Merge pull request #102 from dotnet-7/bicep-support

Add Bicep support to aks-store-demo

README.md

@@ -35,7 +35,7 @@ The application has the following services:
 
 ## Run the app on Azure Kubernetes Service (AKS)
 
-To learn how to depoy this app on AKS, see [Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using Azure CLI](https://learn.microsoft.com/azure/aks/learn/quick-kubernetes-deploy-cli).
+To learn how to deploy this app on AKS, see [Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using Azure CLI](https://learn.microsoft.com/azure/aks/learn/quick-kubernetes-deploy-cli).
 
 > [!NOTE]
 > The above article shows a simplified version of the store app with some services removed. For the full application, you can use the `aks-store-all-in-one.yaml` file in this repo.
@@ -122,6 +122,9 @@ azd auth login
 az login
 ```
 
+> Note: This project is configured to be deployed with Terraform by default. If you want to deploy using the bicep template, please rename the `azure-bicep.yaml` file to `azure.yaml`.
+
+Deploy the app with a single command.
 > [!WARNING]
 > Before you run the `azd up` command, make sure that you have the "Owner" role on the subscription you are deploying to. This is because the Terraform templates will create Azure role based access control (RBAC) assignments. Otherwise, the deployment will fail.
 

infra/azd-hooks/postprovision.sh → azd-hooks/postprovision.sh

@@ -6,13 +6,13 @@ if [ "$DEPLOY_AZURE_CONTAINER_REGISTRY" == "true" ] && [ "$BUILD_CONTAINERS" ==
   echo "Build container images"
   for service in "${services[@]}"; do
     echo "Building aks-store-demo/${service}:latest"
-    az acr build --registry ${registry_name} --image aks-store-demo/${service}:latest ./src/${service}/
+    az acr build --registry ${AZURE_REGISTRY_NAME} --image aks-store-demo/${service}:latest ./src/${service}/
   done
 elif [ "$DEPLOY_AZURE_CONTAINER_REGISTRY" == "true" ] && ([ -z "$BUILD_CONTAINERS" ] || [ "$BUILD_CONTAINERS" == "false" ]); then
   echo "Import container images"
   for service in "${services[@]}"; do
     echo "Importing aks-store-demo/${service}:latest"
-    az acr import --name ${registry_name} --source ghcr.io/azure-samples/aks-store-demo/${service}:latest --image aks-store-demo/${service}:latest
+    az acr import --name ${AZURE_REGISTRY_NAME} --source ghcr.io/azure-samples/aks-store-demo/${service}:latest --image aks-store-demo/${service}:latest
   done
 else 
   echo "No BUILD_CONTAINERS variable set, skipping container build/import"

azd-hooks/predeploy.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+echo "Retrieving cluster credentials"
+az aks get-credentials --resource-group ${AZURE_RESOURCEGROUP_NAME} --name ${AZURE_AKS_CLUSTER_NAME} --overwrite-existing
+
+echo "Deploy Helm chart"
+helm upgrade aks-store-demo ./charts/aks-store-demo \
+  --install \
+  --set aiService.create=true \
+  --set aiService.modelDeploymentName=${AZURE_OPENAI_MODEL_NAME} \
+  --set aiService.openAiEndpoint=${AZURE_OPENAI_ENDPOINT} \
+  --set aiService.managedIdentityClientId=${AZURE_IDENTITY_CLIENT_ID} \
+  --set aiService.image.repository=${AZURE_REGISTRY_URI}/aks-store-demo/ai-service \
+  --set orderService.useAzureServiceBus=true \
+  --set orderService.queueHost=${AZURE_SERVICE_BUS_HOST} \
+  --set orderService.queuePort=5671 \
+  --set orderService.queueUsername=${AZURE_SERVICE_BUS_SENDER_NAME} \
+  --set orderService.queuePassword=$(az keyvault secret show --name ${AZURE_SERVICE_BUS_SENDER_KEY} --vault-name ${AZURE_KEY_VAULT_NAME} --query value -o tsv) \
+  --set orderService.queueTransport=tls \
+  --set orderService.image.repository=${AZURE_REGISTRY_URI}/aks-store-demo/order-service \
+  --set makelineService.useAzureCosmosDB=true \
+  --set makelineService.orderQueueUri=${AZURE_SERVICE_BUS_URI} \
+  --set makelineService.orderQueueUsername=${AZURE_SERVICE_BUS_LISTENER_NAME} \
+  --set makelineService.orderQueuePassword=$(az keyvault secret show --name ${AZURE_SERVICE_BUS_LISTENER_KEY} --vault-name ${AZURE_KEY_VAULT_NAME} --query value -o tsv) \
+  --set makelineService.orderDBUri=${AZURE_COSMOS_DATABASE_URI} \
+  --set makelineService.orderDBUsername=${AZURE_COSMOS_DATABASE_NAME} \
+  --set makelineService.orderDBPassword=$(az keyvault secret show --name ${AZURE_COSMOS_DATABASE_KEY} --vault-name ${AZURE_KEY_VAULT_NAME} --query value -o tsv) \
+  --set makelineService.image.repository=${AZURE_REGISTRY_URI}/aks-store-demo/makeline-service \
+  --set productService.image.repository=${AZURE_REGISTRY_URI}/aks-store-demo/product-service \
+  --set storeAdmin.image.repository=${AZURE_REGISTRY_URI}/aks-store-demo/store-admin \
+  --set storeFront.image.repository=${AZURE_REGISTRY_URI}/aks-store-demo/store-front \
+  --set virtualCustomer.image.repository=${AZURE_REGISTRY_URI}/aks-store-demo/virtual-customer \
+  --set virtualWorker.image.repository=${AZURE_REGISTRY_URI}/aks-store-demo/virtual-worker \
+  $(if [ "${AZURE_DATABASE_API}" == "cosmosdbsql" ]; then echo "--set makelineService.useSqlApi=true"; fi)

azure-bicep.yaml

@@ -0,0 +1,24 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
+
+name: aks-store-demo
+metadata:
+  template: [email protected]
+hooks:
+  preprovision:
+    shell: sh
+    continueOnError: false
+    interactive: false
+    run: azd-hooks/preprovision.sh
+  postprovision:
+    shell: sh
+    continueOnError: false
+    interactive: false
+    run: azd-hooks/postprovision.sh
+  predeploy: # This is a hack until Helm is supported in azd (https://github.com/Azure/azure-dev/issues/1618)
+    shell: sh
+    continueOnError: false
+    interactive: false
+    run: azd-hooks/predeploy.sh
+infra:
+  provider: bicep
+  path: infra/bicep

azure.yaml

@@ -8,16 +8,17 @@ hooks:
     shell: sh
     continueOnError: false
     interactive: false
-    run: infra/azd-hooks/preprovision.sh
+    run: azd-hooks/preprovision.sh
   postprovision:
     shell: sh
     continueOnError: false
     interactive: false
-    run: infra/azd-hooks/postprovision.sh
-  predeploy:
+    run: azd-hooks/postprovision.sh
+  predeploy: # This is a hack until Helm is supported in azd (https://github.com/Azure/azure-dev/issues/1618)
     shell: sh
     continueOnError: false
     interactive: false
-    run: infra/azd-hooks/predeploy.sh
+    run: azd-hooks/predeploy.sh
 infra:
-  provider: terraform
+  provider: terraform
+  path: infra/terraform

infra/bicep/abbreviations.json

@@ -0,0 +1,136 @@
+{
+    "analysisServicesServers": "as",
+    "apiManagementService": "apim-",
+    "appConfigurationConfigurationStores": "appcs-",
+    "appManagedEnvironments": "cae-",
+    "appContainerApps": "ca-",
+    "authorizationPolicyDefinitions": "policy-",
+    "automationAutomationAccounts": "aa-",
+    "blueprintBlueprints": "bp-",
+    "blueprintBlueprintsArtifacts": "bpa-",
+    "cacheRedis": "redis-",
+    "cdnProfiles": "cdnp-",
+    "cdnProfilesEndpoints": "cdne-",
+    "cognitiveServicesAccounts": "cog-",
+    "cognitiveServicesFormRecognizer": "cog-fr-",
+    "cognitiveServicesTextAnalytics": "cog-ta-",
+    "computeAvailabilitySets": "avail-",
+    "computeCloudServices": "cld-",
+    "computeDiskEncryptionSets": "des",
+    "computeDisks": "disk",
+    "computeDisksOs": "osdisk",
+    "computeGalleries": "gal",
+    "computeSnapshots": "snap-",
+    "computeVirtualMachines": "vm",
+    "computeVirtualMachineScaleSets": "vmss-",
+    "containerInstanceContainerGroups": "ci",
+    "containerRegistryRegistries": "cr",
+    "containerServiceManagedClusters": "aks-",
+    "databricksWorkspaces": "dbw-",
+    "dataFactoryFactories": "adf-",
+    "dataLakeAnalyticsAccounts": "dla",
+    "dataLakeStoreAccounts": "dls",
+    "dataMigrationServices": "dms-",
+    "dBforMySQLServers": "mysql-",
+    "dBforPostgreSQLServers": "psql-",
+    "devicesIotHubs": "iot-",
+    "devicesProvisioningServices": "provs-",
+    "devicesProvisioningServicesCertificates": "pcert-",
+    "documentDBDatabaseAccounts": "cosmos-",
+    "eventGridDomains": "evgd-",
+    "eventGridDomainsTopics": "evgt-",
+    "eventGridEventSubscriptions": "evgs-",
+    "eventHubNamespaces": "evhns-",
+    "eventHubNamespacesEventHubs": "evh-",
+    "hdInsightClustersHadoop": "hadoop-",
+    "hdInsightClustersHbase": "hbase-",
+    "hdInsightClustersKafka": "kafka-",
+    "hdInsightClustersMl": "mls-",
+    "hdInsightClustersSpark": "spark-",
+    "hdInsightClustersStorm": "storm-",
+    "hybridComputeMachines": "arcs-",
+    "insightsActionGroups": "ag-",
+    "insightsComponents": "appi-",
+    "keyVaultVaults": "kv-",
+    "kubernetesConnectedClusters": "arck",
+    "kustoClusters": "dec",
+    "kustoClustersDatabases": "dedb",
+    "loadTesting": "lt-",
+    "logicIntegrationAccounts": "ia-",
+    "logicWorkflows": "logic-",
+    "machineLearningServicesWorkspaces": "mlw-",
+    "managedIdentityUserAssignedIdentities": "id-",
+    "managementManagementGroups": "mg-",
+    "migrateAssessmentProjects": "migr-",
+    "networkApplicationGateways": "agw-",
+    "networkApplicationSecurityGroups": "asg-",
+    "networkAzureFirewalls": "afw-",
+    "networkBastionHosts": "bas-",
+    "networkConnections": "con-",
+    "networkDnsZones": "dnsz-",
+    "networkExpressRouteCircuits": "erc-",
+    "networkFirewallPolicies": "afwp-",
+    "networkFirewallPoliciesWebApplication": "waf",
+    "networkFirewallPoliciesRuleGroups": "wafrg",
+    "networkFrontDoors": "fd-",
+    "networkFrontdoorWebApplicationFirewallPolicies": "fdfp-",
+    "networkLoadBalancersExternal": "lbe-",
+    "networkLoadBalancersInternal": "lbi-",
+    "networkLoadBalancersInboundNatRules": "rule-",
+    "networkLocalNetworkGateways": "lgw-",
+    "networkNatGateways": "ng-",
+    "networkNetworkInterfaces": "nic-",
+    "networkNetworkSecurityGroups": "nsg-",
+    "networkNetworkSecurityGroupsSecurityRules": "nsgsr-",
+    "networkNetworkWatchers": "nw-",
+    "networkPrivateDnsZones": "pdnsz-",
+    "networkPrivateLinkServices": "pl-",
+    "networkPublicIPAddresses": "pip-",
+    "networkPublicIPPrefixes": "ippre-",
+    "networkRouteFilters": "rf-",
+    "networkRouteTables": "rt-",
+    "networkRouteTablesRoutes": "udr-",
+    "networkTrafficManagerProfiles": "traf-",
+    "networkVirtualNetworkGateways": "vgw-",
+    "networkVirtualNetworks": "vnet-",
+    "networkVirtualNetworksSubnets": "snet-",
+    "networkVirtualNetworksVirtualNetworkPeerings": "peer-",
+    "networkVirtualWans": "vwan-",
+    "networkVpnGateways": "vpng-",
+    "networkVpnGatewaysVpnConnections": "vcn-",
+    "networkVpnGatewaysVpnSites": "vst-",
+    "notificationHubsNamespaces": "ntfns-",
+    "notificationHubsNamespacesNotificationHubs": "ntf-",
+    "operationalInsightsWorkspaces": "log-",
+    "portalDashboards": "dash-",
+    "powerBIDedicatedCapacities": "pbi-",
+    "purviewAccounts": "pview-",
+    "recoveryServicesVaults": "rsv-",
+    "resourcesResourceGroups": "rg-",
+    "searchSearchServices": "srch-",
+    "serviceBusNamespaces": "sb-",
+    "serviceBusNamespacesQueues": "sbq-",
+    "serviceBusNamespacesTopics": "sbt-",
+    "serviceEndPointPolicies": "se-",
+    "serviceFabricClusters": "sf-",
+    "signalRServiceSignalR": "sigr",
+    "sqlManagedInstances": "sqlmi-",
+    "sqlServers": "sql-",
+    "sqlServersDataWarehouse": "sqldw-",
+    "sqlServersDatabases": "sqldb-",
+    "sqlServersDatabasesStretch": "sqlstrdb-",
+    "storageStorageAccounts": "st",
+    "storageStorageAccountsVm": "stvm",
+    "storSimpleManagers": "ssimp",
+    "streamAnalyticsCluster": "asa-",
+    "synapseWorkspaces": "syn",
+    "synapseWorkspacesAnalyticsWorkspaces": "synw",
+    "synapseWorkspacesSqlPoolsDedicated": "syndp",
+    "synapseWorkspacesSqlPoolsSpark": "synsp",
+    "timeSeriesInsightsEnvironments": "tsi-",
+    "webServerFarms": "plan-",
+    "webSitesAppService": "app-",
+    "webSitesAppServiceEnvironment": "ase-",
+    "webSitesFunctions": "func-",
+    "webStaticSites": "stapp-"
+}