Azure · wbreza · Jul 3, 2024 · Jul 3, 2024 · Jul 3, 2024 · Jul 15, 2024
@@ -0,0 +1,100 @@
+metadata description = 'Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool.'
+@description('The name for the AKS managed cluster')
+param name string
+
+@description('The name of the resource group for the managed resources of the AKS cluster')
+param nodeResourceGroupName string
+
+@description('The Azure region/location for the AKS resources')
+param location string = resourceGroup().location
+
+@description('Custom tags to apply to the AKS resources')
+param tags object = {}
+
+@description('Kubernetes Version')
+param kubernetesVersion string = '1.28'
+
+@description('The DNS prefix to associate with the AKS cluster')
+param dnsPrefix string = ''
+
+@description('The object IDs of the Azure AD groups that will have admin access to the AKS cluster')
+param adminGroupObjectIDs array = []
+
+resource aks 'Microsoft.ContainerService/managedClusters@2024-03-02-preview' = {
+  name: name
+  location: location
+  tags: tags
+  identity: {
+    type: 'SystemAssigned'
+  }
+  sku: {
+    name: 'Automatic'
+    tier: 'Standard'
+  }
+  properties: {
+    nodeResourceGroup: !empty(nodeResourceGroupName) ? nodeResourceGroupName : 'rg-mc-${name}'
+    nodeResourceGroupProfile: {
+      restrictionLevel: 'ReadOnly'
+    }
+    nodeProvisioningProfile: {
+      mode: 'Auto'
+    }
+    disableLocalAccounts: true
+    aadProfile: {
+      managed: true
+      enableAzureRBAC: true
+      adminGroupObjectIDs: adminGroupObjectIDs
+    }
+    autoUpgradeProfile: {
+      upgradeChannel: 'stable'
+      nodeOSUpgradeChannel: 'NodeImage'
+    }
+    kubernetesVersion: kubernetesVersion
+    dnsPrefix: empty(dnsPrefix) ? '${name}-dns' : dnsPrefix
+    enableRBAC: true
+    agentPoolProfiles: [
+      {
+        name: 'systempool'
+        mode: 'System'
+        vmSize: 'Standard_DS4_v2'
+        count: 3
+        securityProfile: {
+          sshAccess: 'Disabled'
+        }
+      }
+    ]
+    supportPlan: 'KubernetesOfficial'
+    addonProfiles: {}
+  }
+
+  resource aksManagedAutoUpgradeSchedule 'maintenanceConfigurations@2023-10-01' = {
+    name: 'aksManagedAutoUpgradeSchedule'
+    properties: {
+      maintenanceWindow: {
+        schedule: {
+          daily: null
+          weekly: {
+            intervalWeeks: 1
+            dayOfWeek: 'Sunday'
+          }
+          absoluteMonthly: null
+          relativeMonthly: null
+        }
+        durationHours: 4
+        utcOffset: '+00:00'
+        startDate: '2024-07-03'
+        startTime: '00:00'
+      }
+    }
+  }
+}
+
+@description('The resource name of the AKS cluster')
+output clusterName string = aks.name
+
+@description('The AKS cluster identity')
+output clusterIdentity object = {
+  clientId: aks.properties.identityProfile.kubeletidentity.clientId
+  objectId: aks.properties.identityProfile.kubeletidentity.objectId
+  resourceId: aks.properties.identityProfile.kubeletidentity.resourceId
+}
@@ -12,7 +12,7 @@ param location string = resourceGroup().location
 param tags object = {}
 
 @description('Kubernetes Version')
-param kubernetesVersion string = '1.27.7'
+param kubernetesVersion string = '1.28'
 
 @description('Whether RBAC is enabled for local accounts')
 param enableRbac bool = true

@@ -47,19 +47,19 @@ param addOns object = {
 }
 
 @description('The managed cluster SKU.')
-@allowed([ 'Free', 'Paid', 'Standard' ])
+@allowed(['Free', 'Paid', 'Standard'])
 param sku string = 'Free'
 
 @description('The load balancer SKU to use for ingress into the AKS cluster')
-@allowed([ 'basic', 'standard' ])
+@allowed(['basic', 'standard'])
 param loadBalancerSku string = 'standard'
 
 @description('Network plugin used for building the Kubernetes network.')
-@allowed([ 'azure', 'kubenet', 'none' ])
+@allowed(['azure', 'kubenet', 'none'])
 param networkPlugin string = 'azure'
 
 @description('Network policy used for building the Kubernetes network.')
-@allowed([ 'azure', 'calico' ])
+@allowed(['azure', 'calico'])
 param networkPolicy string = 'azure'
 
 @description('The DNS prefix to associate with the AKS cluster')
@@ -97,11 +97,11 @@ param agentPoolConfig object = {}
 param principalId string = ''
 
 @description('The type of principal to assign application roles')
-@allowed(['Device','ForeignGroup','Group','ServicePrincipal','User'])
+@allowed(['Device', 'ForeignGroup', 'Group', 'ServicePrincipal', 'User'])
 param principalType string = 'User'
 
 @description('Kubernetes Version')
-param kubernetesVersion string = '1.27'
+param kubernetesVersion string = '1.28'
 
 @description('The Tenant ID associated to the Azure Active Directory')
 param aadTenantId string = tenant().tenantId
@@ -119,22 +119,29 @@ param enableAzureRbac bool = false
 @description('Whether web app routing (preview) add-on is enabled')
 param webAppRoutingAddon bool = true
 
+@description('The object IDs of the Azure AD groups that will have admin access to the AKS cluster')
+param adminGroupObjectIDs array = []
+
+@description('Whether or not to use AKS Automatic mode')
+param automatic bool = false
+
 // Configure AKS add-ons
-var omsAgentConfig = (!empty(logAnalyticsName) && !empty(addOns.omsAgent) && addOns.omsAgent.enabled) ? union(
-  addOns.omsAgent,
-  {
-    config: {
-      logAnalyticsWorkspaceResourceID: logAnalytics.id
-    }
-  }
-) : {}
+var omsAgentConfig = (!empty(logAnalyticsName) && !empty(addOns.omsAgent) && addOns.omsAgent.enabled)
+  ? union(addOns.omsAgent, {
+      config: {
+        logAnalyticsWorkspaceResourceID: logAnalytics.id
+      }
+    })
+  : {}
 
 var addOnsConfig = union(
   (!empty(addOns.azurePolicy) && addOns.azurePolicy.enabled) ? { azurepolicy: addOns.azurePolicy } : {},
   (!empty(addOns.keyVault) && addOns.keyVault.enabled) ? { azureKeyvaultSecretsProvider: addOns.keyVault } : {},
   (!empty(addOns.openServiceMesh) && addOns.openServiceMesh.enabled) ? { openServiceMesh: addOns.openServiceMesh } : {},
   (!empty(addOns.omsAgent) && addOns.omsAgent.enabled) ? { omsagent: omsAgentConfig } : {},
-  (!empty(addOns.applicationGateway) && addOns.applicationGateway.enabled) ? { ingressApplicationGateway: addOns.applicationGateway } : {}
+  (!empty(addOns.applicationGateway) && addOns.applicationGateway.enabled)
+    ? { ingressApplicationGateway: addOns.applicationGateway }
+    : {}
 )
 
 // Link to existing log analytics workspace when available
@@ -145,17 +152,13 @@ resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-previ
 var systemPoolSpec = !empty(systemPoolConfig) ? systemPoolConfig : nodePoolPresets[systemPoolType]
 
 // Create the primary AKS cluster resources and system node pool
-module managedCluster 'aks-managed-cluster.bicep' = {
+module managedCluster 'aks-managed-cluster.bicep' = if (!automatic) {
   name: 'managed-cluster'
   params: {
     name: name
     location: location
     tags: tags
-    systemPoolConfig: union(
-      { name: 'npsystem', mode: 'System' },
-      nodePoolBase,
-      systemPoolSpec
-    )
+    systemPoolConfig: union({ name: 'npsystem', mode: 'System' }, nodePoolBase, systemPoolSpec)
     nodeResourceGroupName: nodeResourceGroupName
     sku: sku
     dnsPrefix: dnsPrefix
@@ -174,14 +177,29 @@ module managedCluster 'aks-managed-cluster.bicep' = {
   }
 }
 
+module automaticCluster 'aks-automatic-cluster.bicep' = if (automatic) {
+  name: 'automatic-cluster'
+  params: {
+    name: name
+    location: location
+    tags: tags
+    dnsPrefix: dnsPrefix
+    adminGroupObjectIDs: adminGroupObjectIDs
+    kubernetesVersion: kubernetesVersion
+    nodeResourceGroupName: nodeResourceGroupName
+  }
+}
+
 var hasAgentPool = !empty(agentPoolConfig) || !empty(agentPoolType)
-var agentPoolSpec = hasAgentPool && !empty(agentPoolConfig) ? agentPoolConfig : empty(agentPoolType) ? {} : nodePoolPresets[agentPoolType]
+var agentPoolSpec = hasAgentPool && !empty(agentPoolConfig)
+  ? agentPoolConfig
+  : empty(agentPoolType) ? {} : nodePoolPresets[agentPoolType]
 
 // Create additional user agent pool when specified
 module agentPool 'aks-agent-pool.bicep' = if (hasAgentPool) {
   name: 'aks-node-pool'
   params: {
-    clusterName: managedCluster.outputs.clusterName
+    clusterName: automatic ? automaticCluster.outputs.clusterName : managedCluster.outputs.clusterName
     name: 'npuserpool'
     config: union({ name: 'npuser', mode: 'User' }, nodePoolBase, agentPoolSpec)
   }
@@ -203,15 +221,15 @@ module containerRegistryAccess '../security/registry-access.bicep' = {
   name: 'cluster-container-registry-access'
   params: {
     containerRegistryName: containerRegistry.outputs.name
-    principalId: managedCluster.outputs.clusterIdentity.objectId
+    principalId: automatic ? automaticCluster.outputs.clusterIdentity.objectId : managedCluster.outputs.clusterIdentity.objectId
   }
 }
 
 // Give AKS cluster access to the specified principal
-module clusterAccess '../security/aks-managed-cluster-access.bicep' = if (!empty(principalId) && (enableAzureRbac || disableLocalAccounts)) {
+module clusterAccess '../security/aks-managed-cluster-access.bicep' = if (!empty(principalId) && (automatic || (enableAzureRbac || disableLocalAccounts))) {
   name: 'cluster-access'
   params: {
-    clusterName: managedCluster.outputs.clusterName
+    clusterName: automatic ? automaticCluster.outputs.clusterName : managedCluster.outputs.clusterName
     principalId: principalId
     principalType: principalType
   }
@@ -222,7 +240,7 @@ module clusterKeyVaultAccess '../security/keyvault-access.bicep' = {
   name: 'cluster-keyvault-access'
   params: {
     keyVaultName: keyVaultName
-    principalId: managedCluster.outputs.clusterIdentity.objectId
+    principalId: automatic ? automaticCluster.outputs.clusterIdentity.objectId : managedCluster.outputs.clusterIdentity.objectId
   }
 }
 
@@ -273,10 +291,10 @@ var nodePoolPresets = {
 
 // Module outputs
 @description('The resource name of the AKS cluster')
-output clusterName string = managedCluster.outputs.clusterName
+output clusterName string = automatic ? automaticCluster.outputs.clusterName : managedCluster.outputs.clusterName
 
 @description('The AKS cluster identity')
-output clusterIdentity object = managedCluster.outputs.clusterIdentity
+output clusterIdentity object = automatic ? automaticCluster.outputs.clusterIdentity : managedCluster.outputs.clusterIdentity
 
 @description('The resource name of the ACR')
 output containerRegistryName string = containerRegistry.outputs.name

@@ -82,4 +82,5 @@ PSQLADMINPASSWORD
 PSQLUSERNAME
 PSQLUSERPASSWORD
 DBSERVER
-kubelogin
+kubelogin
+vite
@@ -17,18 +17,25 @@ services:
     dist: dist
     language: js
     host: aks
+    hooks:
+      prebuild:
+        windows:
+          shell: pwsh
+          run: 'echo "VITE_API_BASE_URL=""$env:SERVICE_API_ENDPOINT_URL""" > .env.local ; echo "VITE_APPLICATIONINSIGHTS_CONNECTION_STRING=""$env:APPLICATIONINSIGHTS_CONNECTION_STRING""" >> .env.local'
+        posix:
+          shell: sh
+          run: 'echo VITE_API_BASE_URL=\"$SERVICE_API_ENDPOINT_URL\" > .env.local && echo VITE_APPLICATIONINSIGHTS_CONNECTION_STRING=\"$APPLICATIONINSIGHTS_CONNECTION_STRING\" >> .env.local'
+      postbuild:
+        windows:
+          shell: pwsh
+          run: "rm .env.local"
+        posix:
+          shell: sh
+          run: "rm .env.local"
   api:
     project: ../../api/js
     language: js
     host: aks
     k8s:
       ingress:
-        relativePath: api
-    hooks:
-      postdeploy:
-        windows:
-          shell: pwsh
-          run: azd env set REACT_APP_API_BASE_URL $env:SERVICE_API_ENDPOINT_URL
-        posix:
-          shell: sh
-          run: azd env set REACT_APP_API_BASE_URL ${SERVICE_API_ENDPOINT_URL}
+        relativePath: api
@@ -17,12 +17,4 @@ spec:
           image: {{.Env.SERVICE_WEB_IMAGE_NAME}}
           ports:
             - containerPort: 3000
-          env:
-            - name: REACT_APP_API_BASE_URL
-              value: /api
-            - name: REACT_APP_APPLICATIONINSIGHTS_CONNECTION_STRING
-              valueFrom:
-                configMapKeyRef:
-                  name: todo-web-config
-                  key: REACT_APP_APPLICATIONINSIGHTS_CONNECTION_STRING
-                  optional: false
+
@@ -1,5 +1,5 @@
 {
-  "name": "todo-vite-note-mongo-aca",
+  "name": "todo-vite-node-mongo",
   "private": true,
   "version": "0.0.0",
   "type": "module",