PR review fixes for bicep

- make azd-hook scripts executable - adding predeploy to bicep deployment - remove k8s version and use aks default instead - fix acrpull for kublet identity - fix cosmos db account kind parameters - add overwrite existing param for az aks get creds
Azure-Samples · Feb 6, 2024 · 7098bac · 7098bac
1 parent 544d80a
commit 7098bac
Show file tree

Hide file tree

Showing 8 changed files with 9 additions and 17 deletions.
diff --git a/azd-hooks/postprovision.sh b/azd-hooks/postprovision.sh
diff --git a/azd-hooks/predeploy.sh b/azd-hooks/predeploy.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 echo "Retrieving cluster credentials"
-az aks get-credentials --resource-group ${AZURE_RESOURCEGROUP_NAME} --name ${AZURE_AKS_CLUSTER_NAME}
+az aks get-credentials --resource-group ${AZURE_RESOURCEGROUP_NAME} --name ${AZURE_AKS_CLUSTER_NAME} --overwrite-existing
 
 echo "Deploy Helm chart"
 helm upgrade aks-store-demo ./charts/aks-store-demo \

diff --git a/azd-hooks/preprovision.sh b/azd-hooks/preprovision.sh
diff --git a/azure-bicep.yaml b/azure-bicep.yaml
@@ -14,6 +14,11 @@ hooks:
     continueOnError: false
     interactive: false
     run: azd-hooks/postprovision.sh
+  predeploy: # This is a hack until Helm is supported in azd (https://github.com/Azure/azure-dev/issues/1618)
+    shell: sh
+    continueOnError: false
+    interactive: false
+    run: azd-hooks/predeploy.sh
 infra:
   provider: bicep
   path: infra/bicep
diff --git a/azure.yaml b/azure.yaml
@@ -14,7 +14,7 @@ hooks:
     continueOnError: false
     interactive: false
     run: azd-hooks/postprovision.sh
-  predeploy:
+  predeploy: # This is a hack until Helm is supported in azd (https://github.com/Azure/azure-dev/issues/1618)
     shell: sh
     continueOnError: false
     interactive: false

diff --git a/infra/bicep/app/aks-managed-cluster.bicep b/infra/bicep/app/aks-managed-cluster.bicep
@@ -11,9 +11,6 @@ param location string = resourceGroup().location
 @description('Custom tags to apply to the AKS resources')
 param tags object = {}
 
-@description('Kubernetes Version')
-param kubernetesVersion string = '1.28.3'
-
 @description('Whether RBAC is enabled for local accounts')
 param enableRbac bool = true
 
@@ -71,7 +68,6 @@ resource aks 'Microsoft.ContainerService/managedClusters@2023-03-02-preview' = {
   }
   properties: {
     nodeResourceGroup: !empty(nodeResourceGroupName) ? nodeResourceGroupName : 'rg-mc-${name}'
-    kubernetesVersion: kubernetesVersion
     dnsPrefix: empty(dnsPrefix) ? '${name}-dns' : dnsPrefix
     enableRBAC: enableRbac
     aadProfile: enableAad ? {
@@ -88,11 +84,6 @@ resource aks 'Microsoft.ContainerService/managedClusters@2023-03-02-preview' = {
     }
     disableLocalAccounts: disableLocalAccounts && enableAad
     addonProfiles: addOns
-    ingressProfile: {
-      webAppRouting: {
-        enabled: webAppRoutingAddon
-      }
-    }
     securityProfile:{
       workloadIdentity: {
         enabled: true
@@ -101,10 +92,6 @@ resource aks 'Microsoft.ContainerService/managedClusters@2023-03-02-preview' = {
     oidcIssuerProfile: {
       enabled: true
     }
-    podIdentityProfile: {
-      enabled: true
-      allowNetworkPluginKubenet: true
-    }
   }
 }
 

diff --git a/infra/bicep/main.bicep b/infra/bicep/main.bicep
@@ -223,7 +223,7 @@ module acrPullRoleAssignment './core/security/registry-access.bicep' = if(deploy
   scope: rg
   params: {
     containerRegistryName: deployAcr ? containerRegistry.outputs.name : ''
-    principalId: identity.outputs.principalId
+    principalId: kubernetes.outputs.clusterIdentity.objectId
   }
 }
 

diff --git a/infra/bicep/main.parameters.json b/infra/bicep/main.parameters.json
@@ -15,7 +15,7 @@
       "value": "${DEPLOY_AZURE_CONTAINER_REGISTRY=false}"
     },
     "cosmosdbAccountKind": {
-      "value": "${COSMOSDB_ACCOUNT_KIND=MongoDB}"
+      "value": "${AZURE_COSMOSDB_ACCOUNT_KIND=MongoDB}"
     }
   }
 }