-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.bicep
351 lines (276 loc) · 12.8 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
@description('Specifies the location of AKS cluster.')
param location string = resourceGroup().location
@description('Specifies the name of the AKS cluster.')
param aksClusterName string = 'aks-${uniqueString(resourceGroup().id)}'
@description('Specifies the DNS prefix specified when creating the managed cluster.')
param aksClusterDnsPrefix string = aksClusterName
@description('Specifies the tags of the AKS cluster.')
param aksClusterTags object = {
resourceType: 'AKS Cluster'
createdBy: 'ARM Template'
}
@allowed([
'azure'
'kubenet'
])
@description('Specifies the network plugin used for building Kubernetes network. - azure or kubenet.')
param aksClusterNetworkPlugin string = 'azure'
@allowed([
'azure'
'calico'
])
@description('Specifies the network policy used for building Kubernetes network. - calico or azure')
param aksClusterNetworkPolicy string = 'azure'
@description('Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used.')
param aksClusterPodCidr string = '10.244.0.0/16'
@description('A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any st IP ranges.')
param aksClusterServiceCidr string = '10.2.0.0/16'
@description('Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.')
param aksClusterDnsServiceIP string = '10.2.0.10'
@description('Specifies the CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range.')
param aksClusterDockerBridgeCidr string = '172.17.0.1/16'
@allowed([
'basic'
'standard'
])
@description('Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools.')
param aksClusterLoadBalancerSku string = 'standard'
@allowed([
'Paid'
'Free'
])
@description('Specifies the tier of a managed cluster SKU: Paid or Free')
param aksClusterSkuTier string = 'Paid'
@description('Specifies the version of Kubernetes specified when creating the managed cluster.')
param aksClusterKubernetesVersion string = '1.19.7'
@description('Specifies the administrator username of Linux virtual machines.')
param aksClusterAdminUsername string
@description('Specifies the SSH RSA public key string for the Linux nodes.')
param aksClusterSshPublicKey string
@description('Specifies whether enabling AAD integration.')
param aadEnabled bool = false
@description('Specifies the tenant id of the Azure Active Directory used by the AKS cluster for authentication.')
param aadProfileTenantId string = subscription().tenantId
@description('Specifies the AAD group object IDs that will have admin role of the cluster.')
param aadProfileAdminGroupObjectIDs array = []
@description('Specifies whether to create the cluster as a private cluster or not.')
param aksClusterEnablePrivateCluster bool = true
@description('Specifies whether to enable managed AAD integration.')
param aadProfileManaged bool = false
@description('Specifies whether to to enable Azure RBAC for Kubernetes authorization.')
param aadProfileEnableAzureRBAC bool = false
@description('Specifies the unique name of the node pool profile in the context of the subscription and resource group.')
param nodePoolName string = 'nodepool1'
@description('Specifies the vm size of nodes in the node pool.')
param nodePoolVmSize string = 'Standard_DS3_v2'
@description('Specifies the OS Disk Size in GB to be used to specify the disk size for every machine in this master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified..')
param nodePoolOsDiskSizeGB int = 100
@description('Specifies the number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.')
param nodePoolCount int = 3
@allowed([
'Linux'
'Windows'
])
@description('Specifies the OS type for the vms in the node pool. Choose from Linux and Windows. Default to Linux.')
param nodePoolOsType string = 'Linux'
@description('Specifies the maximum number of pods that can run on a node. The maximum number of pods per node in an AKS cluster is 250. The default maximum number of pods per node varies between kubenet and Azure CNI networking, and the method of cluster deployment.')
param nodePoolMaxPods int = 30
@description('Specifies the maximum number of nodes for auto-scaling for the node pool.')
param nodePoolMaxCount int = 5
@description('Specifies the minimum number of nodes for auto-scaling for the node pool.')
param nodePoolMinCount int = 3
@description('Specifies whether to enable auto-scaling for the node pool.')
param nodePoolEnableAutoScaling bool = true
@allowed([
'Spot'
'Regular'
])
@description('Specifies the virtual machine scale set priority: Spot or Regular.')
param nodePoolScaleSetPriority string = 'Regular'
@description('Specifies the Agent pool node labels to be persisted across all nodes in agent pool.')
param nodePoolNodeLabels object = {}
@description('Specifies the taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. - string')
param nodePoolNodeTaints array = []
@allowed([
'System'
'User'
])
@description('Specifies the mode of an agent pool: System or User')
param nodePoolMode string = 'System'
@allowed([
'VirtualMachineScaleSets'
'AvailabilitySet'
])
@description('Specifies the type of a node pool: VirtualMachineScaleSets or AvailabilitySet')
param nodePoolType string = 'VirtualMachineScaleSets'
@description('Specifies the availability zones for nodes. Requirese the use of VirtualMachineScaleSets as node pool type.')
param nodePoolAvailabilityZones array = []
@description('Specifies the name of the virtual network.')
param virtualNetworkName string = '${aksClusterName}Vnet'
@description('Specifies the address prefixes of the virtual network.')
param virtualNetworkAddressPrefixes string = '10.0.0.0/8'
@description('Specifies the name of the default subnet hosting the AKS cluster.')
param aksSubnetName string = 'AksSubnet'
@description('Specifies the address prefix of the subnet hosting the AKS cluster.')
param aksSubnetAddressPrefix string = '10.0.0.0/16'
@description('Specifies the name of the Log Analytics Workspace.')
param logAnalyticsWorkspaceName string
@allowed([
'Free'
'Standalone'
'PerNode'
'PerGB2018'
])
@description('Specifies the service tier of the workspace: Free, Standalone, PerNode, Per-GB.')
param logAnalyticsSku string = 'PerGB2018'
@description('Specifies the workspace data retention in days. -1 means Unlimited retention for the Unlimited Sku. 730 days is the maximum allowed for all other Skus.')
param logAnalyticsRetentionInDays int = 60
@description('Specifies the name of the subnet which contains the virtual machine.')
param vmSubnetName string = 'VmSubnet'
@description('Specifies the address prefix of the subnet which contains the virtual machine.')
param vmSubnetAddressPrefix string = '10.1.0.0/24'
@description('Specifies the name of the virtual machine.')
param vmName string = 'TestVm'
@description('Specifies the size of the virtual machine.')
param vmSize string = 'Standard_DS3_v2'
@description('Specifies the image publisher of the disk image used to create the virtual machine.')
param imagePublisher string = 'Canonical'
@description('Specifies the offer of the platform image or marketplace image used to create the virtual machine.')
param imageOffer string = 'UbuntuServer'
@description('Specifies the Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version.')
param imageSku string = '18.04-LTS'
@allowed([
'sshPublicKey'
'password'
])
@description('Specifies the type of authentication when accessing the Virtual Machine. SSH key is recommended.')
param authenticationType string = 'password'
@description('Specifies the name of the administrator account of the virtual machine.')
param vmAdminUsername string
@description('Specifies the SSH Key or password for the virtual machine. SSH key is recommended.')
@secure()
param vmAdminPasswordOrKey string
@allowed([
'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS'
'UltraSSD_LRS'
])
@description('Specifies the storage account type for OS and data disk.')
param diskStorageAccounType string = 'Premium_LRS'
@minValue(0)
@maxValue(64)
@description('Specifies the number of data disks of the virtual machine.')
param numDataDisks int = 1
@description('Specifies the size in GB of the OS disk of the VM.')
param osDiskSize int = 50
@description('Specifies the size in GB of the OS disk of the virtual machine.')
param dataDiskSize int = 50
@description('Specifies the caching requirements for the data disks.')
param dataDiskCaching string = 'ReadWrite'
@description('Specifies the globally unique name for the storage account used to store the boot diagnostics logs of the virtual machine.')
param blobStorageAccountName string = 'blob${uniqueString(resourceGroup().id)}'
@description('Specifies the name of the private link to the boot diagnostics storage account.')
param blobStorageAccountPrivateEndpointName string = 'BlobStorageAccountPrivateEndpoint'
@description('Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space.')
param bastionSubnetAddressPrefix string = '10.1.1.0/26'
@description('Specifies the name of the Azure Bastion resource.')
param bastionName string = '${aksClusterName}Bastion'
module vnet 'vnet.bicep' = {
name: 'vnet'
params: {
location: location
virtualNetworkName: virtualNetworkName
virtualNetworkAddressPrefixes: virtualNetworkAddressPrefixes
aksSubnetName: aksSubnetName
aksSubnetAddressPrefix: aksSubnetAddressPrefix
bastionSubnetAddressPrefix: bastionSubnetAddressPrefix
vmSubnetName: vmSubnetName
vmSubnetAddressPrefix: vmSubnetAddressPrefix
}
}
module bastion 'bastion.bicep' = {
name: 'bastion'
params: {
bastionHostName: bastionName
bastionSubnetId: vnet.outputs.bastionSubnetId
location: location
}
}
module logAnalytics 'log-analytics.bicep' = {
name: 'log-analytics.bicep'
params: {
location: location
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
logAnalyticsSku: logAnalyticsSku
logAnalyticsRetentionInDays: logAnalyticsRetentionInDays
}
}
module jumpbox 'jumpbox.bicep' = {
name: 'jumpbox'
params: {
location: location
vmName: vmName
vmAdminUsername: vmAdminUsername
vmAdminPasswordOrKey: vmAdminPasswordOrKey
vmSize: vmSize
authenticationType: authenticationType
diskStorageAccounType: diskStorageAccounType
osDiskSize: osDiskSize
dataDiskCaching: dataDiskCaching
dataDiskSize: dataDiskSize
numDataDisks: numDataDisks
imageOffer: imageOffer
imagePublisher: imagePublisher
imageSku: imageSku
blobStorageAccountName: blobStorageAccountName
blobStorageAccountPrivateEndpointName: blobStorageAccountPrivateEndpointName
logAnalyticsWorkspaceId: logAnalytics.outputs.logAnalyticsWorkspaceId
virtualNetworkId: vnet.outputs.virtualNetworkResourceId
vmSubnetId: vnet.outputs.vmSubnetId
}
}
module aks 'aks.bicep' = {
name: 'aks'
params: {
location: location
aadEnabled: aadEnabled
aadProfileAdminGroupObjectIDs: aadProfileAdminGroupObjectIDs
aadProfileEnableAzureRBAC: aadProfileEnableAzureRBAC
aadProfileManaged: aadProfileManaged
aadProfileTenantId: aadProfileTenantId
aksClusterAdminUsername: aksClusterAdminUsername
aksClusterDnsPrefix: aksClusterDnsPrefix
aksClusterDnsServiceIP: aksClusterDnsServiceIP
aksClusterDockerBridgeCidr: aksClusterDockerBridgeCidr
aksClusterEnablePrivateCluster: aksClusterEnablePrivateCluster
aksClusterKubernetesVersion: aksClusterKubernetesVersion
aksClusterLoadBalancerSku: aksClusterLoadBalancerSku
aksClusterName: aksClusterName
aksClusterNetworkPlugin: aksClusterNetworkPlugin
aksClusterNetworkPolicy: aksClusterNetworkPolicy
aksClusterPodCidr: aksClusterPodCidr
aksClusterServiceCidr: aksClusterServiceCidr
aksClusterSkuTier: aksClusterSkuTier
aksClusterSshPublicKey: aksClusterSshPublicKey
aksClusterTags: aksClusterTags
aksSubnetName: aksSubnetName
nodePoolAvailabilityZones: nodePoolAvailabilityZones
nodePoolCount: nodePoolCount
nodePoolEnableAutoScaling: nodePoolEnableAutoScaling
nodePoolMaxCount: nodePoolMaxCount
nodePoolMaxPods: nodePoolMaxPods
nodePoolMinCount: nodePoolMinCount
nodePoolMode: nodePoolMode
nodePoolName: nodePoolName
nodePoolNodeLabels: nodePoolNodeLabels
nodePoolNodeTaints: nodePoolNodeTaints
nodePoolOsDiskSizeGB: nodePoolOsDiskSizeGB
nodePoolOsType: nodePoolOsType
nodePoolScaleSetPriority: nodePoolScaleSetPriority
nodePoolType: nodePoolType
nodePoolVmSize: nodePoolVmSize
virtualNetworkId: vnet.outputs.virtualNetworkResourceId
logAnalyticsWorkspaceId: logAnalytics.outputs.logAnalyticsWorkspaceId
}
}