Skip to content

Commit

Permalink
feat: adds needed features for integrating with other deployments (ap…
Browse files Browse the repository at this point in the history 
…plications) (#4265)

## Description
This pull request adds the following new features to the aca hosting
environment pattern module:

Returns the name of the created resource group as output
Returns the container apps environment available workload profile names
as output
Returns the keyvault URI endpoint as output
Deploys an internal agent pool for the azure container registry
Allows for the application gateway backend fqdn to be manually set so
that the agw can be configured for deployed applications.

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.ptn.aca-lza.hosting-environment](https://github.com/kpantos/bicep-registry-modules/actions/workflows/avm.ptn.aca-lza.hosting-environment.yml/badge.svg?branch=main)](https://github.com/kpantos/bicep-registry-modules/actions/workflows/avm.ptn.aca-lza.hosting-environment.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [X] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [X] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation

## Checklist

- [X] I'm sure there are no other open Pull Requests for the same
update/change
- [X] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [X] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->
  • Loading branch information
@kpantos
kpantos authored Jan 22, 2025
1 parent 7e720fa commit 248befb
Show file tree
Hide file tree
Showing 6 changed files with 199 additions and 84 deletions.
16 changes: 15 additions & 1 deletion avm/ptn/aca-lza/hosting-environment/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ This Azure Container Apps pattern module represents an Azure Container Apps depl
| `Microsoft.Compute/virtualMachines` | [2024-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2024-07-01/virtualMachines) |
| `Microsoft.Compute/virtualMachines/extensions` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/virtualMachines/extensions) |
| `Microsoft.ContainerRegistry/registries` | [2023-06-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2023-06-01-preview/registries) |
| `Microsoft.ContainerRegistry/registries/agentPools` | [2019-06-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2019-06-01-preview/registries/agentPools) |
| `Microsoft.ContainerRegistry/registries/cacheRules` | [2023-06-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2023-06-01-preview/registries/cacheRules) |
| `Microsoft.ContainerRegistry/registries/credentialSets` | [2023-11-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2023-11-01-preview/registries/credentialSets) |
| `Microsoft.ContainerRegistry/registries/replications` | [2023-06-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2023-06-01-preview/registries/replications) |
Expand All @@ -42,8 +43,8 @@ This Azure Container Apps pattern module represents an Azure Container Apps depl
| `Microsoft.KeyVault/vaults/accessPolicies` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/accessPolicies) |
| `Microsoft.KeyVault/vaults/keys` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/keys) |
| `Microsoft.KeyVault/vaults/secrets` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/secrets) |
| `Microsoft.KeyVault/vaults/secrets` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2023-07-01/vaults/secrets) |
| `Microsoft.KeyVault/vaults/secrets` | [2024-04-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2024-04-01-preview/vaults/secrets) |
| `Microsoft.KeyVault/vaults/secrets` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2023-07-01/vaults/secrets) |
| `Microsoft.Maintenance/configurationAssignments` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Maintenance/2023-04-01/configurationAssignments) |
| `Microsoft.Maintenance/maintenanceConfigurations` | [2023-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Maintenance/2023-10-01-preview/maintenanceConfigurations) |
| `Microsoft.ManagedIdentity/userAssignedIdentities` | [2023-07-31-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2023-07-31-preview/userAssignedIdentities) |
Expand Down Expand Up @@ -629,6 +630,7 @@ param workloadName = '<workloadName>'

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`applicationGatewayBackendFqdn`](#parameter-applicationgatewaybackendfqdn) | string | The FQDN of the backend to use for the Application Gateway. Default is empty. |
| [`applicationGatewayFqdn`](#parameter-applicationgatewayfqdn) | string | The FQDN of the Application Gateway. Required and must match if the TLS Certificate is provided. Default is empty. |
| [`base64Certificate`](#parameter-base64certificate) | securestring | The base64 encoded certificate to use for Application Gateway certificate. When not provided a self signed one will be generated, the certificate will be added to the Key Vault and assigned to the Application Gateway listener. |
| [`bastionResourceId`](#parameter-bastionresourceid) | string | The resource ID of the bastion host. If set, the spoke virtual network will be peered with the hub virtual network and the bastion host will be allowed to connect to the jump box. Default is empty. |
Expand Down Expand Up @@ -727,6 +729,14 @@ The size of the virtual machine to create. See https://learn.microsoft.com/azure
- Required: Yes
- Type: string

### Parameter: `applicationGatewayBackendFqdn`

The FQDN of the backend to use for the Application Gateway. Default is empty.

- Required: No
- Type: string
- Default: `''`

### Parameter: `applicationGatewayFqdn`

The FQDN of the Application Gateway. Required and must match if the TLS Certificate is provided. Default is empty.
Expand Down Expand Up @@ -920,13 +930,17 @@ The name of the workload that is being deployed. Up to 10 characters long.
| `applicationInsightsName` | string | The name of application Insights instance. |
| `containerAppsEnvironmentName` | string | The name of the container apps environment. |
| `containerAppsEnvironmentResourceId` | string | The resource ID of the container apps environment. |
| `containerAppsEnvironmentWorkloadProfileNames` | array | The available workload profile names of the container apps environment. |
| `containerRegistryAgentPoolName` | string | The name of the internal agent pool for the container registry. |
| `containerRegistryLoginServer` | string | The name of the container registry login server. |
| `containerRegistryName` | string | The name of the container registry. |
| `containerRegistryResourceId` | string | The resource ID of the container registry. |
| `containerRegistryUserAssignedIdentityResourceId` | string | The resource ID of the user assigned managed identity for the container registry to be able to pull images from it. |
| `keyVaultName` | string | The name of the Azure key vault. |
| `keyVaultResourceId` | string | The resource ID of the key vault. |
| `keyVaultUri` | string | The keyvault URI endpoint. |
| `logAnalyticsWorkspaceResourceId` | string | The resource ID of the Log Analytics workspace created in the spoke vnet. |
| `resourceGroupName` | string | The name of the created resource group. |
| `spokeApplicationGatewaySubnetName` | string | The name of the Spoke Application Gateway Subnet. If "spokeApplicationGatewaySubnetAddressPrefix" is empty, the subnet will not be created and the value returned is empty. |
| `spokeApplicationGatewaySubnetResourceId` | string | The resource ID of the Spoke Application Gateway Subnet. If "spokeApplicationGatewaySubnetAddressPrefix" is empty, the subnet will not be created and the value returned is empty. |
| `spokeInfraSubnetName` | string | The name of the Spoke Infrastructure Subnet. |
Expand Down
23 changes: 19 additions & 4 deletions avm/ptn/aca-lza/hosting-environment/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,9 @@ param applicationGatewayCertificateKeyName string
@description('Optional. Enable/Disable usage telemetry for module.')
param enableTelemetry bool = true

@description('Optional. The FQDN of the backend to use for the Application Gateway. Default is empty.')
param applicationGatewayBackendFqdn string = ''

@description('Optional. Default value is true. If true, any resources that support AZ will be deployed in all three AZ. However if the selected region is not supporting AZ, this parameter needs to be set to false. Default is true.')
param deployZoneRedundantResources bool = true

Expand All @@ -122,7 +125,9 @@ param enableDdosProtection bool = false
// ------------------
// VARIABLES
// ------------------

var agwBackendFqdn = (empty(applicationGatewayBackendFqdn))
? (deploySampleApplication) ? sampleApplication.outputs.helloWorldAppFqdn : ''
: applicationGatewayBackendFqdn
// ------------------
// RESOURCES
// ------------------
Expand Down Expand Up @@ -235,9 +240,7 @@ module applicationGateway 'modules/application-gateway/deploy.app-gateway.bicep'
enableTelemetry: enableTelemetry
applicationGatewayCertificateKeyName: applicationGatewayCertificateKeyName
applicationGatewayFqdn: applicationGatewayFqdn
applicationGatewayPrimaryBackendEndFqdn: (deploySampleApplication)
? sampleApplication.outputs.helloWorldAppFqdn
: ''
applicationGatewayPrimaryBackendEndFqdn: agwBackendFqdn
applicationGatewaySubnetId: spoke.outputs.spokeApplicationGatewaySubnetId
base64Certificate: base64Certificate
keyVaultId: supportingServices.outputs.keyVaultResourceId
Expand Down Expand Up @@ -272,6 +275,9 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-07-01' = if (enableT
// ------------------
// OUTPUTS
// ------------------
@description('The name of the created resource group.')
output resourceGroupName string = spokeResourceGroup.outputs.name

@description('The resource ID of the Spoke Virtual Network.')
output spokeVNetResourceId string = spoke.outputs.spokeVNetId

Expand Down Expand Up @@ -309,6 +315,9 @@ output containerRegistryName string = supportingServices.outputs.containerRegist
@description('The name of the container registry login server.')
output containerRegistryLoginServer string = supportingServices.outputs.containerRegistryLoginServer

@description('The name of the internal agent pool for the container registry.')
output containerRegistryAgentPoolName string = supportingServices.outputs.containerRegistryAgentPoolName

@description('The resource ID of the user assigned managed identity for the container registry to be able to pull images from it.')
output containerRegistryUserAssignedIdentityResourceId string = supportingServices.outputs.containerRegistryUserAssignedIdentityId

Expand All @@ -318,6 +327,9 @@ output keyVaultResourceId string = supportingServices.outputs.keyVaultResourceId
@description('The name of the Azure key vault.')
output keyVaultName string = supportingServices.outputs.keyVaultName

@description('The keyvault URI endpoint.')
output keyVaultUri string = '${supportingServices.outputs.keyVaultName}.${az.environment().suffixes.keyvaultDns}'

// Application Gateway
@description('The resource ID of the Azure Application Gateway.')
output applicationGatewayResourceId string = (exposeContainerAppsWith == 'applicationGateway')
Expand All @@ -338,6 +350,9 @@ output applicationGatewayPublicIp string = (exposeContainerAppsWith == 'applicat
@description('The resource ID of the container apps environment.')
output containerAppsEnvironmentResourceId string = containerAppsEnvironment.outputs.containerAppsEnvironmentId

@description('The available workload profile names of the container apps environment.')
output containerAppsEnvironmentWorkloadProfileNames string[] = containerAppsEnvironment.outputs.workloadProfileNames

@description('The name of the container apps environment.')
output containerAppsEnvironmentName string = containerAppsEnvironment.outputs.containerAppsEnvironmentName

Expand Down
Loading

0 comments on commit 248befb

Please sign in to comment.