Skip to content

Update docs + ARM template #1704

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update docs + ARM template #1704

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 56 additions & 20 deletions deploy/azuredeploy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"aksServicePrincipalAppId": {
Expand Down Expand Up @@ -331,6 +331,7 @@
"resgpguid": "[substring(replace(guid(resourceGroup().id), '-', ''), 0, 4)]",
"vnetName": "[concat('virtualnetwork' , variables('resgpguid'))]",
"applicationGatewayName": "[concat('applicationgateway' , variables('resgpguid'))]",
"wafPolicyName": "[concat('appgwwafpolicy' , variables('resgpguid'))]",
"identityName": "[concat('appgwContrIdentity' , variables('resgpguid'))]",
"applicationGatewayPublicIpName": "[concat('appgwpublicip' , variables('resgpguid'))]",
"kubernetesSubnetName": "kubesubnet",
Expand All @@ -341,28 +342,24 @@
"applicationGatewaySubnetId": "[concat(variables('vnetID'),'/subnets/', variables('applicationGatewaySubnetName'))]",
"applicationGatewayPublicIpId": "[resourceId('Microsoft.Network/publicIPAddresses',variables('applicationGatewayPublicIpName'))]",
"applicationGatewayId": "[resourceId('Microsoft.Network/applicationGateways', variables('applicationGatewayName'))]",
"wafPolicyResourceId": "[resourceId('Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies', variables('wafPolicyName'))]",
"identityId": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]",
"aksClusterId": "[resourceId('Microsoft.ContainerService/managedClusters', variables('aksClusterName'))]",
"networkContributorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
"contributorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"managedIdentityOperatorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f1a07417-d97a-45cb-824c-7a7467783830')]",
"readerRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"webApplicationFirewallConfiguration": {
"enabled": "true",
"firewallMode": "Detection"
}
"managedIdentityOperatorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f1a07417-d97a-45cb-824c-7a7467783830')]"
},
"resources": [
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"name": "[variables('identityName')]",
"apiVersion": "2015-08-31-PREVIEW",
"apiVersion": "2023-01-31",
"location": "[resourceGroup().location]"
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('vnetName')]",
"apiVersion": "2018-08-01",
"apiVersion": "2024-07-01",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
Expand All @@ -380,7 +377,15 @@
{
"name": "[variables('applicationGatewaySubnetName')]",
"properties": {
"addressPrefix": "[parameters('applicationGatewaySubnetAddressPrefix')]"
"addressPrefix": "[parameters('applicationGatewaySubnetAddressPrefix')]",
"delegations": [
{
"name": "Microsoft.Network/applicationGateways",
"properties": {
"serviceName": "Microsoft.Network/applicationGateways"
}
}
]
}
}
]
Expand All @@ -389,7 +394,7 @@
{
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('applicationGatewayPublicIpName')]",
"apiVersion": "2018-08-01",
"apiVersion": "2024-07-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard"
Expand All @@ -401,7 +406,7 @@
{
"type": "Microsoft.Network/applicationGateways",
"name": "[variables('applicationGatewayName')]",
"apiVersion": "2018-08-01",
"apiVersion": "2024-07-01",
"location": "[resourceGroup().location]",
"tags": {
"managed-by-k8s-ingress": "true"
Expand Down Expand Up @@ -481,6 +486,8 @@
{
"name": "rule1",
"properties": {
"RuleType": "Basic",
"priority": 10,
"httpListener": {
"id": "[concat(variables('applicationGatewayId'), '/httpListeners/httpListener')]"
},
Expand All @@ -493,13 +500,42 @@
}
}
],
"webApplicationFirewallConfiguration": "[if(equals(parameters('applicationGatewaySku'), 'WAF_v2'), variables('webApplicationFirewallConfiguration'), json('null'))]"
"firewallPolicy": "[if(equals(parameters('applicationGatewaySku'), 'WAF_v2'), json(concat('{\"id\": \"', variables('wafPolicyResourceId'), '\"}')), json('null'))]"
},
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('applicationGatewayPublicIpName'))]"
"[concat('Microsoft.Network/publicIPAddresses/', variables('applicationGatewayPublicIpName'))]",
"[variables('wafPolicyName')]"
]
},
{
"apiVersion": "2023-11-01",
"type": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies",
"name": "[variables('wafPolicyName')]",
"location": "[resourceGroup().location]",
"tags": {},
"condition": "[equals(parameters('applicationGatewaySku'), 'WAF_v2')]",
"properties": {
"policySettings": {
"mode": "Detection",
"state": "Enabled",
"fileUploadLimitInMb": 100,
"requestBodyCheck": true,
"maxRequestBodySizeInKb": 128
},
"managedRules": {
"exclusions": [],
"managedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.2",
"ruleGroupOverrides": null
}
]
},
"customRules": []
}
},
{
"type": "Microsoft.Resources/deployments",
"name": "RoleAssignmentDeploymentForKubenetesSp",
Expand Down Expand Up @@ -563,7 +599,7 @@
"name": "[concat(variables('applicationGatewayName'), '/Microsoft.Authorization/', guid(resourceGroup().id, 'identityappgwaccess'))]",
"properties": {
"roleDefinitionId": "[variables('contributorRole')]",
"principalId": "[reference(variables('identityId'), '2015-08-31-PREVIEW').principalId]",
"principalId": "[reference(variables('identityId'), '2023-01-31').principalId]",
"scope": "[variables('applicationGatewayId')]"
}
},
Expand All @@ -572,8 +608,8 @@
"apiVersion": "2017-05-01",
"name": "[guid(resourceGroup().id, 'identityrgaccess')]",
"properties": {
"roleDefinitionId": "[variables('readerRole')]",
"principalId": "[reference(variables('identityId'), '2015-08-31-PREVIEW').principalId]",
"roleDefinitionId": "[variables('networkContributorRole')]",
"principalId": "[reference(variables('identityId'), '2023-01-31').principalId]",
"scope": "[resourceGroup().id]"
}
}
Expand All @@ -588,7 +624,7 @@
{
"type": "Microsoft.ContainerService/managedClusters",
"name": "[variables('aksClusterName')]",
"apiVersion": "2018-03-31",
"apiVersion": "2025-01-01",
"location": "[resourceGroup().location]",
"properties": {
"kubernetesVersion": "[parameters('kubernetesVersion')]",
Expand Down Expand Up @@ -642,11 +678,11 @@
},
"identityClientId": {
"type": "string",
"value": "[reference(variables('identityID'), '2015-08-31-PREVIEW').clientId]"
"value": "[reference(variables('identityID'), '2023-01-31').clientId]"
},
"aksApiServerAddress": {
"type": "string",
"value": "[reference(variables('aksClusterId'), '2018-03-31').fqdn]"
"value": "[reference(variables('aksClusterId'), '2025-01-01').fqdn]"
},
"aksClusterName": {
"type": "string",
Expand Down
74 changes: 55 additions & 19 deletions deploy/azuredeploywindowscluster.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"aksServicePrincipalAppId": {
Expand Down Expand Up @@ -331,6 +331,7 @@
"resgpguid": "[substring(replace(guid(resourceGroup().id), '-', ''), 0, 4)]",
"vnetName": "[concat('virtualnetwork' , variables('resgpguid'))]",
"applicationGatewayName": "[concat('applicationgateway' , variables('resgpguid'))]",
"wafPolicyName": "[concat('appgwwafpolicy' , variables('resgpguid'))]",
"identityName": "[concat('appgwContrIdentity' , variables('resgpguid'))]",
"applicationGatewayPublicIpName": "[concat('appgwpublicip' , variables('resgpguid'))]",
"kubernetesSubnetName": "kubesubnet",
Expand All @@ -341,28 +342,24 @@
"applicationGatewaySubnetId": "[concat(variables('vnetID'),'/subnets/', variables('applicationGatewaySubnetName'))]",
"applicationGatewayPublicIpId": "[resourceId('Microsoft.Network/publicIPAddresses',variables('applicationGatewayPublicIpName'))]",
"applicationGatewayId": "[resourceId('Microsoft.Network/applicationGateways', variables('applicationGatewayName'))]",
"wafPolicyResourceId": "[resourceId('Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies', variables('wafPolicyName'))]",
"identityId": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]",
"aksClusterId": "[resourceId('Microsoft.ContainerService/managedClusters', variables('aksClusterName'))]",
"networkContributorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
"contributorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"managedIdentityOperatorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f1a07417-d97a-45cb-824c-7a7467783830')]",
"readerRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"webApplicationFirewallConfiguration": {
"enabled": "true",
"firewallMode": "Detection"
}
"managedIdentityOperatorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f1a07417-d97a-45cb-824c-7a7467783830')]"
},
"resources": [
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"name": "[variables('identityName')]",
"apiVersion": "2015-08-31-PREVIEW",
"apiVersion": "2023-01-31",
"location": "[resourceGroup().location]"
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('vnetName')]",
"apiVersion": "2018-08-01",
"apiVersion": "2024-07-01",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
Expand All @@ -380,7 +377,15 @@
{
"name": "[variables('applicationGatewaySubnetName')]",
"properties": {
"addressPrefix": "[parameters('applicationGatewaySubnetAddressPrefix')]"
"addressPrefix": "[parameters('applicationGatewaySubnetAddressPrefix')]",
"delegations": [
{
"name": "Microsoft.Network/applicationGateways",
"properties": {
"serviceName": "Microsoft.Network/applicationGateways"
}
}
]
}
}
]
Expand All @@ -389,7 +394,7 @@
{
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('applicationGatewayPublicIpName')]",
"apiVersion": "2018-08-01",
"apiVersion": "2024-07-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard"
Expand All @@ -401,7 +406,7 @@
{
"type": "Microsoft.Network/applicationGateways",
"name": "[variables('applicationGatewayName')]",
"apiVersion": "2018-08-01",
"apiVersion": "2024-07-01",
"location": "[resourceGroup().location]",
"tags": {
"managed-by-k8s-ingress": "true"
Expand Down Expand Up @@ -480,6 +485,8 @@
"requestRoutingRules": [
{
"name": "rule1",
"RuleType": "Basic",
"priority": 10,
"properties": {
"httpListener": {
"id": "[concat(variables('applicationGatewayId'), '/httpListeners/httpListener')]"
Expand All @@ -493,13 +500,42 @@
}
}
],
"webApplicationFirewallConfiguration": "[if(equals(parameters('applicationGatewaySku'), 'WAF_v2'), variables('webApplicationFirewallConfiguration'), json('null'))]"
"firewallPolicy": "[if(equals(parameters('applicationGatewaySku'), 'WAF_v2'), json(concat('{\"id\": \"', variables('wafPolicyResourceId'), '\"}')), json('null'))]"
},
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('applicationGatewayPublicIpName'))]"
"[concat('Microsoft.Network/publicIPAddresses/', variables('applicationGatewayPublicIpName'))]",
"[variables('wafPolicyName')]"
]
},
{
"apiVersion": "2023-11-01",
"type": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies",
"name": "[variables('wafPolicyName')]",
"location": "[resourceGroup().location]",
"tags": {},
"condition": "[equals(parameters('applicationGatewaySku'), 'WAF_v2')]",
"properties": {
"policySettings": {
"mode": "Detection",
"state": "Enabled",
"fileUploadLimitInMb": 100,
"requestBodyCheck": true,
"maxRequestBodySizeInKb": 128
},
"managedRules": {
"exclusions": [],
"managedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.2",
"ruleGroupOverrides": null
}
]
},
"customRules": []
}
},
{
"type": "Microsoft.Resources/deployments",
"name": "RoleAssignmentDeploymentForKubenetesSp",
Expand Down Expand Up @@ -563,7 +599,7 @@
"name": "[concat(variables('applicationGatewayName'), '/Microsoft.Authorization/', guid(resourceGroup().id, 'identityappgwaccess'))]",
"properties": {
"roleDefinitionId": "[variables('contributorRole')]",
"principalId": "[reference(variables('identityId'), '2015-08-31-PREVIEW').principalId]",
"principalId": "[reference(variables('identityId'), '2023-01-31').principalId]",
"scope": "[variables('applicationGatewayId')]"
}
},
Expand All @@ -572,8 +608,8 @@
"apiVersion": "2017-05-01",
"name": "[guid(resourceGroup().id, 'identityrgaccess')]",
"properties": {
"roleDefinitionId": "[variables('readerRole')]",
"principalId": "[reference(variables('identityId'), '2015-08-31-PREVIEW').principalId]",
"roleDefinitionId": "[variables('networkContributorRole')]",
"principalId": "[reference(variables('identityId'), '2023-01-31').principalId]",
"scope": "[resourceGroup().id]"
}
}
Expand All @@ -588,7 +624,7 @@
{
"type": "Microsoft.ContainerService/managedClusters",
"name": "[variables('aksClusterName')]",
"apiVersion": "2020-02-01",
"apiVersion": "2025-01-01",
"location": "[resourceGroup().location]",
"properties": {
"kubernetesVersion": "[parameters('kubernetesVersion')]",
Expand Down Expand Up @@ -669,7 +705,7 @@
},
"identityClientId": {
"type": "string",
"value": "[reference(variables('identityID'), '2015-08-31-PREVIEW').clientId]"
"value": "[reference(variables('identityID'), '2023-01-31').clientId]"
},
"aksApiServerAddress": {
"type": "string",
Expand Down
Loading
Loading