Merge pull request #142 from Azure/gb-biceptweaks

A few small bicep param improvements

Author: Gordon Byers

.github/workflows_dep/regressionparams/key-vault.json

@@ -0,0 +1,47 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "resourceName": {
+      "value": "az-k8s-keyvault"
+    },
+    "custom_vnet": {
+      "value": true
+    },
+    "registries_sku": {
+      "value": "Premium"
+    },
+    "omsagent": {
+      "value": true
+    },
+    "ingressApplicationGateway": {
+      "value": true
+    },
+    "appGWcount": {
+      "value": 0
+    },
+    "appGWsku": {
+      "value": "WAF_v2"
+    },
+    "appGWmaxCount": {
+      "value": 2
+    },
+    "privateIpApplicationGateway": {
+      "value": "10.2.0.4"
+    },
+    "appgwKVIntegration": {
+      "value": true
+    },
+    "azureKeyvaultSecretsProvider": {
+      "value": true
+    },
+    "createKV": {
+      "value": true
+    },
+    "kvIPWhitelist": {
+      "value": [
+        "1.2.3.4/32"
+      ]
+    }
+  }
+}

CONTRIBUTING.md

@@ -72,21 +72,34 @@ We anticipate the use of the Develop branch is temporary.
 
 Releases are used to capture a tested release (all stages, not just Validation), where there are significant new features or bugfixes. The release does not include CI Action files, just the Bicep code.
 
-## The Wizard Web App
+## Area change guidance
+
+### Bicep code
+
+When changing the Bicep code, try to build into your `developer inner loop` the following
+
+- Review the linting warnings in VSCode. When you push, the bicep will be compiled to json with warnings/errors picked up
+- If making a breaking change (eg. changing a parameter datatype), pay attention to the Regression parameter files. These will be checked during PR. If the change you're making isn't covered by an existing parameter file, then add one.
+
+#### Breaking Changes
+
+Should be avoided wherever possible, and where necessary highlight the breaking change in the release notes.
+
+### The Wizard Web App
 
 The [configuration experience](https://azure.github.io/Aks-Construction/) is hosted in GitHub pages. It's a static web app, written in NodeJS using FluentUI.
 
-### Playwright tests
+#### Playwright tests
 
 Playwright is used to help verify that the app works properly, you can use Playwright in your local dev experience (see Codespaces below), but crucially it's also leveraged as part of the publish process. If the tests don't pass, then the app will not publish. The `fragile` keyword should be used in any tests where you're learning how they work and run. Once the test is of sufficient quality to be considered a core test, the `fragile` keyword is removed.
 
 We're trying to ensure that PR's that contain Web UI changes have appropriate Playwright tests that use `data-testid` for navigating the dom.
 
-## Dev Container / Codespaces
+### Dev Container / Codespaces
 
 A dev container is present in the repo which makes dev and testing of the UI Helper component much easier.
 
-### Commands
+#### Commands
 
 Some helpful terminal commands for when you're getting started with DevContainer/Codespaces experience
 

bicep/compiled/main.json

@@ -159,7 +159,7 @@ param KeyVaultSoftDelete bool = true
 param KeyVaultPurgeProtection bool = true
 
 @description('Add IP to firewall whitelist')
-param kvIPWhitelist string = ''
+param kvIPWhitelist array = []
 
 var akvName = 'kv-${replace(resourceName, '-', '')}'
 
@@ -178,12 +178,7 @@ resource kv 'Microsoft.KeyVault/vaults@2021-06-01-preview' = if (createKV) {
     networkAcls: privateLinks && !empty(kvIPWhitelist) ? {
       bypass: 'AzureServices' 
       defaultAction: 'Deny' 
-      
-      ipRules: empty(kvIPWhitelist) ? [] : [
-          {
-          value: kvIPWhitelist
-        }
-      ]
+      ipRules: kvIPWhitelist
       virtualNetworkRules: []
     } : {}
 
@@ -674,24 +669,48 @@ param JustUseSystemPool bool = false
 @allowed([
   'Cost-Optimised'
   'Standard'
+  'HighSpec'
+  'Custom'
 ])
 @description('The System Pool Preset sizing')
 param SystemPoolType string = 'Cost-Optimised'
 
+@description('A custom system pool spec')
+param SystemPoolCustomPreset object = {}
+
+@description('System Pool presets are derived from the recommended system pool specs')
 var systemPoolPresets = {
   'Cost-Optimised' : {
     vmSize: 'Standard_B4ms'
     count: 1
     minCount: 1
     maxCount: 3
     enableAutoScaling: true
+    availabilityZones: []
   }
   'Standard' : {
+    vmSize: 'Standard_DS2_v2'
+    count: 3
+    minCount: 3
+    maxCount: 5
+    enableAutoScaling: true
+    availabilityZones: [
+      '1'
+      '2'
+      '3'
+    ]
+  }
+  'HighSpec' : {
     vmSize: 'Standard_D4s_v3'
-    count: 2
-    minCount: 2
-    maxCount: 3
+    count: 3
+    minCount: 3
+    maxCount: 5
     enableAutoScaling: true
+    availabilityZones: [
+      '1'
+      '2'
+      '3'
+    ]
   }
 }
 
@@ -701,7 +720,6 @@ var systemPoolBase = {
   osType: 'Linux'
   maxPods: 30
   type: 'VirtualMachineScaleSets'
-  availabilityZones: !empty(availabilityZones) ? availabilityZones : null
   vnetSubnetID: !empty(aksSubnetId) ? aksSubnetId : json('null')
   upgradeSettings: {
     maxSurge: '33%'
@@ -717,6 +735,7 @@ var userPoolVmProfile = {
   minCount: autoScale ? agentCount : json('null')
   maxCount: autoScale ? agentCountMax : json('null')
   enableAutoScaling: autoScale
+  availabilityZones: !empty(availabilityZones) ? availabilityZones : null
 }
 
 var agentPoolProfileUser = union({
@@ -727,14 +746,13 @@ var agentPoolProfileUser = union({
   osType: 'Linux'
   maxPods: maxPods
   type: 'VirtualMachineScaleSets'
-  availabilityZones: !empty(availabilityZones) ? availabilityZones : null
   vnetSubnetID: !empty(aksSubnetId) ? aksSubnetId : json('null')
   upgradeSettings: {
     maxSurge: '33%'
   }
 }, userPoolVmProfile)
 
-var agentPoolProfiles = JustUseSystemPool ? array(union(systemPoolBase, userPoolVmProfile)) : concat(array(union(systemPoolBase, systemPoolPresets[SystemPoolType])), array(agentPoolProfileUser))
+var agentPoolProfiles = JustUseSystemPool ? array(union(systemPoolBase, userPoolVmProfile)) : concat(array(union(systemPoolBase, SystemPoolType=='Custom' && SystemPoolCustomPreset != {} ? SystemPoolCustomPreset : systemPoolPresets[SystemPoolType])), array(agentPoolProfileUser))
 
 var akssku = AksPaidSkuForSLA ? 'Paid' : 'Free'
 
@@ -988,8 +1006,8 @@ resource FastAlertingRole_Aks_Law 'Microsoft.Authorization/roleAssignments@2021-
   }
 }
 
-
 output LogAnalyticsName string = (createLaw) ? aks_law.name : ''
 output LogAnalyticsGuid string = (createLaw) ? aks_law.properties.customerId : ''
+output LogAnalyticsId string = (createLaw) ? aks_law.id : ''
 
 //ACSCII Art link : https://textkool.com/en/ascii-art-generator?hl=default&vl=default&font=Star%20Wars&text=changeme

bicep/main.bicep

@@ -44,7 +44,7 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
     ...(net.afw && { azureFirewalls: true, ...(addons.certMan && {certManagerFW: true}), ...(net.vnet_opt === "custom" && defaults.net.vnetFirewallSubnetAddressPrefix !== net.vnetFirewallSubnetAddressPrefix && { vnetFirewallSubnetAddressPrefix: net.vnetFirewallSubnetAddressPrefix }) }),
     ...(net.vnet_opt === "custom" && net.vnetprivateend && {
         privateLinks: true, 
-        ...(addons.csisecret === 'akvNew' && deploy.kvIPWhitelist  && apiips_array.length > 0 && {kvIPWhitelist: `"${apiips_array[0]}"`}),
+        ...(addons.csisecret === 'akvNew' && deploy.kvIPWhitelist  && apiips_array.length > 0 && {kvIPWhitelist: apiips_array }),
         ...(defaults.net.privateLinkSubnetAddressPrefix !== net.privateLinkSubnetAddressPrefix && {privateLinkSubnetAddressPrefix: net.privateLinkSubnetAddressPrefix}),
     }),
     ...(addons.monitor === "aci" && { omsagent: true, retentionInDays: addons.retentionInDays, ...( addons.createAksMetricAlerts !== defaults.addons.createAksMetricAlerts && {createAksMetricAlerts: addons.createAksMetricAlerts }) }),

helper/src/components/deployTab.js

@@ -0,0 +1,7 @@
+# Samples
+
+Filename | Description
+|---|---|
+[SampleAppMain.bicep](SampleAppMain.bicep) | When consuming the AKS Construction Bicep as a module, doing so from your own Bicep file is recommended. This sample shows using `environment mapping`, `custom naming` and basic conditional logic for using the module.
+[SystemPresetExample.bicep](SystemPresetExample.bicep) | The AKS Construction Bicep uses preset configurations for the system pool. Where you wish to deviate from these recommended presets, you can provide your own custom preset. This sample shows how to achieve that.
+[NetworkForByo.bicep](NetworkForByo.bicep) | When using the BYO network configuration you'll usually be deploying to a subscription with a peered virtual network already deployed with the correct subnets. This bicep file bridges the gap where you don't yet have that virtual network, but want to BYO network.

samples/README.md

@@ -0,0 +1,72 @@
+//------Application General Parameters------
+@description('The individual name of your application')
+@minLength(3)
+@maxLength(6)
+param nameseed string = 'app'
+param location string =  resourceGroup().location
+
+@allowed([
+  'dev'
+  'test'
+  'qa'
+  'prod'
+])
+param env string = 'dev'
+
+var envSystemPoolPresetMap = {
+  'dev' : {
+    vmSize: 'Standard_B4ms'
+    count: 1
+    minCount: 1
+    maxCount: 3
+    enableAutoScaling: true
+    availabilityZones: []
+  }
+  'test' : {
+    vmSize: 'Standard_B4ms'
+    count: 2
+    minCount: 2
+    maxCount: 6
+    enableAutoScaling: true
+    availabilityZones: []
+  }
+  'qa' : {
+    vmSize: 'Standard_D4s_v3'
+    count: 2
+    minCount: 2
+    maxCount: 3
+    enableAutoScaling: true
+    availabilityZones: [
+      '1'
+      '2'
+      '3'
+    ]
+  }
+  'prod' : {
+    vmSize: 'Standard_D4s_v3'
+    count: 3
+    minCount: 3
+    maxCount: 3
+    enableAutoScaling: true
+    availabilityZones: [
+      '1'
+      '2'
+      '3'
+    ]
+  }
+}
+
+//---------Kubernetes Construction---------
+//ref: https://github.com/Azure/Aks-Construction
+
+module aksconst '../bicep/main.bicep' = {
+  name: 'aksconstruction'
+  params: {
+    location : location
+    resourceName: nameseed
+    SystemPoolCustomPreset:  envSystemPoolPresetMap[env]
+    SystemPoolType: 'Custom'
+  }
+}
+output aksClusterName string = aksconst.outputs.aksClusterName
+output ApplicationGatewayName string = aksconst.outputs.ApplicationGatewayName