/main.test.bicep | 2 +- modules/container-service/managed-clusters/README.md | 6 +++--- modules/container-service/managed-clusters/main.bicep | 3 ++- modules/container-service/managed-clusters/main.json | 5 +++-- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/priv/main.test.bicep b/modules/container-service/managed-clusters/.test/priv/main.test.bicep index 52d2fc7574..8168fedd03 100644 --- a/modules/container-service/managed-clusters/.test/priv/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/priv/main.test.bicep @@ -139,7 +139,7 @@ module testDeployment '../../main.bicep' = { } ] aksClusterNetworkPlugin: 'azure' - aksClusterSkuTier: 'Paid' + aksClusterSkuTier: 'Standard' aksClusterDnsServiceIP: '10.10.200.10' aksClusterServiceCidr: '10.10.200.0/24' diagnosticLogsRetentionInDays: 7 diff --git a/modules/container-service/managed-clusters/README.md b/modules/container-service/managed-clusters/README.md index 739f4c7fe2..22eb1bf6aa 100644 --- a/modules/container-service/managed-clusters/README.md +++ b/modules/container-service/managed-clusters/README.md @@ -61,7 +61,7 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster. | `aksClusterOutboundType` | string | `'loadBalancer'` | `[loadBalancer, userDefinedRouting]` | Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting. | | `aksClusterPodCidr` | string | `''` | | Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used. | | `aksClusterServiceCidr` | string | `''` | | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | -| `aksClusterSkuTier` | string | `'Free'` | `[Free, Paid]` | Tier of a managed cluster SKU. - Free or Paid. | +| `aksClusterSkuTier` | string | `'Free'` | `[Free, Premium, Standard]` | Tier of a managed cluster SKU. - Free or Paid. | | `aksClusterSshPublicKey` | string | `''` | | Specifies the SSH RSA public key string for the Linux nodes. | | `aksServicePrincipalProfile` | object | `{object}` | | Information about a service principal identity for the cluster to use for manipulating Azure APIs. | | `authorizedIPRanges` | array | `[]` | | IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. | @@ -1174,7 +1174,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { aksClusterDnsServiceIP: '10.10.200.10' aksClusterNetworkPlugin: 'azure' aksClusterServiceCidr: '10.10.200.0/24' - aksClusterSkuTier: 'Paid' + aksClusterSkuTier: 'Standard' diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 @@ -1297,7 +1297,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "value": "10.10.200.0/24" }, "aksClusterSkuTier": { - "value": "Paid" + "value": "Standard" }, "diagnosticEventHubAuthorizationRuleId": { "value": "" diff --git a/modules/container-service/managed-clusters/main.bicep b/modules/container-service/managed-clusters/main.bicep index 2fe2b3bb26..611655b6e6 100644 --- a/modules/container-service/managed-clusters/main.bicep +++ b/modules/container-service/managed-clusters/main.bicep @@ -61,7 +61,8 @@ param aksClusterOutboundType string = 'loadBalancer' @description('Optional. Tier of a managed cluster SKU. - Free or Paid.') @allowed([ 'Free' - 'Paid' + 'Premium' + 'Standard' ]) param aksClusterSkuTier string = 'Free' diff --git a/modules/container-service/managed-clusters/main.json b/modules/container-service/managed-clusters/main.json index cba0cd73bc..83f417a0f1 100644 --- a/modules/container-service/managed-clusters/main.json +++ b/modules/container-service/managed-clusters/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.19.5.34762", - "templateHash": "7238741749893507587" + "templateHash": "14139525601830400226" } }, "parameters": { @@ -129,7 +129,8 @@ "defaultValue": "Free", "allowedValues": [ "Free", - "Paid" + "Premium", + "Standard" ], "metadata": { "description": "Optional. Tier of a managed cluster SKU. - Free or Paid." From d4e494e727b94ce3f23155224645bda01e37b392 Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 20:33:00 -0400 Subject: [PATCH 14/16] changed zone to 3 --- .../.test/azure/main.test.bicep | 6 ++-- .../.test/kubenet/main.test.bicep | 4 +-- .../.test/priv/main.test.bicep | 4 +-- .../managed-clusters/README.md | 28 +++++++++---------- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/azure/main.test.bicep b/modules/container-service/managed-clusters/.test/azure/main.test.bicep index 9aa67a940a..53e453d441 100644 --- a/modules/container-service/managed-clusters/.test/azure/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/azure/main.test.bicep @@ -75,7 +75,7 @@ module testDeployment '../../main.bicep' = { primaryAgentPoolProfile: [ { availabilityZones: [ - '1' + '3' ] count: 1 enableAutoScaling: true @@ -96,7 +96,7 @@ module testDeployment '../../main.bicep' = { agentPools: [ { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true @@ -122,7 +122,7 @@ module testDeployment '../../main.bicep' = { } { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true diff --git a/modules/container-service/managed-clusters/.test/kubenet/main.test.bicep b/modules/container-service/managed-clusters/.test/kubenet/main.test.bicep index fb6a796ac9..0c983e76d5 100644 --- a/modules/container-service/managed-clusters/.test/kubenet/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/kubenet/main.test.bicep @@ -87,7 +87,7 @@ module testDeployment '../../main.bicep' = { agentPools: [ { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true @@ -111,7 +111,7 @@ module testDeployment '../../main.bicep' = { } { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true diff --git a/modules/container-service/managed-clusters/.test/priv/main.test.bicep b/modules/container-service/managed-clusters/.test/priv/main.test.bicep index 8168fedd03..5cb971f927 100644 --- a/modules/container-service/managed-clusters/.test/priv/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/priv/main.test.bicep @@ -69,7 +69,7 @@ module testDeployment '../../main.bicep' = { primaryAgentPoolProfile: [ { availabilityZones: [ - '1' + '3' ] count: 1 enableAutoScaling: true @@ -90,7 +90,7 @@ module testDeployment '../../main.bicep' = { agentPools: [ { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true diff --git a/modules/container-service/managed-clusters/README.md b/modules/container-service/managed-clusters/README.md index 22eb1bf6aa..5891e7a5b8 100644 --- a/modules/container-service/managed-clusters/README.md +++ b/modules/container-service/managed-clusters/README.md @@ -402,7 +402,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { primaryAgentPoolProfile: [ { availabilityZones: [ - '1' + '3' ] count: 1 enableAutoScaling: true @@ -424,7 +424,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { agentPools: [ { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true @@ -450,7 +450,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { } { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true @@ -578,7 +578,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "value": [ { "availabilityZones": [ - "1" + "3" ], "count": 1, "enableAutoScaling": true, @@ -602,7 +602,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "value": [ { "availabilityZones": [ - "1" + "3" ], "count": 2, "enableAutoScaling": true, @@ -628,7 +628,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { }, { "availabilityZones": [ - "1" + "3" ], "count": 2, "enableAutoScaling": true, @@ -804,7 +804,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { agentPools: [ { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true @@ -828,7 +828,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { } { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true @@ -921,7 +921,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "value": [ { "availabilityZones": [ - "1" + "3" ], "count": 2, "enableAutoScaling": true, @@ -945,7 +945,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { }, { "availabilityZones": [ - "1" + "3" ], "count": 2, "enableAutoScaling": true, @@ -1101,7 +1101,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { primaryAgentPoolProfile: [ { availabilityZones: [ - '1' + '3' ] count: 1 enableAutoScaling: true @@ -1123,7 +1123,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { agentPools: [ { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true @@ -1214,7 +1214,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "value": [ { "availabilityZones": [ - "1" + "3" ], "count": 1, "enableAutoScaling": true, @@ -1238,7 +1238,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "value": [ { "availabilityZones": [ - "1" + "3" ], "count": 2, "enableAutoScaling": true, From 01d3afb43d59d218bc2b1bec6e54eb56f371057e Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 20:45:41 -0400 Subject: [PATCH 15/16] removed DockerBridgeCIDR --- modules/container-service/managed-clusters/README.md | 1 - modules/container-service/managed-clusters/main.bicep | 4 ---- modules/container-service/managed-clusters/main.json | 10 +--------- 3 files changed, 1 insertion(+), 14 deletions(-) diff --git a/modules/container-service/managed-clusters/README.md b/modules/container-service/managed-clusters/README.md index 5891e7a5b8..f3eea676e3 100644 --- a/modules/container-service/managed-clusters/README.md +++ b/modules/container-service/managed-clusters/README.md @@ -53,7 +53,6 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster. | `aksClusterAdminUsername` | string | `'azureuser'` | | Specifies the administrator username of Linux virtual machines. | | `aksClusterDnsPrefix` | string | `[parameters('name')]` | | Specifies the DNS prefix specified when creating the managed cluster. | | `aksClusterDnsServiceIP` | string | `''` | | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | -| `aksClusterDockerBridgeCidr` | string | `''` | | Specifies the CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. | | `aksClusterKubernetesVersion` | string | `''` | | Version of Kubernetes specified when creating the managed cluster. | | `aksClusterLoadBalancerSku` | string | `'standard'` | `[basic, standard]` | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. | | `aksClusterNetworkPlugin` | string | `''` | `['', azure, kubenet]` | Specifies the network plugin used for building Kubernetes network. - azure or kubenet. | diff --git a/modules/container-service/managed-clusters/main.bicep b/modules/container-service/managed-clusters/main.bicep index 611655b6e6..4c82af5c10 100644 --- a/modules/container-service/managed-clusters/main.bicep +++ b/modules/container-service/managed-clusters/main.bicep @@ -38,9 +38,6 @@ param aksClusterServiceCidr string = '' @description('Optional. Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.') param aksClusterDnsServiceIP string = '' -@description('Optional. Specifies the CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range.') -param aksClusterDockerBridgeCidr string = '' - @description('Optional. Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools.') @allowed([ 'basic' @@ -485,7 +482,6 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2023-05-02-p podCidr: !empty(aksClusterPodCidr) ? aksClusterPodCidr : null serviceCidr: !empty(aksClusterServiceCidr) ? aksClusterServiceCidr : null dnsServiceIP: !empty(aksClusterDnsServiceIP) ? aksClusterDnsServiceIP : null - dockerBridgeCidr: !empty(aksClusterDockerBridgeCidr) ? aksClusterDockerBridgeCidr : null outboundType: aksClusterOutboundType loadBalancerSku: aksClusterLoadBalancerSku loadBalancerProfile: managedOutboundIPCount != 0 ? lbProfile : null diff --git a/modules/container-service/managed-clusters/main.json b/modules/container-service/managed-clusters/main.json index 83f417a0f1..f2682b7bcf 100644 --- a/modules/container-service/managed-clusters/main.json +++ b/modules/container-service/managed-clusters/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.19.5.34762", - "templateHash": "14139525601830400226" + "templateHash": "5348474603795558795" } }, "parameters": { @@ -88,13 +88,6 @@ "description": "Optional. Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr." } }, - "aksClusterDockerBridgeCidr": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specifies the CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range." - } - }, "aksClusterLoadBalancerSku": { "type": "string", "defaultValue": "standard", @@ -840,7 +833,6 @@ "podCidr": "[if(not(empty(parameters('aksClusterPodCidr'))), parameters('aksClusterPodCidr'), null())]", "serviceCidr": "[if(not(empty(parameters('aksClusterServiceCidr'))), parameters('aksClusterServiceCidr'), null())]", "dnsServiceIP": "[if(not(empty(parameters('aksClusterDnsServiceIP'))), parameters('aksClusterDnsServiceIP'), null())]", - "dockerBridgeCidr": "[if(not(empty(parameters('aksClusterDockerBridgeCidr'))), parameters('aksClusterDockerBridgeCidr'), null())]", "outboundType": "[parameters('aksClusterOutboundType')]", "loadBalancerSku": "[parameters('aksClusterLoadBalancerSku')]", "loadBalancerProfile": "[if(not(equals(parameters('managedOutboundIPCount'), 0)), variables('lbProfile'), null())]" From 8ab10c54cb9198ef230e6f4cc17446ebbb81b12f Mon Sep 17 00:00:00 2001 From: Shawn Meyer Date: Thu, 27 Jul 2023 20:52:01 -0400 Subject: [PATCH 16/16] changed availZone to 3 --- .../managed-clusters/.test/kubenet/main.test.bicep | 2 +- .../managed-clusters/.test/priv/main.test.bicep | 2 +- modules/container-service/managed-clusters/README.md | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/container-service/managed-clusters/.test/kubenet/main.test.bicep b/modules/container-service/managed-clusters/.test/kubenet/main.test.bicep index 0c983e76d5..617ca20c95 100644 --- a/modules/container-service/managed-clusters/.test/kubenet/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/kubenet/main.test.bicep @@ -67,7 +67,7 @@ module testDeployment '../../main.bicep' = { primaryAgentPoolProfile: [ { availabilityZones: [ - '1' + '3' ] count: 1 enableAutoScaling: true diff --git a/modules/container-service/managed-clusters/.test/priv/main.test.bicep b/modules/container-service/managed-clusters/.test/priv/main.test.bicep index 5cb971f927..13fb056ec4 100644 --- a/modules/container-service/managed-clusters/.test/priv/main.test.bicep +++ b/modules/container-service/managed-clusters/.test/priv/main.test.bicep @@ -115,7 +115,7 @@ module testDeployment '../../main.bicep' = { } { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true diff --git a/modules/container-service/managed-clusters/README.md b/modules/container-service/managed-clusters/README.md index f3eea676e3..a32e3196b5 100644 --- a/modules/container-service/managed-clusters/README.md +++ b/modules/container-service/managed-clusters/README.md @@ -782,7 +782,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { primaryAgentPoolProfile: [ { availabilityZones: [ - '1' + '3' ] count: 1 enableAutoScaling: true @@ -897,7 +897,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { "value": [ { "availabilityZones": [ - "1" + "3" ], "count": 1, "enableAutoScaling": true, @@ -1147,7 +1147,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { } { availabilityZones: [ - '1' + '3' ] count: 2 enableAutoScaling: true @@ -1262,7 +1262,7 @@ module managedClusters './container-service/managed-clusters/main.bicep' = { }, { "availabilityZones": [ - "1" + "3" ], "count": 2, "enableAutoScaling": true,