From 862e86f861bdec472c119ce24f5f2fac8fe54cde Mon Sep 17 00:00:00 2001 From: Mark Weitzel Date: Sun, 3 Mar 2024 23:09:02 -0500 Subject: [PATCH] updated aks --- .../App-Base-WebApp-AKS/azuredeploy.json | 3422 ++--------------- .../core/ai/cognitiveservices.bicep | 53 - .../database/postgresql/flexibleserver.bicep | 65 - .../core/database/sqlserver/sqlserver.bicep | 130 - .../core/gateway/apim.bicep | 79 - .../core/host/aks-agent-pool.bicep | 18 - .../core/host/aks-managed-cluster.bicep | 140 - .../App-Base-WebApp-AKS/core/host/aks.bicep | 280 -- .../core/host/appservice-appsettings.bicep | 17 - .../core/host/appservice.bicep | 123 - .../core/host/appserviceplan.bicep | 22 - .../core/host/container-app-upsert.bicep | 105 - .../core/host/container-app.bicep | 162 - .../host/container-apps-environment.bicep | 41 - .../core/host/container-apps.bicep | 40 - .../core/host/container-registry.bicep | 83 - .../core/host/functions.bicep | 86 - .../core/host/staticwebapp.bicep | 22 - .../applicationinsights-dashboard.bicep | 1236 ------ .../core/monitor/applicationinsights.bicep | 30 - .../core/monitor/loganalytics.bicep | 22 - .../core/monitor/monitoring.bicep | 32 - .../core/networking/cdn-endpoint.bicep | 52 - .../core/networking/cdn-profile.bicep | 34 - .../core/networking/cdn.bicep | 42 - .../core/search/search-services.bicep | 68 - .../core/storage/storage-account.bicep | 64 - .../core/testing/loadtesting.bicep | 15 - Environments/App-Base-WebApp-AKS/main.bicep | 48 +- .../App-Base-WebApp-AKS/manifest.yaml | 15 +- 30 files changed, 434 insertions(+), 6112 deletions(-) delete mode 100644 Environments/App-Base-WebApp-AKS/core/ai/cognitiveservices.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/database/postgresql/flexibleserver.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/database/sqlserver/sqlserver.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/gateway/apim.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/aks-agent-pool.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/aks-managed-cluster.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/aks.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/appservice-appsettings.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/appservice.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/appserviceplan.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/container-app-upsert.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/container-app.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/container-apps-environment.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/container-apps.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/container-registry.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/functions.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/host/staticwebapp.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/monitor/applicationinsights-dashboard.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/monitor/applicationinsights.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/monitor/loganalytics.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/monitor/monitoring.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/networking/cdn-endpoint.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/networking/cdn-profile.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/networking/cdn.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/search/search-services.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/storage/storage-account.bicep delete mode 100644 Environments/App-Base-WebApp-AKS/core/testing/loadtesting.bicep diff --git a/Environments/App-Base-WebApp-AKS/azuredeploy.json b/Environments/App-Base-WebApp-AKS/azuredeploy.json index 9626594f..84d2235d 100644 --- a/Environments/App-Base-WebApp-AKS/azuredeploy.json +++ b/Environments/App-Base-WebApp-AKS/azuredeploy.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "13440997233145271475" + "templateHash": "2845459636497042502" } }, "parameters": { @@ -19,33 +19,12 @@ }, "location": { "type": "string", + "defaultValue": "[resourceGroup().location]", "minLength": 1, "metadata": { "description": "Primary location for all resources" } }, - "clusterName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The resource name of the AKS cluster" - } - }, - "containerRegistryName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The resource name of the Container Registry (ACR)" - } - }, - "applicationInsightsDashboardName": { - "type": "string", - "defaultValue": "" - }, - "applicationInsightsName": { - "type": "string", - "defaultValue": "" - }, "cosmosAccountName": { "type": "string", "defaultValue": "" @@ -58,16 +37,12 @@ "type": "string", "defaultValue": "" }, - "logAnalyticsName": { + "principalId": { "type": "string", "defaultValue": "" }, - "principalId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Id of the user or app to assign application roles" - } + "aksClusterIdentityObjectId": { + "type": "string" } }, "variables": { @@ -217,20 +192,22 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "aks", + "name": "cosmos", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "accountName": "[if(not(empty(parameters('cosmosAccountName'))), createObject('value', parameters('cosmosAccountName')), createObject('value', format('{0}{1}', variables('abbrs').documentDBDatabaseAccounts, variables('resourceToken'))))]", + "databaseName": { + "value": "[parameters('cosmosDatabaseName')]" + }, "location": { "value": "[parameters('location')]" }, - "name": "[if(not(empty(parameters('clusterName'))), createObject('value', parameters('clusterName')), createObject('value', format('{0}{1}', variables('abbrs').containerServiceManagedClusters, variables('resourceToken'))))]", - "containerRegistryName": "[if(not(empty(parameters('containerRegistryName'))), createObject('value', parameters('containerRegistryName')), createObject('value', format('{0}{1}', variables('abbrs').containerRegistryRegistries, variables('resourceToken'))))]", - "logAnalyticsName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.logAnalyticsWorkspaceName.value]" + "tags": { + "value": "[variables('tags')]" }, "keyVaultName": { "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" @@ -243,348 +220,78 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "4109929557657560885" - }, - "description": "Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool as well as an additional user agent pool." + "templateHash": "5730728686647632614" + } }, "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "The name for the AKS managed cluster" - } - }, - "containerRegistryName": { - "type": "string", - "metadata": { - "description": "The name for the Azure container registry (ACR)" - } - }, - "logAnalyticsName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The name of the connected log analytics workspace" - } - }, - "keyVaultName": { - "type": "string", - "metadata": { - "description": "The name of the keyvault to grant access" - } + "accountName": { + "type": "string" }, "location": { "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "The Azure region/location for the AKS resources" - } + "defaultValue": "[resourceGroup().location]" }, "tags": { "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Custom tags to apply to the AKS resources" - } + "defaultValue": {} }, - "addOns": { - "type": "object", - "defaultValue": { - "azurePolicy": { - "enabled": true, - "config": { - "version": "v2" - } - }, - "keyVault": { - "enabled": true, - "config": { - "enableSecretRotation": "true", - "rotationPollInterval": "2m" - } - }, - "openServiceMesh": { - "enabled": false, - "config": {} - }, - "omsAgent": { - "enabled": true, - "config": {} + "collections": { + "type": "array", + "defaultValue": [ + { + "name": "TodoList", + "id": "TodoList", + "shardKey": "Hash", + "indexKey": "_id" }, - "applicationGateway": { - "enabled": false, - "config": {} + { + "name": "TodoItem", + "id": "TodoItem", + "shardKey": "Hash", + "indexKey": "_id" } - }, - "metadata": { - "description": "AKS add-ons configuration" - } - }, - "sku": { - "type": "string", - "defaultValue": "Free", - "allowedValues": [ - "Free", - "Paid", - "Standard" - ], - "metadata": { - "description": "The managed cluster SKU." - } - }, - "loadBalancerSku": { - "type": "string", - "defaultValue": "standard", - "allowedValues": [ - "basic", - "standard" - ], - "metadata": { - "description": "The load balancer SKU to use for ingress into the AKS cluster" - } - }, - "networkPlugin": { - "type": "string", - "defaultValue": "azure", - "allowedValues": [ - "azure", - "kubenet", - "none" - ], - "metadata": { - "description": "Network plugin used for building the Kubernetes network." - } - }, - "networkPolicy": { - "type": "string", - "defaultValue": "azure", - "allowedValues": [ - "azure", - "calico" - ], - "metadata": { - "description": "Network policy used for building the Kubernetes network." - } - }, - "dnsPrefix": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The DNS prefix to associate with the AKS cluster" - } - }, - "nodeResourceGroupName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The name of the resource group for the managed resources of the AKS cluster" - } - }, - "systemPoolType": { - "type": "string", - "defaultValue": "CostOptimised", - "allowedValues": [ - "CostOptimised", - "Standard", - "HighSpec", - "Custom" - ], - "metadata": { - "description": "The System Pool Preset sizing" - } - }, - "agentPoolType": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CostOptimised", - "Standard", - "HighSpec", - "Custom" - ], - "metadata": { - "description": "The User Pool Preset sizing" - } - }, - "systemPoolConfig": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Custom configuration of system node pool" - } - }, - "agentPoolConfig": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Custom configuration of user node pool" - } - }, - "principalId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Id of the user or app to assign application roles" - } - }, - "kubernetesVersion": { - "type": "string", - "defaultValue": "1.27.7", - "metadata": { - "description": "Kubernetes Version" - } + ] }, - "aadTenantId": { + "databaseName": { "type": "string", - "defaultValue": "[tenant().tenantId]", - "metadata": { - "description": "The Tenant ID associated to the Azure Active Directory" - } - }, - "enableRbac": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Whether RBAC is enabled for local accounts" - } - }, - "disableLocalAccounts": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "If set to true, getting static credentials will be disabled for this cluster." - } - }, - "enableAzureRbac": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Enable RBAC using AAD" - } + "defaultValue": "" }, - "webAppRoutingAddon": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Whether web app routing (preview) add-on is enabled" - } + "keyVaultName": { + "type": "string" } }, "variables": { - "omsAgentConfig": "[if(and(and(not(empty(parameters('logAnalyticsName'))), not(empty(parameters('addOns').omsAgent))), parameters('addOns').omsAgent.enabled), union(parameters('addOns').omsAgent, createObject('config', createObject('logAnalyticsWorkspaceResourceID', resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsName'))))), createObject())]", - "addOnsConfig": "[union(if(and(not(empty(parameters('addOns').azurePolicy)), parameters('addOns').azurePolicy.enabled), createObject('azurepolicy', parameters('addOns').azurePolicy), createObject()), if(and(not(empty(parameters('addOns').keyVault)), parameters('addOns').keyVault.enabled), createObject('azureKeyvaultSecretsProvider', parameters('addOns').keyVault), createObject()), if(and(not(empty(parameters('addOns').openServiceMesh)), parameters('addOns').openServiceMesh.enabled), createObject('openServiceMesh', parameters('addOns').openServiceMesh), createObject()), if(and(not(empty(parameters('addOns').omsAgent)), parameters('addOns').omsAgent.enabled), createObject('omsagent', variables('omsAgentConfig')), createObject()), if(and(not(empty(parameters('addOns').applicationGateway)), parameters('addOns').applicationGateway.enabled), createObject('ingressApplicationGateway', parameters('addOns').applicationGateway), createObject()))]", - "systemPoolSpec": "[if(not(empty(parameters('systemPoolConfig'))), parameters('systemPoolConfig'), variables('nodePoolPresets')[parameters('systemPoolType')])]", - "hasAgentPool": "[or(not(empty(parameters('agentPoolConfig'))), not(empty(parameters('agentPoolType'))))]", - "agentPoolSpec": "[if(and(variables('hasAgentPool'), not(empty(parameters('agentPoolConfig')))), parameters('agentPoolConfig'), if(empty(parameters('agentPoolType')), createObject(), variables('nodePoolPresets')[parameters('agentPoolType')]))]", - "nodePoolBase": { - "osType": "Linux", - "maxPods": 30, - "type": "VirtualMachineScaleSets", - "upgradeSettings": { - "maxSurge": "33%" - } - }, - "nodePoolPresets": { - "CostOptimised": { - "vmSize": "Standard_B4ms", - "count": 1, - "minCount": 1, - "maxCount": 3, - "enableAutoScaling": true, - "availabilityZones": [] - }, - "Standard": { - "vmSize": "Standard_DS2_v2", - "count": 3, - "minCount": 3, - "maxCount": 5, - "enableAutoScaling": true, - "availabilityZones": [ - "1", - "2", - "3" - ] - }, - "HighSpec": { - "vmSize": "Standard_D4s_v3", - "count": 3, - "minCount": 3, - "maxCount": 5, - "enableAutoScaling": true, - "availabilityZones": [ - "1", - "2", - "3" - ] - } - } + "defaultDatabaseName": "Todo", + "actualDatabaseName": "[if(not(empty(parameters('databaseName'))), parameters('databaseName'), variables('defaultDatabaseName'))]" }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "managed-cluster", + "name": "cosmos-mongo", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[parameters('name')]" + "accountName": { + "value": "[parameters('accountName')]" + }, + "databaseName": { + "value": "[variables('actualDatabaseName')]" }, "location": { "value": "[parameters('location')]" }, - "tags": { - "value": "[parameters('tags')]" - }, - "systemPoolConfig": { - "value": "[union(createObject('name', 'npsystem', 'mode', 'System'), variables('nodePoolBase'), variables('systemPoolSpec'))]" - }, - "nodeResourceGroupName": { - "value": "[parameters('nodeResourceGroupName')]" - }, - "sku": { - "value": "[parameters('sku')]" - }, - "dnsPrefix": { - "value": "[parameters('dnsPrefix')]" - }, - "kubernetesVersion": { - "value": "[parameters('kubernetesVersion')]" - }, - "addOns": { - "value": "[variables('addOnsConfig')]" - }, - "workspaceId": "[if(not(empty(parameters('logAnalyticsName'))), createObject('value', resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsName'))), createObject('value', ''))]", - "enableAad": { - "value": "[and(parameters('enableAzureRbac'), not(equals(parameters('aadTenantId'), '')))]" - }, - "disableLocalAccounts": { - "value": "[parameters('disableLocalAccounts')]" - }, - "aadTenantId": { - "value": "[parameters('aadTenantId')]" - }, - "enableRbac": { - "value": "[parameters('enableRbac')]" - }, - "enableAzureRbac": { - "value": "[parameters('enableAzureRbac')]" - }, - "webAppRoutingAddon": { - "value": "[parameters('webAppRoutingAddon')]" - }, - "loadBalancerSku": { - "value": "[parameters('loadBalancerSku')]" + "collections": { + "value": "[parameters('collections')]" }, - "networkPlugin": { - "value": "[parameters('networkPlugin')]" + "keyVaultName": { + "value": "[parameters('keyVaultName')]" }, - "networkPolicy": { - "value": "[parameters('networkPolicy')]" + "tags": { + "value": "[parameters('tags')]" } }, "template": { @@ -594,1437 +301,85 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "8184151159222198677" + "templateHash": "14549161001187918251" }, - "description": "Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool." + "description": "Creates an Azure Cosmos DB for MongoDB account with a database." }, "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "The name for the AKS managed cluster" - } + "accountName": { + "type": "string" }, - "nodeResourceGroupName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The name of the resource group for the managed resources of the AKS cluster" - } + "databaseName": { + "type": "string" }, "location": { "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "The Azure region/location for the AKS resources" - } + "defaultValue": "[resourceGroup().location]" }, "tags": { "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Custom tags to apply to the AKS resources" - } - }, - "kubernetesVersion": { - "type": "string", - "defaultValue": "1.27.7", - "metadata": { - "description": "Kubernetes Version" - } - }, - "enableRbac": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Whether RBAC is enabled for local accounts" - } - }, - "webAppRoutingAddon": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Whether web app routing (preview) add-on is enabled" - } - }, - "enableAad": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Enable Azure Active Directory integration" - } - }, - "enableAzureRbac": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Enable RBAC using AAD" - } - }, - "aadTenantId": { - "type": "string", - "defaultValue": "[tenant().tenantId]", - "metadata": { - "description": "The Tenant ID associated to the Azure Active Directory" - } - }, - "loadBalancerSku": { - "type": "string", - "defaultValue": "standard", - "allowedValues": [ - "basic", - "standard" - ], - "metadata": { - "description": "The load balancer SKU to use for ingress into the AKS cluster" - } - }, - "networkPlugin": { - "type": "string", - "defaultValue": "azure", - "allowedValues": [ - "azure", - "kubenet", - "none" - ], - "metadata": { - "description": "Network plugin used for building the Kubernetes network." - } - }, - "networkPolicy": { - "type": "string", - "defaultValue": "azure", - "allowedValues": [ - "azure", - "calico" - ], - "metadata": { - "description": "Network policy used for building the Kubernetes network." - } - }, - "disableLocalAccounts": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "If set to true, getting static credentials will be disabled for this cluster." - } - }, - "sku": { - "type": "string", - "defaultValue": "Free", - "allowedValues": [ - "Free", - "Paid", - "Standard" - ], - "metadata": { - "description": "The managed cluster SKU." - } + "defaultValue": {} }, - "addOns": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Configuration of AKS add-ons" - } + "collections": { + "type": "array", + "defaultValue": [] }, - "workspaceId": { + "connectionStringKey": { "type": "string", - "defaultValue": "", - "metadata": { - "description": "The log analytics workspace id used for logging & monitoring" - } - }, - "systemPoolConfig": { - "type": "object", - "metadata": { - "description": "The node pool configuration for the System agent pool" - } + "defaultValue": "AZURE-COSMOS-CONNECTION-STRING" }, - "dnsPrefix": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The DNS prefix to associate with the AKS cluster" - } + "keyVaultName": { + "type": "string" } }, - "variables": { - "aksDiagCategories": [ - "cluster-autoscaler", - "kube-controller-manager", - "kube-audit-admin", - "guard" - ] - }, "resources": [ { - "type": "Microsoft.ContainerService/managedClusters", - "apiVersion": "2023-10-02-preview", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "identity": { - "type": "SystemAssigned" - }, - "sku": { - "name": "Base", - "tier": "[parameters('sku')]" + "copy": { + "name": "list", + "count": "[length(parameters('collections'))]" }, + "type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections", + "apiVersion": "2022-08-15", + "name": "[format('{0}/{1}/{2}', split(format('{0}/{1}', parameters('accountName'), parameters('databaseName')), '/')[0], split(format('{0}/{1}', parameters('accountName'), parameters('databaseName')), '/')[1], parameters('collections')[copyIndex()].name)]", "properties": { - "nodeResourceGroup": "[if(not(empty(parameters('nodeResourceGroupName'))), parameters('nodeResourceGroupName'), format('rg-mc-{0}', parameters('name')))]", - "kubernetesVersion": "[parameters('kubernetesVersion')]", - "dnsPrefix": "[if(empty(parameters('dnsPrefix')), format('{0}-dns', parameters('name')), parameters('dnsPrefix'))]", - "enableRBAC": "[parameters('enableRbac')]", - "aadProfile": "[if(parameters('enableAad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRbac'), 'tenantID', parameters('aadTenantId')), null())]", - "agentPoolProfiles": [ - "[parameters('systemPoolConfig')]" - ], - "networkProfile": { - "loadBalancerSku": "[parameters('loadBalancerSku')]", - "networkPlugin": "[parameters('networkPlugin')]", - "networkPolicy": "[parameters('networkPolicy')]" - }, - "disableLocalAccounts": "[and(parameters('disableLocalAccounts'), parameters('enableAad'))]", - "addonProfiles": "[parameters('addOns')]", - "ingressProfile": { - "webAppRouting": { - "enabled": "[parameters('webAppRoutingAddon')]" - } + "resource": { + "id": "[parameters('collections')[copyIndex()].id]", + "shardKey": { + "_id": "[parameters('collections')[copyIndex()].shardKey]" + }, + "indexes": [ + { + "key": { + "keys": [ + "[parameters('collections')[copyIndex()].indexKey]" + ] + } + } + ] } - } + }, + "dependsOn": [ + "[resourceId('Microsoft.DocumentDB/databaseAccounts/mongodbDatabases', split(format('{0}/{1}', parameters('accountName'), parameters('databaseName')), '/')[0], split(format('{0}/{1}', parameters('accountName'), parameters('databaseName')), '/')[1])]" + ] }, { - "condition": "[not(empty(parameters('workspaceId')))]", - "type": "Microsoft.Insights/diagnosticSettings", - "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.ContainerService/managedClusters/{0}', parameters('name'))]", - "name": "aks-diagnostics", + "type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases", + "apiVersion": "2022-08-15", + "name": "[format('{0}/{1}', parameters('accountName'), parameters('databaseName'))]", + "tags": "[parameters('tags')]", "properties": { - "copy": [ - { - "name": "logs", - "count": "[length(variables('aksDiagCategories'))]", - "input": { - "category": "[variables('aksDiagCategories')[copyIndex('logs')]]", - "enabled": true - } - } - ], - "workspaceId": "[parameters('workspaceId')]", - "metrics": [ - { - "category": "AllMetrics", - "enabled": true - } - ] + "resource": { + "id": "[parameters('databaseName')]" + } }, "dependsOn": [ - "[resourceId('Microsoft.ContainerService/managedClusters', parameters('name'))]" + "[resourceId('Microsoft.Resources/deployments', 'cosmos-mongo-account')]" ] - } - ], - "outputs": { - "clusterName": { - "type": "string", - "metadata": { - "description": "The resource name of the AKS cluster" - }, - "value": "[parameters('name')]" - }, - "clusterIdentity": { - "type": "object", - "metadata": { - "description": "The AKS cluster identity" - }, - "value": { - "clientId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-10-02-preview').identityProfile.kubeletidentity.clientId]", - "objectId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-10-02-preview').identityProfile.kubeletidentity.objectId]", - "resourceId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-10-02-preview').identityProfile.kubeletidentity.resourceId]" - } - } - } - } - } - }, - { - "condition": "[variables('hasAgentPool')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "aks-node-pool", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "clusterName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'managed-cluster'), '2022-09-01').outputs.clusterName.value]" - }, - "name": { - "value": "npuserpool" - }, - "config": { - "value": "[union(createObject('name', 'npuser', 'mode', 'User'), variables('nodePoolBase'), variables('agentPoolSpec'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "6072270897511874144" - }, - "description": "Adds an agent pool to an Azure Kubernetes Service (AKS) cluster." - }, - "parameters": { - "clusterName": { - "type": "string" - }, - "name": { - "type": "string", - "metadata": { - "description": "The agent pool name" - } - }, - "config": { - "type": "object", - "metadata": { - "description": "The agent pool configuration" - } - } - }, - "resources": [ - { - "type": "Microsoft.ContainerService/managedClusters/agentPools", - "apiVersion": "2023-10-02-preview", - "name": "[format('{0}/{1}', parameters('clusterName'), parameters('name'))]", - "properties": "[parameters('config')]" - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'managed-cluster')]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "container-registry", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('containerRegistryName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "workspaceId": "[if(not(empty(parameters('logAnalyticsName'))), createObject('value', resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsName'))), createObject('value', ''))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "12834334744516280883" - }, - "description": "Creates an Azure Container Registry." - }, - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "adminUserEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Indicates whether admin user is enabled" - } - }, - "anonymousPullEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Indicates whether anonymous pull is enabled" - } - }, - "dataEndpointEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Indicates whether data endpoint is enabled" - } - }, - "encryption": { - "type": "object", - "defaultValue": { - "status": "disabled" - }, - "metadata": { - "description": "Encryption settings" - } - }, - "networkRuleBypassOptions": { - "type": "string", - "defaultValue": "AzureServices", - "metadata": { - "description": "Options for bypassing network rules" - } - }, - "publicNetworkAccess": { - "type": "string", - "defaultValue": "Enabled", - "metadata": { - "description": "Public network access setting" - } - }, - "sku": { - "type": "object", - "defaultValue": { - "name": "Basic" - }, - "metadata": { - "description": "SKU settings" - } - }, - "zoneRedundancy": { - "type": "string", - "defaultValue": "Disabled", - "metadata": { - "description": "Zone redundancy setting" - } - }, - "workspaceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The log analytics workspace ID used for logging and monitoring" - } - } - }, - "resources": [ - { - "type": "Microsoft.ContainerRegistry/registries", - "apiVersion": "2022-02-01-preview", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "sku": "[parameters('sku')]", - "properties": { - "adminUserEnabled": "[parameters('adminUserEnabled')]", - "anonymousPullEnabled": "[parameters('anonymousPullEnabled')]", - "dataEndpointEnabled": "[parameters('dataEndpointEnabled')]", - "encryption": "[parameters('encryption')]", - "networkRuleBypassOptions": "[parameters('networkRuleBypassOptions')]", - "publicNetworkAccess": "[parameters('publicNetworkAccess')]", - "zoneRedundancy": "[parameters('zoneRedundancy')]" - } - }, - { - "condition": "[not(empty(parameters('workspaceId')))]", - "type": "Microsoft.Insights/diagnosticSettings", - "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('name'))]", - "name": "registry-diagnostics", - "properties": { - "workspaceId": "[parameters('workspaceId')]", - "logs": [ - { - "category": "ContainerRegistryRepositoryEvents", - "enabled": true - }, - { - "category": "ContainerRegistryLoginEvents", - "enabled": true - } - ], - "metrics": [ - { - "category": "AllMetrics", - "enabled": true, - "timeGrain": "PT1M" - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]" - ] - } - ], - "outputs": { - "loginServer": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '2022-02-01-preview').loginServer]" - }, - "name": { - "type": "string", - "value": "[parameters('name')]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "cluster-container-registry-access", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "containerRegistryName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'container-registry'), '2022-09-01').outputs.name.value]" - }, - "principalId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'managed-cluster'), '2022-09-01').outputs.clusterIdentity.value.objectId]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15144906240959446537" - }, - "description": "Assigns ACR Pull permissions to access an Azure Container Registry." - }, - "parameters": { - "containerRegistryName": { - "type": "string" - }, - "principalId": { - "type": "string" - } - }, - "variables": { - "acrPullRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')]" - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('containerRegistryName'))]", - "name": "[guid(subscription().id, resourceGroup().id, parameters('principalId'), variables('acrPullRole'))]", - "properties": { - "roleDefinitionId": "[variables('acrPullRole')]", - "principalType": "ServicePrincipal", - "principalId": "[parameters('principalId')]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'container-registry')]", - "[resourceId('Microsoft.Resources/deployments', 'managed-cluster')]" - ] - }, - { - "condition": "[or(parameters('enableAzureRbac'), parameters('disableLocalAccounts'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "cluster-access", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "clusterName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'managed-cluster'), '2022-09-01').outputs.clusterName.value]" - }, - "principalId": { - "value": "[parameters('principalId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "8205013527918052324" - }, - "description": "Assigns RBAC role to the specified AKS cluster and principal." - }, - "parameters": { - "clusterName": { - "type": "string" - }, - "principalId": { - "type": "string" - } - }, - "variables": { - "aksClusterAdminRole": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b')]" - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.ContainerService/managedClusters/{0}', parameters('clusterName'))]", - "name": "[guid(subscription().id, resourceGroup().id, parameters('principalId'), variables('aksClusterAdminRole'))]", - "properties": { - "roleDefinitionId": "[variables('aksClusterAdminRole')]", - "principalType": "User", - "principalId": "[parameters('principalId')]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'managed-cluster')]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "cluster-keyvault-access", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "keyVaultName": { - "value": "[parameters('keyVaultName')]" - }, - "principalId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'managed-cluster'), '2022-09-01').outputs.clusterIdentity.value.objectId]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "815983560956742247" - }, - "description": "Assigns an Azure Key Vault access policy." - }, - "parameters": { - "name": { - "type": "string", - "defaultValue": "add" - }, - "keyVaultName": { - "type": "string" - }, - "permissions": { - "type": "object", - "defaultValue": { - "secrets": [ - "get", - "list" - ] - } - }, - "principalId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.KeyVault/vaults/accessPolicies", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('name'))]", - "properties": { - "accessPolicies": [ - { - "objectId": "[parameters('principalId')]", - "tenantId": "[subscription().tenantId]", - "permissions": "[parameters('permissions')]" - } - ] - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'managed-cluster')]" - ] - } - ], - "outputs": { - "clusterName": { - "type": "string", - "metadata": { - "description": "The resource name of the AKS cluster" - }, - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'managed-cluster'), '2022-09-01').outputs.clusterName.value]" - }, - "clusterIdentity": { - "type": "object", - "metadata": { - "description": "The AKS cluster identity" - }, - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'managed-cluster'), '2022-09-01').outputs.clusterIdentity.value]" - }, - "containerRegistryName": { - "type": "string", - "metadata": { - "description": "The resource name of the ACR" - }, - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'container-registry'), '2022-09-01').outputs.name.value]" - }, - "containerRegistryLoginServer": { - "type": "string", - "metadata": { - "description": "The login server for the container registry" - }, - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'container-registry'), '2022-09-01').outputs.loginServer.value]" - } - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'keyvault')]", - "[resourceId('Microsoft.Resources/deployments', 'monitoring')]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "cosmos", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "accountName": "[if(not(empty(parameters('cosmosAccountName'))), createObject('value', parameters('cosmosAccountName')), createObject('value', format('{0}{1}', variables('abbrs').documentDBDatabaseAccounts, variables('resourceToken'))))]", - "databaseName": { - "value": "[parameters('cosmosDatabaseName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[variables('tags')]" - }, - "keyVaultName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "5730728686647632614" - } - }, - "parameters": { - "accountName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "collections": { - "type": "array", - "defaultValue": [ - { - "name": "TodoList", - "id": "TodoList", - "shardKey": "Hash", - "indexKey": "_id" - }, - { - "name": "TodoItem", - "id": "TodoItem", - "shardKey": "Hash", - "indexKey": "_id" - } - ] - }, - "databaseName": { - "type": "string", - "defaultValue": "" - }, - "keyVaultName": { - "type": "string" - } - }, - "variables": { - "defaultDatabaseName": "Todo", - "actualDatabaseName": "[if(not(empty(parameters('databaseName'))), parameters('databaseName'), variables('defaultDatabaseName'))]" - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "cosmos-mongo", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "accountName": { - "value": "[parameters('accountName')]" - }, - "databaseName": { - "value": "[variables('actualDatabaseName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "collections": { - "value": "[parameters('collections')]" - }, - "keyVaultName": { - "value": "[parameters('keyVaultName')]" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "14549161001187918251" - }, - "description": "Creates an Azure Cosmos DB for MongoDB account with a database." - }, - "parameters": { - "accountName": { - "type": "string" - }, - "databaseName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "collections": { - "type": "array", - "defaultValue": [] - }, - "connectionStringKey": { - "type": "string", - "defaultValue": "AZURE-COSMOS-CONNECTION-STRING" - }, - "keyVaultName": { - "type": "string" - } - }, - "resources": [ - { - "copy": { - "name": "list", - "count": "[length(parameters('collections'))]" - }, - "type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections", - "apiVersion": "2022-08-15", - "name": "[format('{0}/{1}/{2}', split(format('{0}/{1}', parameters('accountName'), parameters('databaseName')), '/')[0], split(format('{0}/{1}', parameters('accountName'), parameters('databaseName')), '/')[1], parameters('collections')[copyIndex()].name)]", - "properties": { - "resource": { - "id": "[parameters('collections')[copyIndex()].id]", - "shardKey": { - "_id": "[parameters('collections')[copyIndex()].shardKey]" - }, - "indexes": [ - { - "key": { - "keys": [ - "[parameters('collections')[copyIndex()].indexKey]" - ] - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.DocumentDB/databaseAccounts/mongodbDatabases', split(format('{0}/{1}', parameters('accountName'), parameters('databaseName')), '/')[0], split(format('{0}/{1}', parameters('accountName'), parameters('databaseName')), '/')[1])]" - ] - }, - { - "type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases", - "apiVersion": "2022-08-15", - "name": "[format('{0}/{1}', parameters('accountName'), parameters('databaseName'))]", - "tags": "[parameters('tags')]", - "properties": { - "resource": { - "id": "[parameters('databaseName')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'cosmos-mongo-account')]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "cosmos-mongo-account", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('accountName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "keyVaultName": { - "value": "[parameters('keyVaultName')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "connectionStringKey": { - "value": "[parameters('connectionStringKey')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "8317058180807592714" - }, - "description": "Creates an Azure Cosmos DB for MongoDB account." - }, - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "keyVaultName": { - "type": "string" - }, - "connectionStringKey": { - "type": "string", - "defaultValue": "AZURE-COSMOS-CONNECTION-STRING" - } - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "cosmos-account", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('name')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "connectionStringKey": { - "value": "[parameters('connectionStringKey')]" - }, - "keyVaultName": { - "value": "[parameters('keyVaultName')]" - }, - "kind": { - "value": "MongoDB" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "13614361263700788271" - }, - "description": "Creates an Azure Cosmos DB account." - }, - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "connectionStringKey": { - "type": "string", - "defaultValue": "AZURE-COSMOS-CONNECTION-STRING" - }, - "keyVaultName": { - "type": "string" - }, - "kind": { - "type": "string", - "allowedValues": [ - "GlobalDocumentDB", - "MongoDB", - "Parse" - ] - } - }, - "resources": [ - { - "type": "Microsoft.DocumentDB/databaseAccounts", - "apiVersion": "2022-08-15", - "name": "[parameters('name')]", - "kind": "[parameters('kind')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "consistencyPolicy": { - "defaultConsistencyLevel": "Session" - }, - "locations": [ - { - "locationName": "[parameters('location')]", - "failoverPriority": 0, - "isZoneRedundant": false - } - ], - "databaseAccountOfferType": "Standard", - "enableAutomaticFailover": false, - "enableMultipleWriteLocations": false, - "apiProperties": "[if(equals(parameters('kind'), 'MongoDB'), createObject('serverVersion', '4.2'), createObject())]", - "capabilities": [ - { - "name": "EnableServerless" - } - ] - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('connectionStringKey'))]", - "properties": { - "value": "[listConnectionStrings(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '2022-08-15').connectionStrings[0].connectionString]" - }, - "dependsOn": [ - "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" - ] - } - ], - "outputs": { - "connectionStringKey": { - "type": "string", - "value": "[parameters('connectionStringKey')]" - }, - "endpoint": { - "type": "string", - "value": "[reference(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '2022-08-15').documentEndpoint]" - }, - "id": { - "type": "string", - "value": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" - }, - "name": { - "type": "string", - "value": "[parameters('name')]" - } - } - } - } - } - ], - "outputs": { - "connectionStringKey": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-account'), '2022-09-01').outputs.connectionStringKey.value]" - }, - "endpoint": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-account'), '2022-09-01').outputs.endpoint.value]" - }, - "id": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-account'), '2022-09-01').outputs.id.value]" - } - } - } - } - } - ], - "outputs": { - "connectionStringKey": { - "type": "string", - "value": "[parameters('connectionStringKey')]" - }, - "databaseName": { - "type": "string", - "value": "[parameters('databaseName')]" - }, - "endpoint": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-mongo-account'), '2022-09-01').outputs.endpoint.value]" - } - } - } - } - } - ], - "outputs": { - "connectionStringKey": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-mongo'), '2022-09-01').outputs.connectionStringKey.value]" - }, - "databaseName": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-mongo'), '2022-09-01').outputs.databaseName.value]" - }, - "endpoint": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-mongo'), '2022-09-01').outputs.endpoint.value]" - } - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'keyvault')]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "keyvault", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": "[if(not(empty(parameters('keyVaultName'))), createObject('value', parameters('keyVaultName')), createObject('value', format('{0}{1}', variables('abbrs').keyVaultVaults, variables('resourceToken'))))]", - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[variables('tags')]" - }, - "principalId": { - "value": "[parameters('principalId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "17948623451174129396" - }, - "description": "Creates an Azure Key Vault." - }, - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "principalId": { - "type": "string", - "defaultValue": "" - } - }, - "resources": [ - { - "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2022-07-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "tenantId": "[subscription().tenantId]", - "sku": { - "family": "A", - "name": "standard" - }, - "accessPolicies": "[if(not(empty(parameters('principalId'))), createArray(createObject('objectId', parameters('principalId'), 'permissions', createObject('secrets', createArray('get', 'list')), 'tenantId', subscription().tenantId)), createArray())]" - } - } - ], - "outputs": { - "endpoint": { - "type": "string", - "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '2022-07-01').vaultUri]" - }, - "name": { - "type": "string", - "value": "[parameters('name')]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "monitoring", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[variables('tags')]" - }, - "logAnalyticsName": "[if(not(empty(parameters('logAnalyticsName'))), createObject('value', parameters('logAnalyticsName')), createObject('value', format('{0}{1}', variables('abbrs').operationalInsightsWorkspaces, variables('resourceToken'))))]", - "applicationInsightsName": "[if(not(empty(parameters('applicationInsightsName'))), createObject('value', parameters('applicationInsightsName')), createObject('value', format('{0}{1}', variables('abbrs').insightsComponents, variables('resourceToken'))))]", - "applicationInsightsDashboardName": "[if(not(empty(parameters('applicationInsightsDashboardName'))), createObject('value', parameters('applicationInsightsDashboardName')), createObject('value', format('{0}{1}', variables('abbrs').portalDashboards, variables('resourceToken'))))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "10041669792322197047" - }, - "description": "Creates an Application Insights instance and a Log Analytics workspace." - }, - "parameters": { - "logAnalyticsName": { - "type": "string" - }, - "applicationInsightsName": { - "type": "string" - }, - "applicationInsightsDashboardName": { - "type": "string", - "defaultValue": "" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object", - "defaultValue": {} - } - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "loganalytics", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('logAnalyticsName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "9622176141085970536" - }, - "description": "Creates a Log Analytics workspace." - }, - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object", - "defaultValue": {} - } - }, - "resources": [ - { - "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2021-12-01-preview", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "retentionInDays": 30, - "features": { - "searchVersion": 1 - }, - "sku": { - "name": "PerGB2018" - } - } - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" - }, - "name": { - "type": "string", - "value": "[parameters('name')]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "applicationinsights", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('applicationInsightsName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "dashboardName": { - "value": "[parameters('applicationInsightsDashboardName')]" - }, - "logAnalyticsWorkspaceId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'loganalytics'), '2022-09-01').outputs.id.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "1335628967363670282" - }, - "description": "Creates an Application Insights instance based on an existing Log Analytics workspace." - }, - "parameters": { - "name": { - "type": "string" - }, - "dashboardName": { - "type": "string", - "defaultValue": "" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "logAnalyticsWorkspaceId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Insights/components", - "apiVersion": "2020-02-02", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "kind": "web", - "properties": { - "Application_Type": "web", - "WorkspaceResourceId": "[parameters('logAnalyticsWorkspaceId')]" - } }, { - "condition": "[not(empty(parameters('dashboardName')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "application-insights-dashboard", + "name": "cosmos-mongo-account", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2032,13 +387,19 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[parameters('dashboardName')]" + "value": "[parameters('accountName')]" }, "location": { "value": "[parameters('location')]" }, - "applicationInsightsName": { - "value": "[parameters('name')]" + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "connectionStringKey": { + "value": "[parameters('connectionStringKey')]" } }, "template": { @@ -2048,17 +409,14 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "2145880658446193205" + "templateHash": "8317058180807592714" }, - "description": "Creates a dashboard for an Application Insights instance." + "description": "Creates an Azure Cosmos DB for MongoDB account." }, "parameters": { "name": { "type": "string" }, - "applicationInsightsName": { - "type": "string" - }, "location": { "type": "string", "defaultValue": "[resourceGroup().location]" @@ -2066,1269 +424,353 @@ "tags": { "type": "object", "defaultValue": {} + }, + "keyVaultName": { + "type": "string" + }, + "connectionStringKey": { + "type": "string", + "defaultValue": "AZURE-COSMOS-CONNECTION-STRING" } }, "resources": [ { - "type": "Microsoft.Portal/dashboards", - "apiVersion": "2020-09-01-preview", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "cosmos-account", "properties": { - "lenses": [ - { - "order": 0, - "parts": [ - { - "position": { - "x": 0, - "y": 0, - "colSpan": 2, - "rowSpan": 1 - }, - "metadata": { - "inputs": [ - { - "name": "id", - "value": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - { - "name": "Version", - "value": "1.0" - } - ], - "type": "Extension/AppInsightsExtension/PartType/AspNetOverviewPinnedPart", - "asset": { - "idInputName": "id", - "type": "ApplicationInsights" - }, - "defaultMenuItemId": "overview" - } - }, - { - "position": { - "x": 2, - "y": 0, - "colSpan": 1, - "rowSpan": 1 - }, - "metadata": { - "inputs": [ - { - "name": "ComponentId", - "value": { - "Name": "[parameters('applicationInsightsName')]", - "SubscriptionId": "[subscription().subscriptionId]", - "ResourceGroup": "[resourceGroup().name]" - } - }, - { - "name": "Version", - "value": "1.0" - } - ], - "type": "Extension/AppInsightsExtension/PartType/ProactiveDetectionAsyncPart", - "asset": { - "idInputName": "ComponentId", - "type": "ApplicationInsights" - }, - "defaultMenuItemId": "ProactiveDetection" - } - }, - { - "position": { - "x": 3, - "y": 0, - "colSpan": 1, - "rowSpan": 1 - }, - "metadata": { - "inputs": [ - { - "name": "ComponentId", - "value": { - "Name": "[parameters('applicationInsightsName')]", - "SubscriptionId": "[subscription().subscriptionId]", - "ResourceGroup": "[resourceGroup().name]" - } - }, - { - "name": "ResourceId", - "value": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - } - ], - "type": "Extension/AppInsightsExtension/PartType/QuickPulseButtonSmallPart", - "asset": { - "idInputName": "ComponentId", - "type": "ApplicationInsights" - } - } - }, - { - "position": { - "x": 4, - "y": 0, - "colSpan": 1, - "rowSpan": 1 - }, - "metadata": { - "inputs": [ - { - "name": "ComponentId", - "value": { - "Name": "[parameters('applicationInsightsName')]", - "SubscriptionId": "[subscription().subscriptionId]", - "ResourceGroup": "[resourceGroup().name]" - } - }, - { - "name": "TimeContext", - "value": { - "durationMs": 86400000, - "endTime": null, - "createdTime": "2018-05-04T01:20:33.345Z", - "isInitialTime": true, - "grain": 1, - "useDashboardTimeRange": false - } - }, - { - "name": "Version", - "value": "1.0" - } - ], - "type": "Extension/AppInsightsExtension/PartType/AvailabilityNavButtonPart", - "asset": { - "idInputName": "ComponentId", - "type": "ApplicationInsights" - } - } - }, - { - "position": { - "x": 5, - "y": 0, - "colSpan": 1, - "rowSpan": 1 - }, - "metadata": { - "inputs": [ - { - "name": "ComponentId", - "value": { - "Name": "[parameters('applicationInsightsName')]", - "SubscriptionId": "[subscription().subscriptionId]", - "ResourceGroup": "[resourceGroup().name]" - } - }, - { - "name": "TimeContext", - "value": { - "durationMs": 86400000, - "endTime": null, - "createdTime": "2018-05-08T18:47:35.237Z", - "isInitialTime": true, - "grain": 1, - "useDashboardTimeRange": false - } - }, - { - "name": "ConfigurationId", - "value": "78ce933e-e864-4b05-a27b-71fd55a6afad" - } - ], - "type": "Extension/AppInsightsExtension/PartType/AppMapButtonPart", - "asset": { - "idInputName": "ComponentId", - "type": "ApplicationInsights" - } - } - }, - { - "position": { - "x": 0, - "y": 1, - "colSpan": 3, - "rowSpan": 1 - }, - "metadata": { - "inputs": [], - "type": "Extension/HubsExtension/PartType/MarkdownPart", - "settings": { - "content": { - "settings": { - "content": "# Usage", - "title": "", - "subtitle": "" - } - } - } - } - }, - { - "position": { - "x": 3, - "y": 1, - "colSpan": 1, - "rowSpan": 1 - }, - "metadata": { - "inputs": [ - { - "name": "ComponentId", - "value": { - "Name": "[parameters('applicationInsightsName')]", - "SubscriptionId": "[subscription().subscriptionId]", - "ResourceGroup": "[resourceGroup().name]" - } - }, - { - "name": "TimeContext", - "value": { - "durationMs": 86400000, - "endTime": null, - "createdTime": "2018-05-04T01:22:35.782Z", - "isInitialTime": true, - "grain": 1, - "useDashboardTimeRange": false - } - } - ], - "type": "Extension/AppInsightsExtension/PartType/UsageUsersOverviewPart", - "asset": { - "idInputName": "ComponentId", - "type": "ApplicationInsights" - } - } - }, - { - "position": { - "x": 4, - "y": 1, - "colSpan": 3, - "rowSpan": 1 - }, - "metadata": { - "inputs": [], - "type": "Extension/HubsExtension/PartType/MarkdownPart", - "settings": { - "content": { - "settings": { - "content": "# Reliability", - "title": "", - "subtitle": "" - } - } - } - } - }, - { - "position": { - "x": 7, - "y": 1, - "colSpan": 1, - "rowSpan": 1 - }, - "metadata": { - "inputs": [ - { - "name": "ResourceId", - "value": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - { - "name": "DataModel", - "value": { - "version": "1.0.0", - "timeContext": { - "durationMs": 86400000, - "createdTime": "2018-05-04T23:42:40.072Z", - "isInitialTime": false, - "grain": 1, - "useDashboardTimeRange": false - } - }, - "isOptional": true - }, - { - "name": "ConfigurationId", - "value": "8a02f7bf-ac0f-40e1-afe9-f0e72cfee77f", - "isOptional": true - } - ], - "type": "Extension/AppInsightsExtension/PartType/CuratedBladeFailuresPinnedPart", - "isAdapter": true, - "asset": { - "idInputName": "ResourceId", - "type": "ApplicationInsights" - }, - "defaultMenuItemId": "failures" - } - }, - { - "position": { - "x": 8, - "y": 1, - "colSpan": 3, - "rowSpan": 1 + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('name')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "connectionStringKey": { + "value": "[parameters('connectionStringKey')]" + }, + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, + "kind": { + "value": "MongoDB" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.25.53.49325", + "templateHash": "13614361263700788271" + }, + "description": "Creates an Azure Cosmos DB account." + }, + "parameters": { + "name": { + "type": "string" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "tags": { + "type": "object", + "defaultValue": {} + }, + "connectionStringKey": { + "type": "string", + "defaultValue": "AZURE-COSMOS-CONNECTION-STRING" + }, + "keyVaultName": { + "type": "string" + }, + "kind": { + "type": "string", + "allowedValues": [ + "GlobalDocumentDB", + "MongoDB", + "Parse" + ] + } + }, + "resources": [ + { + "type": "Microsoft.DocumentDB/databaseAccounts", + "apiVersion": "2022-08-15", + "name": "[parameters('name')]", + "kind": "[parameters('kind')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "consistencyPolicy": { + "defaultConsistencyLevel": "Session" }, - "metadata": { - "inputs": [], - "type": "Extension/HubsExtension/PartType/MarkdownPart", - "settings": { - "content": { - "settings": { - "content": "# Responsiveness\r\n", - "title": "", - "subtitle": "" - } - } + "locations": [ + { + "locationName": "[parameters('location')]", + "failoverPriority": 0, + "isZoneRedundant": false } - } - }, - { - "position": { - "x": 11, - "y": 1, - "colSpan": 1, - "rowSpan": 1 - }, - "metadata": { - "inputs": [ - { - "name": "ResourceId", - "value": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - { - "name": "DataModel", - "value": { - "version": "1.0.0", - "timeContext": { - "durationMs": 86400000, - "createdTime": "2018-05-04T23:43:37.804Z", - "isInitialTime": false, - "grain": 1, - "useDashboardTimeRange": false - } - }, - "isOptional": true - }, - { - "name": "ConfigurationId", - "value": "2a8ede4f-2bee-4b9c-aed9-2db0e8a01865", - "isOptional": true - } - ], - "type": "Extension/AppInsightsExtension/PartType/CuratedBladePerformancePinnedPart", - "isAdapter": true, - "asset": { - "idInputName": "ResourceId", - "type": "ApplicationInsights" - }, - "defaultMenuItemId": "performance" - } - }, - { - "position": { - "x": 12, - "y": 1, - "colSpan": 3, - "rowSpan": 1 - }, - "metadata": { - "inputs": [], - "type": "Extension/HubsExtension/PartType/MarkdownPart", - "settings": { - "content": { - "settings": { - "content": "# Browser", - "title": "", - "subtitle": "" - } - } + ], + "databaseAccountOfferType": "Standard", + "enableAutomaticFailover": false, + "enableMultipleWriteLocations": false, + "apiProperties": "[if(equals(parameters('kind'), 'MongoDB'), createObject('serverVersion', '4.2'), createObject())]", + "capabilities": [ + { + "name": "EnableServerless" } - } - }, - { - "position": { - "x": 15, - "y": 1, - "colSpan": 1, - "rowSpan": 1 - }, - "metadata": { - "inputs": [ - { - "name": "ComponentId", - "value": { - "Name": "[parameters('applicationInsightsName')]", - "SubscriptionId": "[subscription().subscriptionId]", - "ResourceGroup": "[resourceGroup().name]" - } - }, - { - "name": "MetricsExplorerJsonDefinitionId", - "value": "BrowserPerformanceTimelineMetrics" - }, - { - "name": "TimeContext", - "value": { - "durationMs": 86400000, - "createdTime": "2018-05-08T12:16:27.534Z", - "isInitialTime": false, - "grain": 1, - "useDashboardTimeRange": false - } - }, - { - "name": "CurrentFilter", - "value": { - "eventTypes": [ - 4, - 1, - 3, - 5, - 2, - 6, - 13 - ], - "typeFacets": {}, - "isPermissive": false - } - }, - { - "name": "id", - "value": { - "Name": "[parameters('applicationInsightsName')]", - "SubscriptionId": "[subscription().subscriptionId]", - "ResourceGroup": "[resourceGroup().name]" - } - }, - { - "name": "Version", - "value": "1.0" - } - ], - "type": "Extension/AppInsightsExtension/PartType/MetricsExplorerBladePinnedPart", - "asset": { - "idInputName": "ComponentId", - "type": "ApplicationInsights" - }, - "defaultMenuItemId": "browser" - } - }, - { - "position": { - "x": 0, - "y": 2, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "sessions/count", - "aggregationType": 5, - "namespace": "microsoft.insights/components/kusto", - "metricVisualization": { - "displayName": "Sessions", - "color": "#47BDF5" - } - }, - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "users/count", - "aggregationType": 5, - "namespace": "microsoft.insights/components/kusto", - "metricVisualization": { - "displayName": "Users", - "color": "#7E58FF" - } - } - ], - "title": "Unique sessions and users", - "visualization": { - "chartType": 2, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - }, - "openBladeOnClick": { - "openBlade": true, - "destinationBlade": { - "extensionName": "HubsExtension", - "bladeName": "ResourceMenuBlade", - "parameters": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]", - "menuid": "segmentationUsers" - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } - }, - { - "position": { - "x": 4, - "y": 2, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "requests/failed", - "aggregationType": 7, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Failed requests", - "color": "#EC008C" - } - } - ], - "title": "Failed requests", - "visualization": { - "chartType": 3, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - }, - "openBladeOnClick": { - "openBlade": true, - "destinationBlade": { - "extensionName": "HubsExtension", - "bladeName": "ResourceMenuBlade", - "parameters": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]", - "menuid": "failures" - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } - }, - { - "position": { - "x": 8, - "y": 2, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "requests/duration", - "aggregationType": 4, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Server response time", - "color": "#00BCF2" - } - } - ], - "title": "Server response time", - "visualization": { - "chartType": 2, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - }, - "openBladeOnClick": { - "openBlade": true, - "destinationBlade": { - "extensionName": "HubsExtension", - "bladeName": "ResourceMenuBlade", - "parameters": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]", - "menuid": "performance" - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } - }, - { - "position": { - "x": 12, - "y": 2, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "browserTimings/networkDuration", - "aggregationType": 4, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Page load network connect time", - "color": "#7E58FF" - } - }, - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "browserTimings/processingDuration", - "aggregationType": 4, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Client processing time", - "color": "#44F1C8" - } - }, - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "browserTimings/sendDuration", - "aggregationType": 4, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Send request time", - "color": "#EB9371" - } - }, - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "browserTimings/receiveDuration", - "aggregationType": 4, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Receiving response time", - "color": "#0672F1" - } - } - ], - "title": "Average page load time breakdown", - "visualization": { - "chartType": 3, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } - }, - { - "position": { - "x": 0, - "y": 5, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "availabilityResults/availabilityPercentage", - "aggregationType": 4, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Availability", - "color": "#47BDF5" - } - } - ], - "title": "Average availability", - "visualization": { - "chartType": 3, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - }, - "openBladeOnClick": { - "openBlade": true, - "destinationBlade": { - "extensionName": "HubsExtension", - "bladeName": "ResourceMenuBlade", - "parameters": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]", - "menuid": "availability" - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } - }, - { - "position": { - "x": 4, - "y": 5, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "exceptions/server", - "aggregationType": 7, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Server exceptions", - "color": "#47BDF5" - } - }, - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "dependencies/failed", - "aggregationType": 7, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Dependency failures", - "color": "#7E58FF" - } - } - ], - "title": "Server exceptions and Dependency failures", - "visualization": { - "chartType": 2, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } - }, - { - "position": { - "x": 8, - "y": 5, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "performanceCounters/processorCpuPercentage", - "aggregationType": 4, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Processor time", - "color": "#47BDF5" - } - }, - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "performanceCounters/processCpuPercentage", - "aggregationType": 4, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Process CPU", - "color": "#7E58FF" - } - } - ], - "title": "Average processor and process CPU utilization", - "visualization": { - "chartType": 2, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } - }, - { - "position": { - "x": 12, - "y": 5, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "exceptions/browser", - "aggregationType": 7, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Browser exceptions", - "color": "#47BDF5" - } - } - ], - "title": "Browser exceptions", - "visualization": { - "chartType": 2, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } - }, - { - "position": { - "x": 0, - "y": 8, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "availabilityResults/count", - "aggregationType": 7, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Availability test results count", - "color": "#47BDF5" - } - } - ], - "title": "Availability test results count", - "visualization": { - "chartType": 2, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } - }, - { - "position": { - "x": 4, - "y": 8, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "performanceCounters/processIOBytesPerSecond", - "aggregationType": 4, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Process IO rate", - "color": "#47BDF5" - } - } - ], - "title": "Average process I/O rate", - "visualization": { - "chartType": 2, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } - }, - { - "position": { - "x": 8, - "y": 8, - "colSpan": 4, - "rowSpan": 3 - }, - "metadata": { - "inputs": [ - { - "name": "options", - "value": { - "chart": { - "metrics": [ - { - "resourceMetadata": { - "id": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Insights/components/{2}', subscription().subscriptionId, resourceGroup().name, parameters('applicationInsightsName'))]" - }, - "name": "performanceCounters/memoryAvailableBytes", - "aggregationType": 4, - "namespace": "microsoft.insights/components", - "metricVisualization": { - "displayName": "Available memory", - "color": "#47BDF5" - } - } - ], - "title": "Average available memory", - "visualization": { - "chartType": 2, - "legendVisualization": { - "isVisible": true, - "position": 2, - "hideSubtitle": false - }, - "axisVisualization": { - "x": { - "isVisible": true, - "axisType": 2 - }, - "y": { - "isVisible": true, - "axisType": 1 - } - } - } - } - } - }, - { - "name": "sharedTimeRange", - "isOptional": true - } - ], - "type": "Extension/HubsExtension/PartType/MonitorChartPart", - "settings": {} - } + ] } - ] + }, + { + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('connectionStringKey'))]", + "properties": { + "value": "[listConnectionStrings(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '2022-08-15').connectionStrings[0].connectionString]" + }, + "dependsOn": [ + "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" + ] + } + ], + "outputs": { + "connectionStringKey": { + "type": "string", + "value": "[parameters('connectionStringKey')]" + }, + "endpoint": { + "type": "string", + "value": "[reference(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '2022-08-15').documentEndpoint]" + }, + "id": { + "type": "string", + "value": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + } } - ] + } } } - ] + ], + "outputs": { + "connectionStringKey": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-account'), '2022-09-01').outputs.connectionStringKey.value]" + }, + "endpoint": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-account'), '2022-09-01').outputs.endpoint.value]" + }, + "id": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-account'), '2022-09-01').outputs.id.value]" + } + } } - }, - "dependsOn": [ - "[resourceId('Microsoft.Insights/components', parameters('name'))]" - ] + } } ], "outputs": { - "connectionString": { + "connectionStringKey": { "type": "string", - "value": "[reference(resourceId('Microsoft.Insights/components', parameters('name')), '2020-02-02').ConnectionString]" + "value": "[parameters('connectionStringKey')]" }, - "instrumentationKey": { + "databaseName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Insights/components', parameters('name')), '2020-02-02').InstrumentationKey]" + "value": "[parameters('databaseName')]" }, - "name": { + "endpoint": { "type": "string", - "value": "[parameters('name')]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-mongo-account'), '2022-09-01').outputs.endpoint.value]" } } } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'loganalytics')]" - ] + } } ], "outputs": { - "applicationInsightsConnectionString": { + "connectionStringKey": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-mongo'), '2022-09-01').outputs.connectionStringKey.value]" + }, + "databaseName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'applicationinsights'), '2022-09-01').outputs.connectionString.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-mongo'), '2022-09-01').outputs.databaseName.value]" }, - "applicationInsightsInstrumentationKey": { + "endpoint": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'applicationinsights'), '2022-09-01').outputs.instrumentationKey.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos-mongo'), '2022-09-01').outputs.endpoint.value]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'keyvault')]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "keyvault", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": "[if(not(empty(parameters('keyVaultName'))), createObject('value', parameters('keyVaultName')), createObject('value', format('{0}{1}', variables('abbrs').keyVaultVaults, variables('resourceToken'))))]", + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[variables('tags')]" + }, + "principalId": { + "value": "[parameters('principalId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.25.53.49325", + "templateHash": "17948623451174129396" + }, + "description": "Creates an Azure Key Vault." + }, + "parameters": { + "name": { + "type": "string" }, - "applicationInsightsName": { + "location": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'applicationinsights'), '2022-09-01').outputs.name.value]" + "defaultValue": "[resourceGroup().location]" + }, + "tags": { + "type": "object", + "defaultValue": {} }, - "logAnalyticsWorkspaceId": { + "principalId": { + "type": "string", + "defaultValue": "" + } + }, + "resources": [ + { + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "tenantId": "[subscription().tenantId]", + "sku": { + "family": "A", + "name": "standard" + }, + "accessPolicies": "[if(not(empty(parameters('principalId'))), createArray(createObject('objectId', parameters('principalId'), 'permissions', createObject('secrets', createArray('get', 'list')), 'tenantId', subscription().tenantId)), createArray())]" + } + } + ], + "outputs": { + "endpoint": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'loganalytics'), '2022-09-01').outputs.id.value]" + "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '2022-07-01').vaultUri]" }, - "logAnalyticsWorkspaceName": { + "name": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'loganalytics'), '2022-09-01').outputs.name.value]" + "value": "[parameters('name')]" } } } } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "cluster-keyvault-access", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultName": { + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" + }, + "principalId": { + "value": "[parameters('aksClusterIdentityObjectId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.25.53.49325", + "templateHash": "815983560956742247" + }, + "description": "Assigns an Azure Key Vault access policy." + }, + "parameters": { + "name": { + "type": "string", + "defaultValue": "add" + }, + "keyVaultName": { + "type": "string" + }, + "permissions": { + "type": "object", + "defaultValue": { + "secrets": [ + "get", + "list" + ] + } + }, + "principalId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.KeyVault/vaults/accessPolicies", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('name'))]", + "properties": { + "accessPolicies": [ + { + "objectId": "[parameters('principalId')]", + "tenantId": "[subscription().tenantId]", + "permissions": "[parameters('permissions')]" + } + ] + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'keyvault')]" + ] } ], "outputs": { @@ -3340,18 +782,6 @@ "type": "string", "value": "[reference(resourceId('Microsoft.Resources/deployments', 'cosmos'), '2022-09-01').outputs.databaseName.value]" }, - "APPLICATIONINSIGHTS_CONNECTION_STRING": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsConnectionString.value]" - }, - "AZURE_KEY_VAULT_ENDPOINT": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.endpoint.value]" - }, - "AZURE_KEY_VAULT_NAME": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" - }, "AZURE_LOCATION": { "type": "string", "value": "[parameters('location')]" @@ -3360,25 +790,13 @@ "type": "string", "value": "[tenant().tenantId]" }, - "AZURE_AKS_CLUSTER_NAME": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'aks'), '2022-09-01').outputs.clusterName.value]" - }, - "AZURE_AKS_IDENTITY_CLIENT_ID": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'aks'), '2022-09-01').outputs.clusterIdentity.value.clientId]" - }, - "AZURE_CONTAINER_REGISTRY_ENDPOINT": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'aks'), '2022-09-01').outputs.containerRegistryLoginServer.value]" - }, - "AZURE_CONTAINER_REGISTRY_NAME": { + "AZURE_KEY_VAULT_ENDPOINT": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'aks'), '2022-09-01').outputs.containerRegistryName.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.endpoint.value]" }, - "REACT_APP_APPLICATIONINSIGHTS_CONNECTION_STRING": { + "AZURE_KEY_VAULT_NAME": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsConnectionString.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" } } } \ No newline at end of file diff --git a/Environments/App-Base-WebApp-AKS/core/ai/cognitiveservices.bicep b/Environments/App-Base-WebApp-AKS/core/ai/cognitiveservices.bicep deleted file mode 100644 index 1bf5666b..00000000 --- a/Environments/App-Base-WebApp-AKS/core/ai/cognitiveservices.bicep +++ /dev/null @@ -1,53 +0,0 @@ -metadata description = 'Creates an Azure Cognitive Services instance.' -param name string -param location string = resourceGroup().location -param tags object = {} -@description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.') -param customSubDomainName string = name -param deployments array = [] -param kind string = 'OpenAI' - -@allowed([ 'Enabled', 'Disabled' ]) -param publicNetworkAccess string = 'Enabled' -param sku object = { - name: 'S0' -} - -param allowedIpRules array = [] -param networkAcls object = empty(allowedIpRules) ? { - defaultAction: 'Allow' -} : { - ipRules: allowedIpRules - defaultAction: 'Deny' -} - -resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = { - name: name - location: location - tags: tags - kind: kind - properties: { - customSubDomainName: customSubDomainName - publicNetworkAccess: publicNetworkAccess - networkAcls: networkAcls - } - sku: sku -} - -@batchSize(1) -resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for deployment in deployments: { - parent: account - name: deployment.name - properties: { - model: deployment.model - raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null - } - sku: contains(deployment, 'sku') ? deployment.sku : { - name: 'Standard' - capacity: 20 - } -}] - -output endpoint string = account.properties.endpoint -output id string = account.id -output name string = account.name diff --git a/Environments/App-Base-WebApp-AKS/core/database/postgresql/flexibleserver.bicep b/Environments/App-Base-WebApp-AKS/core/database/postgresql/flexibleserver.bicep deleted file mode 100644 index 7e26b1a8..00000000 --- a/Environments/App-Base-WebApp-AKS/core/database/postgresql/flexibleserver.bicep +++ /dev/null @@ -1,65 +0,0 @@ -metadata description = 'Creates an Azure Database for PostgreSQL - Flexible Server.' -param name string -param location string = resourceGroup().location -param tags object = {} - -param sku object -param storage object -param administratorLogin string -@secure() -param administratorLoginPassword string -param databaseNames array = [] -param allowAzureIPsFirewall bool = false -param allowAllIPsFirewall bool = false -param allowedSingleIPs array = [] - -// PostgreSQL version -param version string - -// Latest official version 2022-12-01 does not have Bicep types available -resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = { - location: location - tags: tags - name: name - sku: sku - properties: { - version: version - administratorLogin: administratorLogin - administratorLoginPassword: administratorLoginPassword - storage: storage - highAvailability: { - mode: 'Disabled' - } - } - - resource database 'databases' = [for name in databaseNames: { - name: name - }] - - resource firewall_all 'firewallRules' = if (allowAllIPsFirewall) { - name: 'allow-all-IPs' - properties: { - startIpAddress: '0.0.0.0' - endIpAddress: '255.255.255.255' - } - } - - resource firewall_azure 'firewallRules' = if (allowAzureIPsFirewall) { - name: 'allow-all-azure-internal-IPs' - properties: { - startIpAddress: '0.0.0.0' - endIpAddress: '0.0.0.0' - } - } - - resource firewall_single 'firewallRules' = [for ip in allowedSingleIPs: { - name: 'allow-single-${replace(ip, '.', '')}' - properties: { - startIpAddress: ip - endIpAddress: ip - } - }] - -} - -output POSTGRES_DOMAIN_NAME string = postgresServer.properties.fullyQualifiedDomainName diff --git a/Environments/App-Base-WebApp-AKS/core/database/sqlserver/sqlserver.bicep b/Environments/App-Base-WebApp-AKS/core/database/sqlserver/sqlserver.bicep deleted file mode 100644 index 84f2cc2c..00000000 --- a/Environments/App-Base-WebApp-AKS/core/database/sqlserver/sqlserver.bicep +++ /dev/null @@ -1,130 +0,0 @@ -metadata description = 'Creates an Azure SQL Server instance.' -param name string -param location string = resourceGroup().location -param tags object = {} - -param appUser string = 'appUser' -param databaseName string -param keyVaultName string -param sqlAdmin string = 'sqlAdmin' -param connectionStringKey string = 'AZURE-SQL-CONNECTION-STRING' - -@secure() -param sqlAdminPassword string -@secure() -param appUserPassword string - -resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = { - name: name - location: location - tags: tags - properties: { - version: '12.0' - minimalTlsVersion: '1.2' - publicNetworkAccess: 'Enabled' - administratorLogin: sqlAdmin - administratorLoginPassword: sqlAdminPassword - } - - resource database 'databases' = { - name: databaseName - location: location - } - - resource firewall 'firewallRules' = { - name: 'Azure Services' - properties: { - // Allow all clients - // Note: range [0.0.0.0-0.0.0.0] means "allow all Azure-hosted clients only". - // This is not sufficient, because we also want to allow direct access from developer machine, for debugging purposes. - startIpAddress: '0.0.0.1' - endIpAddress: '255.255.255.254' - } - } -} - -resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { - name: '${name}-deployment-script' - location: location - kind: 'AzureCLI' - properties: { - azCliVersion: '2.37.0' - retentionInterval: 'PT1H' // Retain the script resource for 1 hour after it ends running - timeout: 'PT5M' // Five minutes - cleanupPreference: 'OnSuccess' - environmentVariables: [ - { - name: 'APPUSERNAME' - value: appUser - } - { - name: 'APPUSERPASSWORD' - secureValue: appUserPassword - } - { - name: 'DBNAME' - value: databaseName - } - { - name: 'DBSERVER' - value: sqlServer.properties.fullyQualifiedDomainName - } - { - name: 'SQLCMDPASSWORD' - secureValue: sqlAdminPassword - } - { - name: 'SQLADMIN' - value: sqlAdmin - } - ] - - scriptContent: ''' -wget https://github.com/microsoft/go-sqlcmd/releases/download/v0.8.1/sqlcmd-v0.8.1-linux-x64.tar.bz2 -tar x -f sqlcmd-v0.8.1-linux-x64.tar.bz2 -C . - -cat < ./initDb.sql -drop user if exists ${APPUSERNAME} -go -create user ${APPUSERNAME} with password = '${APPUSERPASSWORD}' -go -alter role db_owner add member ${APPUSERNAME} -go -SCRIPT_END - -./sqlcmd -S ${DBSERVER} -d ${DBNAME} -U ${SQLADMIN} -i ./initDb.sql - ''' - } -} - -resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: 'sqlAdminPassword' - properties: { - value: sqlAdminPassword - } -} - -resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: 'appUserPassword' - properties: { - value: appUserPassword - } -} - -resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: connectionStringKey - properties: { - value: '${connectionString}; Password=${appUserPassword}' - } -} - -resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { - name: keyVaultName -} - -var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}' -output connectionStringKey string = connectionStringKey -output databaseName string = sqlServer::database.name diff --git a/Environments/App-Base-WebApp-AKS/core/gateway/apim.bicep b/Environments/App-Base-WebApp-AKS/core/gateway/apim.bicep deleted file mode 100644 index be7464f0..00000000 --- a/Environments/App-Base-WebApp-AKS/core/gateway/apim.bicep +++ /dev/null @@ -1,79 +0,0 @@ -metadata description = 'Creates an Azure API Management instance.' -param name string -param location string = resourceGroup().location -param tags object = {} - -@description('The email address of the owner of the service') -@minLength(1) -param publisherEmail string = 'noreply@microsoft.com' - -@description('The name of the owner of the service') -@minLength(1) -param publisherName string = 'n/a' - -@description('The pricing tier of this API Management service') -@allowed([ - 'Consumption' - 'Developer' - 'Standard' - 'Premium' -]) -param sku string = 'Consumption' - -@description('The instance size of this API Management service.') -@allowed([ 0, 1, 2 ]) -param skuCount int = 0 - -@description('Azure Application Insights Name') -param applicationInsightsName string - -resource apimService 'Microsoft.ApiManagement/service@2021-08-01' = { - name: name - location: location - tags: union(tags, { 'azd-service-name': name }) - sku: { - name: sku - capacity: (sku == 'Consumption') ? 0 : ((sku == 'Developer') ? 1 : skuCount) - } - properties: { - publisherEmail: publisherEmail - publisherName: publisherName - // Custom properties are not supported for Consumption SKU - customProperties: sku == 'Consumption' ? {} : { - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false' - 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false' - } - } -} - -resource apimLogger 'Microsoft.ApiManagement/service/loggers@2021-12-01-preview' = if (!empty(applicationInsightsName)) { - name: 'app-insights-logger' - parent: apimService - properties: { - credentials: { - instrumentationKey: applicationInsights.properties.InstrumentationKey - } - description: 'Logger to Azure Application Insights' - isBuffered: false - loggerType: 'applicationInsights' - resourceId: applicationInsights.id - } -} - -resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) { - name: applicationInsightsName -} - -output apimServiceName string = apimService.name diff --git a/Environments/App-Base-WebApp-AKS/core/host/aks-agent-pool.bicep b/Environments/App-Base-WebApp-AKS/core/host/aks-agent-pool.bicep deleted file mode 100644 index 9c764358..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/aks-agent-pool.bicep +++ /dev/null @@ -1,18 +0,0 @@ -metadata description = 'Adds an agent pool to an Azure Kubernetes Service (AKS) cluster.' -param clusterName string - -@description('The agent pool name') -param name string - -@description('The agent pool configuration') -param config object - -resource aksCluster 'Microsoft.ContainerService/managedClusters@2023-10-02-preview' existing = { - name: clusterName -} - -resource nodePool 'Microsoft.ContainerService/managedClusters/agentPools@2023-10-02-preview' = { - parent: aksCluster - name: name - properties: config -} diff --git a/Environments/App-Base-WebApp-AKS/core/host/aks-managed-cluster.bicep b/Environments/App-Base-WebApp-AKS/core/host/aks-managed-cluster.bicep deleted file mode 100644 index de562a66..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/aks-managed-cluster.bicep +++ /dev/null @@ -1,140 +0,0 @@ -metadata description = 'Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool.' -@description('The name for the AKS managed cluster') -param name string - -@description('The name of the resource group for the managed resources of the AKS cluster') -param nodeResourceGroupName string = '' - -@description('The Azure region/location for the AKS resources') -param location string = resourceGroup().location - -@description('Custom tags to apply to the AKS resources') -param tags object = {} - -@description('Kubernetes Version') -param kubernetesVersion string = '1.27.7' - -@description('Whether RBAC is enabled for local accounts') -param enableRbac bool = true - -// Add-ons -@description('Whether web app routing (preview) add-on is enabled') -param webAppRoutingAddon bool = true - -// AAD Integration -@description('Enable Azure Active Directory integration') -param enableAad bool = false - -@description('Enable RBAC using AAD') -param enableAzureRbac bool = false - -@description('The Tenant ID associated to the Azure Active Directory') -param aadTenantId string = tenant().tenantId - -@description('The load balancer SKU to use for ingress into the AKS cluster') -@allowed([ 'basic', 'standard' ]) -param loadBalancerSku string = 'standard' - -@description('Network plugin used for building the Kubernetes network.') -@allowed([ 'azure', 'kubenet', 'none' ]) -param networkPlugin string = 'azure' - -@description('Network policy used for building the Kubernetes network.') -@allowed([ 'azure', 'calico' ]) -param networkPolicy string = 'azure' - -@description('If set to true, getting static credentials will be disabled for this cluster.') -param disableLocalAccounts bool = false - -@description('The managed cluster SKU.') -@allowed([ 'Free', 'Paid', 'Standard' ]) -param sku string = 'Free' - -@description('Configuration of AKS add-ons') -param addOns object = {} - -@description('The log analytics workspace id used for logging & monitoring') -param workspaceId string = '' - -@description('The node pool configuration for the System agent pool') -param systemPoolConfig object - -@description('The DNS prefix to associate with the AKS cluster') -param dnsPrefix string = '' - -resource aks 'Microsoft.ContainerService/managedClusters@2023-10-02-preview' = { - name: name - location: location - tags: tags - identity: { - type: 'SystemAssigned' - } - sku: { - name: 'Base' - tier: sku - } - properties: { - nodeResourceGroup: !empty(nodeResourceGroupName) ? nodeResourceGroupName : 'rg-mc-${name}' - kubernetesVersion: kubernetesVersion - dnsPrefix: empty(dnsPrefix) ? '${name}-dns' : dnsPrefix - enableRBAC: enableRbac - aadProfile: enableAad ? { - managed: true - enableAzureRBAC: enableAzureRbac - tenantID: aadTenantId - } : null - agentPoolProfiles: [ - systemPoolConfig - ] - networkProfile: { - loadBalancerSku: loadBalancerSku - networkPlugin: networkPlugin - networkPolicy: networkPolicy - } - disableLocalAccounts: disableLocalAccounts && enableAad - addonProfiles: addOns - ingressProfile: { - webAppRouting: { - enabled: webAppRoutingAddon - } - } - } -} - -var aksDiagCategories = [ - 'cluster-autoscaler' - 'kube-controller-manager' - 'kube-audit-admin' - 'guard' -] - -// TODO: Update diagnostics to be its own module -// Blocking issue: https://github.com/Azure/bicep/issues/622 -// Unable to pass in a `resource` scope or unable to use string interpolation in resource types -resource diagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(workspaceId)) { - name: 'aks-diagnostics' - scope: aks - properties: { - workspaceId: workspaceId - logs: [for category in aksDiagCategories: { - category: category - enabled: true - }] - metrics: [ - { - category: 'AllMetrics' - enabled: true - } - ] - } -} - -@description('The resource name of the AKS cluster') -output clusterName string = aks.name - -@description('The AKS cluster identity') -output clusterIdentity object = { - clientId: aks.properties.identityProfile.kubeletidentity.clientId - objectId: aks.properties.identityProfile.kubeletidentity.objectId - resourceId: aks.properties.identityProfile.kubeletidentity.resourceId -} diff --git a/Environments/App-Base-WebApp-AKS/core/host/aks.bicep b/Environments/App-Base-WebApp-AKS/core/host/aks.bicep deleted file mode 100644 index 536a534b..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/aks.bicep +++ /dev/null @@ -1,280 +0,0 @@ -metadata description = 'Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool as well as an additional user agent pool.' -@description('The name for the AKS managed cluster') -param name string - -@description('The name for the Azure container registry (ACR)') -param containerRegistryName string - -@description('The name of the connected log analytics workspace') -param logAnalyticsName string = '' - -@description('The name of the keyvault to grant access') -param keyVaultName string - -@description('The Azure region/location for the AKS resources') -param location string = resourceGroup().location - -@description('Custom tags to apply to the AKS resources') -param tags object = {} - -@description('AKS add-ons configuration') -param addOns object = { - azurePolicy: { - enabled: true - config: { - version: 'v2' - } - } - keyVault: { - enabled: true - config: { - enableSecretRotation: 'true' - rotationPollInterval: '2m' - } - } - openServiceMesh: { - enabled: false - config: {} - } - omsAgent: { - enabled: true - config: {} - } - applicationGateway: { - enabled: false - config: {} - } -} - -@description('The managed cluster SKU.') -@allowed([ 'Free', 'Paid', 'Standard' ]) -param sku string = 'Free' - -@description('The load balancer SKU to use for ingress into the AKS cluster') -@allowed([ 'basic', 'standard' ]) -param loadBalancerSku string = 'standard' - -@description('Network plugin used for building the Kubernetes network.') -@allowed([ 'azure', 'kubenet', 'none' ]) -param networkPlugin string = 'azure' - -@description('Network policy used for building the Kubernetes network.') -@allowed([ 'azure', 'calico' ]) -param networkPolicy string = 'azure' - -@description('The DNS prefix to associate with the AKS cluster') -param dnsPrefix string = '' - -@description('The name of the resource group for the managed resources of the AKS cluster') -param nodeResourceGroupName string = '' - -@allowed([ - 'CostOptimised' - 'Standard' - 'HighSpec' - 'Custom' -]) -@description('The System Pool Preset sizing') -param systemPoolType string = 'CostOptimised' - -@allowed([ - '' - 'CostOptimised' - 'Standard' - 'HighSpec' - 'Custom' -]) -@description('The User Pool Preset sizing') -param agentPoolType string = '' - -// Configure system / user agent pools -@description('Custom configuration of system node pool') -param systemPoolConfig object = {} -@description('Custom configuration of user node pool') -param agentPoolConfig object = {} - -@description('Id of the user or app to assign application roles') -param principalId string = '' - -@description('Kubernetes Version') -param kubernetesVersion string = '1.27.7' - -@description('The Tenant ID associated to the Azure Active Directory') -param aadTenantId string = tenant().tenantId - -@description('Whether RBAC is enabled for local accounts') -param enableRbac bool = true - -@description('If set to true, getting static credentials will be disabled for this cluster.') -param disableLocalAccounts bool = false - -@description('Enable RBAC using AAD') -param enableAzureRbac bool = false - -// Add-ons -@description('Whether web app routing (preview) add-on is enabled') -param webAppRoutingAddon bool = true - -// Configure AKS add-ons -var omsAgentConfig = (!empty(logAnalyticsName) && !empty(addOns.omsAgent) && addOns.omsAgent.enabled) ? union( - addOns.omsAgent, - { - config: { - logAnalyticsWorkspaceResourceID: logAnalytics.id - } - } -) : {} - -var addOnsConfig = union( - (!empty(addOns.azurePolicy) && addOns.azurePolicy.enabled) ? { azurepolicy: addOns.azurePolicy } : {}, - (!empty(addOns.keyVault) && addOns.keyVault.enabled) ? { azureKeyvaultSecretsProvider: addOns.keyVault } : {}, - (!empty(addOns.openServiceMesh) && addOns.openServiceMesh.enabled) ? { openServiceMesh: addOns.openServiceMesh } : {}, - (!empty(addOns.omsAgent) && addOns.omsAgent.enabled) ? { omsagent: omsAgentConfig } : {}, - (!empty(addOns.applicationGateway) && addOns.applicationGateway.enabled) ? { ingressApplicationGateway: addOns.applicationGateway } : {} -) - -// Link to existing log analytics workspace when available -resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' existing = if (!empty(logAnalyticsName)) { - name: logAnalyticsName -} - -var systemPoolSpec = !empty(systemPoolConfig) ? systemPoolConfig : nodePoolPresets[systemPoolType] - -// Create the primary AKS cluster resources and system node pool -module managedCluster 'aks-managed-cluster.bicep' = { - name: 'managed-cluster' - params: { - name: name - location: location - tags: tags - systemPoolConfig: union( - { name: 'npsystem', mode: 'System' }, - nodePoolBase, - systemPoolSpec - ) - nodeResourceGroupName: nodeResourceGroupName - sku: sku - dnsPrefix: dnsPrefix - kubernetesVersion: kubernetesVersion - addOns: addOnsConfig - workspaceId: !empty(logAnalyticsName) ? logAnalytics.id : '' - enableAad: enableAzureRbac && aadTenantId != '' - disableLocalAccounts: disableLocalAccounts - aadTenantId: aadTenantId - enableRbac: enableRbac - enableAzureRbac: enableAzureRbac - webAppRoutingAddon: webAppRoutingAddon - loadBalancerSku: loadBalancerSku - networkPlugin: networkPlugin - networkPolicy: networkPolicy - } -} - -var hasAgentPool = !empty(agentPoolConfig) || !empty(agentPoolType) -var agentPoolSpec = hasAgentPool && !empty(agentPoolConfig) ? agentPoolConfig : empty(agentPoolType) ? {} : nodePoolPresets[agentPoolType] - -// Create additional user agent pool when specified -module agentPool 'aks-agent-pool.bicep' = if (hasAgentPool) { - name: 'aks-node-pool' - params: { - clusterName: managedCluster.outputs.clusterName - name: 'npuserpool' - config: union({ name: 'npuser', mode: 'User' }, nodePoolBase, agentPoolSpec) - } -} - -// Creates container registry (ACR) -module containerRegistry 'container-registry.bicep' = { - name: 'container-registry' - params: { - name: containerRegistryName - location: location - tags: tags - workspaceId: !empty(logAnalyticsName) ? logAnalytics.id : '' - } -} - -// Grant ACR Pull access from cluster managed identity to container registry -module containerRegistryAccess '../security/registry-access.bicep' = { - name: 'cluster-container-registry-access' - params: { - containerRegistryName: containerRegistry.outputs.name - principalId: managedCluster.outputs.clusterIdentity.objectId - } -} - -// Give AKS cluster access to the specified principal -module clusterAccess '../security/aks-managed-cluster-access.bicep' = if (enableAzureRbac || disableLocalAccounts) { - name: 'cluster-access' - params: { - clusterName: managedCluster.outputs.clusterName - principalId: principalId - } -} - -// Give the AKS Cluster access to KeyVault -module clusterKeyVaultAccess '../security/keyvault-access.bicep' = { - name: 'cluster-keyvault-access' - params: { - keyVaultName: keyVaultName - principalId: managedCluster.outputs.clusterIdentity.objectId - } -} - -// Helpers for node pool configuration -var nodePoolBase = { - osType: 'Linux' - maxPods: 30 - type: 'VirtualMachineScaleSets' - upgradeSettings: { - maxSurge: '33%' - } -} - -var nodePoolPresets = { - CostOptimised: { - vmSize: 'Standard_B4ms' - count: 1 - minCount: 1 - maxCount: 3 - enableAutoScaling: true - availabilityZones: [] - } - Standard: { - vmSize: 'Standard_DS2_v2' - count: 3 - minCount: 3 - maxCount: 5 - enableAutoScaling: true - availabilityZones: [ - '1' - '2' - '3' - ] - } - HighSpec: { - vmSize: 'Standard_D4s_v3' - count: 3 - minCount: 3 - maxCount: 5 - enableAutoScaling: true - availabilityZones: [ - '1' - '2' - '3' - ] - } -} - -// Module outputs -@description('The resource name of the AKS cluster') -output clusterName string = managedCluster.outputs.clusterName - -@description('The AKS cluster identity') -output clusterIdentity object = managedCluster.outputs.clusterIdentity - -@description('The resource name of the ACR') -output containerRegistryName string = containerRegistry.outputs.name - -@description('The login server for the container registry') -output containerRegistryLoginServer string = containerRegistry.outputs.loginServer diff --git a/Environments/App-Base-WebApp-AKS/core/host/appservice-appsettings.bicep b/Environments/App-Base-WebApp-AKS/core/host/appservice-appsettings.bicep deleted file mode 100644 index f4b22f81..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/appservice-appsettings.bicep +++ /dev/null @@ -1,17 +0,0 @@ -metadata description = 'Updates app settings for an Azure App Service.' -@description('The name of the app service resource within the current resource group scope') -param name string - -@description('The app settings to be applied to the app service') -@secure() -param appSettings object - -resource appService 'Microsoft.Web/sites@2022-03-01' existing = { - name: name -} - -resource settings 'Microsoft.Web/sites/config@2022-03-01' = { - name: 'appsettings' - parent: appService - properties: appSettings -} diff --git a/Environments/App-Base-WebApp-AKS/core/host/appservice.bicep b/Environments/App-Base-WebApp-AKS/core/host/appservice.bicep deleted file mode 100644 index bef4d2ba..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/appservice.bicep +++ /dev/null @@ -1,123 +0,0 @@ -metadata description = 'Creates an Azure App Service in an existing Azure App Service plan.' -param name string -param location string = resourceGroup().location -param tags object = {} - -// Reference Properties -param applicationInsightsName string = '' -param appServicePlanId string -param keyVaultName string = '' -param managedIdentity bool = !empty(keyVaultName) - -// Runtime Properties -@allowed([ - 'dotnet', 'dotnetcore', 'dotnet-isolated', 'node', 'python', 'java', 'powershell', 'custom' -]) -param runtimeName string -param runtimeNameAndVersion string = '${runtimeName}|${runtimeVersion}' -param runtimeVersion string - -// Microsoft.Web/sites Properties -param kind string = 'app,linux' - -// Microsoft.Web/sites/config -param allowedOrigins array = [] -param alwaysOn bool = true -param appCommandLine string = '' -@secure() -param appSettings object = {} -param clientAffinityEnabled bool = false -param enableOryxBuild bool = contains(kind, 'linux') -param functionAppScaleLimit int = -1 -param linuxFxVersion string = runtimeNameAndVersion -param minimumElasticInstanceCount int = -1 -param numberOfWorkers int = -1 -param scmDoBuildDuringDeployment bool = false -param use32BitWorkerProcess bool = false -param ftpsState string = 'FtpsOnly' -param healthCheckPath string = '' - -resource appService 'Microsoft.Web/sites@2022-03-01' = { - name: name - location: location - tags: tags - kind: kind - properties: { - serverFarmId: appServicePlanId - siteConfig: { - linuxFxVersion: linuxFxVersion - alwaysOn: alwaysOn - ftpsState: ftpsState - minTlsVersion: '1.2' - appCommandLine: appCommandLine - numberOfWorkers: numberOfWorkers != -1 ? numberOfWorkers : null - minimumElasticInstanceCount: minimumElasticInstanceCount != -1 ? minimumElasticInstanceCount : null - use32BitWorkerProcess: use32BitWorkerProcess - functionAppScaleLimit: functionAppScaleLimit != -1 ? functionAppScaleLimit : null - healthCheckPath: healthCheckPath - cors: { - allowedOrigins: union([ 'https://portal.azure.com', 'https://ms.portal.azure.com' ], allowedOrigins) - } - } - clientAffinityEnabled: clientAffinityEnabled - httpsOnly: true - } - - identity: { type: managedIdentity ? 'SystemAssigned' : 'None' } - - resource basicPublishingCredentialsPoliciesFtp 'basicPublishingCredentialsPolicies' = { - name: 'ftp' - properties: { - allow: false - } - } - - resource basicPublishingCredentialsPoliciesScm 'basicPublishingCredentialsPolicies' = { - name: 'scm' - properties: { - allow: false - } - } -} - -// Updates to the single Microsoft.sites/web/config resources that need to be performed sequentially -// sites/web/config 'appsettings' -module configAppSettings 'appservice-appsettings.bicep' = { - name: '${name}-appSettings' - params: { - name: appService.name - appSettings: union(appSettings, - { - SCM_DO_BUILD_DURING_DEPLOYMENT: string(scmDoBuildDuringDeployment) - ENABLE_ORYX_BUILD: string(enableOryxBuild) - }, - runtimeName == 'python' && appCommandLine == '' ? { PYTHON_ENABLE_GUNICORN_MULTIWORKERS: 'true'} : {}, - !empty(applicationInsightsName) ? { APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString } : {}, - !empty(keyVaultName) ? { AZURE_KEY_VAULT_ENDPOINT: keyVault.properties.vaultUri } : {}) - } -} - -// sites/web/config 'logs' -resource configLogs 'Microsoft.Web/sites/config@2022-03-01' = { - name: 'logs' - parent: appService - properties: { - applicationLogs: { fileSystem: { level: 'Verbose' } } - detailedErrorMessages: { enabled: true } - failedRequestsTracing: { enabled: true } - httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } } - } - dependsOn: [configAppSettings] -} - -resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = if (!(empty(keyVaultName))) { - name: keyVaultName -} - -resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) { - name: applicationInsightsName -} - -output identityPrincipalId string = managedIdentity ? appService.identity.principalId : '' -output name string = appService.name -output uri string = 'https://${appService.properties.defaultHostName}' diff --git a/Environments/App-Base-WebApp-AKS/core/host/appserviceplan.bicep b/Environments/App-Base-WebApp-AKS/core/host/appserviceplan.bicep deleted file mode 100644 index 2e37e041..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/appserviceplan.bicep +++ /dev/null @@ -1,22 +0,0 @@ -metadata description = 'Creates an Azure App Service plan.' -param name string -param location string = resourceGroup().location -param tags object = {} - -param kind string = '' -param reserved bool = true -param sku object - -resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = { - name: name - location: location - tags: tags - sku: sku - kind: kind - properties: { - reserved: reserved - } -} - -output id string = appServicePlan.id -output name string = appServicePlan.name diff --git a/Environments/App-Base-WebApp-AKS/core/host/container-app-upsert.bicep b/Environments/App-Base-WebApp-AKS/core/host/container-app-upsert.bicep deleted file mode 100644 index 3eec62f2..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/container-app-upsert.bicep +++ /dev/null @@ -1,105 +0,0 @@ -metadata description = 'Creates or updates an existing Azure Container App.' -param name string -param location string = resourceGroup().location -param tags object = {} - -@description('The environment name for the container apps') -param containerAppsEnvironmentName string - -@description('The number of CPU cores allocated to a single container instance, e.g., 0.5') -param containerCpuCoreCount string = '0.5' - -@description('The maximum number of replicas to run. Must be at least 1.') -@minValue(1) -param containerMaxReplicas int = 10 - -@description('The amount of memory allocated to a single container instance, e.g., 1Gi') -param containerMemory string = '1.0Gi' - -@description('The minimum number of replicas to run. Must be at least 1.') -@minValue(1) -param containerMinReplicas int = 1 - -@description('The name of the container') -param containerName string = 'main' - -@description('The name of the container registry') -param containerRegistryName string = '' - -@allowed([ 'http', 'grpc' ]) -@description('The protocol used by Dapr to connect to the app, e.g., HTTP or gRPC') -param daprAppProtocol string = 'http' - -@description('Enable or disable Dapr for the container app') -param daprEnabled bool = false - -@description('The Dapr app ID') -param daprAppId string = containerName - -@description('Specifies if the resource already exists') -param exists bool = false - -@description('Specifies if Ingress is enabled for the container app') -param ingressEnabled bool = true - -@description('The type of identity for the resource') -@allowed([ 'None', 'SystemAssigned', 'UserAssigned' ]) -param identityType string = 'None' - -@description('The name of the user-assigned identity') -param identityName string = '' - -@description('The name of the container image') -param imageName string = '' - -@description('The secrets required for the container') -param secrets array = [] - -@description('The environment variables for the container') -param env array = [] - -@description('Specifies if the resource ingress is exposed externally') -param external bool = true - -@description('The service binds associated with the container') -param serviceBinds array = [] - -@description('The target port for the container') -param targetPort int = 80 - -resource existingApp 'Microsoft.App/containerApps@2023-04-01-preview' existing = if (exists) { - name: name -} - -module app 'container-app.bicep' = { - name: '${deployment().name}-update' - params: { - name: name - location: location - tags: tags - identityType: identityType - identityName: identityName - ingressEnabled: ingressEnabled - containerName: containerName - containerAppsEnvironmentName: containerAppsEnvironmentName - containerRegistryName: containerRegistryName - containerCpuCoreCount: containerCpuCoreCount - containerMemory: containerMemory - containerMinReplicas: containerMinReplicas - containerMaxReplicas: containerMaxReplicas - daprEnabled: daprEnabled - daprAppId: daprAppId - daprAppProtocol: daprAppProtocol - secrets: secrets - external: external - env: env - imageName: !empty(imageName) ? imageName : exists ? existingApp.properties.template.containers[0].image : '' - targetPort: targetPort - serviceBinds: serviceBinds - } -} - -output defaultDomain string = app.outputs.defaultDomain -output imageName string = app.outputs.imageName -output name string = app.outputs.name -output uri string = app.outputs.uri diff --git a/Environments/App-Base-WebApp-AKS/core/host/container-app.bicep b/Environments/App-Base-WebApp-AKS/core/host/container-app.bicep deleted file mode 100644 index 3724086d..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/container-app.bicep +++ /dev/null @@ -1,162 +0,0 @@ -metadata description = 'Creates a container app in an Azure Container App environment.' -param name string -param location string = resourceGroup().location -param tags object = {} - -@description('Allowed origins') -param allowedOrigins array = [] - -@description('Name of the environment for container apps') -param containerAppsEnvironmentName string - -@description('CPU cores allocated to a single container instance, e.g., 0.5') -param containerCpuCoreCount string = '0.5' - -@description('The maximum number of replicas to run. Must be at least 1.') -@minValue(1) -param containerMaxReplicas int = 10 - -@description('Memory allocated to a single container instance, e.g., 1Gi') -param containerMemory string = '1.0Gi' - -@description('The minimum number of replicas to run. Must be at least 1.') -param containerMinReplicas int = 1 - -@description('The name of the container') -param containerName string = 'main' - -@description('The name of the container registry') -param containerRegistryName string = '' - -@description('The protocol used by Dapr to connect to the app, e.g., http or grpc') -@allowed([ 'http', 'grpc' ]) -param daprAppProtocol string = 'http' - -@description('The Dapr app ID') -param daprAppId string = containerName - -@description('Enable Dapr') -param daprEnabled bool = false - -@description('The environment variables for the container') -param env array = [] - -@description('Specifies if the resource ingress is exposed externally') -param external bool = true - -@description('The name of the user-assigned identity') -param identityName string = '' - -@description('The type of identity for the resource') -@allowed([ 'None', 'SystemAssigned', 'UserAssigned' ]) -param identityType string = 'None' - -@description('The name of the container image') -param imageName string = '' - -@description('Specifies if Ingress is enabled for the container app') -param ingressEnabled bool = true - -param revisionMode string = 'Single' - -@description('The secrets required for the container') -param secrets array = [] - -@description('The service binds associated with the container') -param serviceBinds array = [] - -@description('The name of the container apps add-on to use. e.g. redis') -param serviceType string = '' - -@description('The target port for the container') -param targetPort int = 80 - -resource userIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(identityName)) { - name: identityName -} - -// Private registry support requires both an ACR name and a User Assigned managed identity -var usePrivateRegistry = !empty(identityName) && !empty(containerRegistryName) - -// Automatically set to `UserAssigned` when an `identityName` has been set -var normalizedIdentityType = !empty(identityName) ? 'UserAssigned' : identityType - -module containerRegistryAccess '../security/registry-access.bicep' = if (usePrivateRegistry) { - name: '${deployment().name}-registry-access' - params: { - containerRegistryName: containerRegistryName - principalId: usePrivateRegistry ? userIdentity.properties.principalId : '' - } -} - -resource app 'Microsoft.App/containerApps@2023-04-01-preview' = { - name: name - location: location - tags: tags - // It is critical that the identity is granted ACR pull access before the app is created - // otherwise the container app will throw a provision error - // This also forces us to use an user assigned managed identity since there would no way to - // provide the system assigned identity with the ACR pull access before the app is created - dependsOn: usePrivateRegistry ? [ containerRegistryAccess ] : [] - identity: { - type: normalizedIdentityType - userAssignedIdentities: !empty(identityName) && normalizedIdentityType == 'UserAssigned' ? { '${userIdentity.id}': {} } : null - } - properties: { - managedEnvironmentId: containerAppsEnvironment.id - configuration: { - activeRevisionsMode: revisionMode - ingress: ingressEnabled ? { - external: external - targetPort: targetPort - transport: 'auto' - corsPolicy: { - allowedOrigins: union([ 'https://portal.azure.com', 'https://ms.portal.azure.com' ], allowedOrigins) - } - } : null - dapr: daprEnabled ? { - enabled: true - appId: daprAppId - appProtocol: daprAppProtocol - appPort: ingressEnabled ? targetPort : 0 - } : { enabled: false } - secrets: secrets - service: !empty(serviceType) ? { type: serviceType } : null - registries: usePrivateRegistry ? [ - { - server: '${containerRegistryName}.azurecr.io' - identity: userIdentity.id - } - ] : [] - } - template: { - serviceBinds: !empty(serviceBinds) ? serviceBinds : null - containers: [ - { - image: !empty(imageName) ? imageName : 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest' - name: containerName - env: env - resources: { - cpu: json(containerCpuCoreCount) - memory: containerMemory - } - } - ] - scale: { - minReplicas: containerMinReplicas - maxReplicas: containerMaxReplicas - } - } - } -} - -resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-04-01-preview' existing = { - name: containerAppsEnvironmentName -} - -output defaultDomain string = containerAppsEnvironment.properties.defaultDomain -output identityPrincipalId string = normalizedIdentityType == 'None' ? '' : (empty(identityName) ? app.identity.principalId : userIdentity.properties.principalId) -output imageName string = imageName -output name string = app.name -output serviceBind object = !empty(serviceType) ? { serviceId: app.id, name: name } : {} -output uri string = ingressEnabled ? 'https://${app.properties.configuration.ingress.fqdn}' : '' diff --git a/Environments/App-Base-WebApp-AKS/core/host/container-apps-environment.bicep b/Environments/App-Base-WebApp-AKS/core/host/container-apps-environment.bicep deleted file mode 100644 index 8633ba48..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/container-apps-environment.bicep +++ /dev/null @@ -1,41 +0,0 @@ -metadata description = 'Creates an Azure Container Apps environment.' -param name string -param location string = resourceGroup().location -param tags object = {} - -@description('Name of the Application Insights resource') -param applicationInsightsName string = '' - -@description('Specifies if Dapr is enabled') -param daprEnabled bool = false - -@description('Name of the Log Analytics workspace') -param logAnalyticsWorkspaceName string - -resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-04-01-preview' = { - name: name - location: location - tags: tags - properties: { - appLogsConfiguration: { - destination: 'log-analytics' - logAnalyticsConfiguration: { - customerId: logAnalyticsWorkspace.properties.customerId - sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey - } - } - daprAIInstrumentationKey: daprEnabled && !empty(applicationInsightsName) ? applicationInsights.properties.InstrumentationKey : '' - } -} - -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = { - name: logAnalyticsWorkspaceName -} - -resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (daprEnabled && !empty(applicationInsightsName)) { - name: applicationInsightsName -} - -output defaultDomain string = containerAppsEnvironment.properties.defaultDomain -output id string = containerAppsEnvironment.id -output name string = containerAppsEnvironment.name diff --git a/Environments/App-Base-WebApp-AKS/core/host/container-apps.bicep b/Environments/App-Base-WebApp-AKS/core/host/container-apps.bicep deleted file mode 100644 index 1c656e28..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/container-apps.bicep +++ /dev/null @@ -1,40 +0,0 @@ -metadata description = 'Creates an Azure Container Registry and an Azure Container Apps environment.' -param name string -param location string = resourceGroup().location -param tags object = {} - -param containerAppsEnvironmentName string -param containerRegistryName string -param containerRegistryResourceGroupName string = '' -param containerRegistryAdminUserEnabled bool = false -param logAnalyticsWorkspaceName string -param applicationInsightsName string = '' - -module containerAppsEnvironment 'container-apps-environment.bicep' = { - name: '${name}-container-apps-environment' - params: { - name: containerAppsEnvironmentName - location: location - tags: tags - logAnalyticsWorkspaceName: logAnalyticsWorkspaceName - applicationInsightsName: applicationInsightsName - } -} - -module containerRegistry 'container-registry.bicep' = { - name: '${name}-container-registry' - scope: !empty(containerRegistryResourceGroupName) ? resourceGroup(containerRegistryResourceGroupName) : resourceGroup() - params: { - name: containerRegistryName - location: location - adminUserEnabled: containerRegistryAdminUserEnabled - tags: tags - } -} - -output defaultDomain string = containerAppsEnvironment.outputs.defaultDomain -output environmentName string = containerAppsEnvironment.outputs.name -output environmentId string = containerAppsEnvironment.outputs.id - -output registryLoginServer string = containerRegistry.outputs.loginServer -output registryName string = containerRegistry.outputs.name diff --git a/Environments/App-Base-WebApp-AKS/core/host/container-registry.bicep b/Environments/App-Base-WebApp-AKS/core/host/container-registry.bicep deleted file mode 100644 index 9c64531b..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/container-registry.bicep +++ /dev/null @@ -1,83 +0,0 @@ -metadata description = 'Creates an Azure Container Registry.' -param name string -param location string = resourceGroup().location -param tags object = {} - -@description('Indicates whether admin user is enabled') -param adminUserEnabled bool = false - -@description('Indicates whether anonymous pull is enabled') -param anonymousPullEnabled bool = false - -@description('Indicates whether data endpoint is enabled') -param dataEndpointEnabled bool = false - -@description('Encryption settings') -param encryption object = { - status: 'disabled' -} - -@description('Options for bypassing network rules') -param networkRuleBypassOptions string = 'AzureServices' - -@description('Public network access setting') -param publicNetworkAccess string = 'Enabled' - -@description('SKU settings') -param sku object = { - name: 'Basic' -} - -@description('Zone redundancy setting') -param zoneRedundancy string = 'Disabled' - -@description('The log analytics workspace ID used for logging and monitoring') -param workspaceId string = '' - -// 2022-02-01-preview needed for anonymousPullEnabled -resource containerRegistry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' = { - name: name - location: location - tags: tags - sku: sku - properties: { - adminUserEnabled: adminUserEnabled - anonymousPullEnabled: anonymousPullEnabled - dataEndpointEnabled: dataEndpointEnabled - encryption: encryption - networkRuleBypassOptions: networkRuleBypassOptions - publicNetworkAccess: publicNetworkAccess - zoneRedundancy: zoneRedundancy - } -} - -// TODO: Update diagnostics to be its own module -// Blocking issue: https://github.com/Azure/bicep/issues/622 -// Unable to pass in a `resource` scope or unable to use string interpolation in resource types -resource diagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(workspaceId)) { - name: 'registry-diagnostics' - scope: containerRegistry - properties: { - workspaceId: workspaceId - logs: [ - { - category: 'ContainerRegistryRepositoryEvents' - enabled: true - } - { - category: 'ContainerRegistryLoginEvents' - enabled: true - } - ] - metrics: [ - { - category: 'AllMetrics' - enabled: true - timeGrain: 'PT1M' - } - ] - } -} - -output loginServer string = containerRegistry.properties.loginServer -output name string = containerRegistry.name diff --git a/Environments/App-Base-WebApp-AKS/core/host/functions.bicep b/Environments/App-Base-WebApp-AKS/core/host/functions.bicep deleted file mode 100644 index 7070a2c6..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/functions.bicep +++ /dev/null @@ -1,86 +0,0 @@ -metadata description = 'Creates an Azure Function in an existing Azure App Service plan.' -param name string -param location string = resourceGroup().location -param tags object = {} - -// Reference Properties -param applicationInsightsName string = '' -param appServicePlanId string -param keyVaultName string = '' -param managedIdentity bool = !empty(keyVaultName) -param storageAccountName string - -// Runtime Properties -@allowed([ - 'dotnet', 'dotnetcore', 'dotnet-isolated', 'node', 'python', 'java', 'powershell', 'custom' -]) -param runtimeName string -param runtimeNameAndVersion string = '${runtimeName}|${runtimeVersion}' -param runtimeVersion string - -// Function Settings -@allowed([ - '~4', '~3', '~2', '~1' -]) -param extensionVersion string = '~4' - -// Microsoft.Web/sites Properties -param kind string = 'functionapp,linux' - -// Microsoft.Web/sites/config -param allowedOrigins array = [] -param alwaysOn bool = true -param appCommandLine string = '' -@secure() -param appSettings object = {} -param clientAffinityEnabled bool = false -param enableOryxBuild bool = contains(kind, 'linux') -param functionAppScaleLimit int = -1 -param linuxFxVersion string = runtimeNameAndVersion -param minimumElasticInstanceCount int = -1 -param numberOfWorkers int = -1 -param scmDoBuildDuringDeployment bool = true -param use32BitWorkerProcess bool = false -param healthCheckPath string = '' - -module functions 'appservice.bicep' = { - name: '${name}-functions' - params: { - name: name - location: location - tags: tags - allowedOrigins: allowedOrigins - alwaysOn: alwaysOn - appCommandLine: appCommandLine - applicationInsightsName: applicationInsightsName - appServicePlanId: appServicePlanId - appSettings: union(appSettings, { - AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storage.name};AccountKey=${storage.listKeys().keys[0].value};EndpointSuffix=${environment().suffixes.storage}' - FUNCTIONS_EXTENSION_VERSION: extensionVersion - FUNCTIONS_WORKER_RUNTIME: runtimeName - }) - clientAffinityEnabled: clientAffinityEnabled - enableOryxBuild: enableOryxBuild - functionAppScaleLimit: functionAppScaleLimit - healthCheckPath: healthCheckPath - keyVaultName: keyVaultName - kind: kind - linuxFxVersion: linuxFxVersion - managedIdentity: managedIdentity - minimumElasticInstanceCount: minimumElasticInstanceCount - numberOfWorkers: numberOfWorkers - runtimeName: runtimeName - runtimeVersion: runtimeVersion - runtimeNameAndVersion: runtimeNameAndVersion - scmDoBuildDuringDeployment: scmDoBuildDuringDeployment - use32BitWorkerProcess: use32BitWorkerProcess - } -} - -resource storage 'Microsoft.Storage/storageAccounts@2021-09-01' existing = { - name: storageAccountName -} - -output identityPrincipalId string = managedIdentity ? functions.outputs.identityPrincipalId : '' -output name string = functions.outputs.name -output uri string = functions.outputs.uri diff --git a/Environments/App-Base-WebApp-AKS/core/host/staticwebapp.bicep b/Environments/App-Base-WebApp-AKS/core/host/staticwebapp.bicep deleted file mode 100644 index cedaf906..00000000 --- a/Environments/App-Base-WebApp-AKS/core/host/staticwebapp.bicep +++ /dev/null @@ -1,22 +0,0 @@ -metadata description = 'Creates an Azure Static Web Apps instance.' -param name string -param location string = resourceGroup().location -param tags object = {} - -param sku object = { - name: 'Free' - tier: 'Free' -} - -resource web 'Microsoft.Web/staticSites@2022-03-01' = { - name: name - location: location - tags: tags - sku: sku - properties: { - provider: 'Custom' - } -} - -output name string = web.name -output uri string = 'https://${web.properties.defaultHostname}' diff --git a/Environments/App-Base-WebApp-AKS/core/monitor/applicationinsights-dashboard.bicep b/Environments/App-Base-WebApp-AKS/core/monitor/applicationinsights-dashboard.bicep deleted file mode 100644 index d082e668..00000000 --- a/Environments/App-Base-WebApp-AKS/core/monitor/applicationinsights-dashboard.bicep +++ /dev/null @@ -1,1236 +0,0 @@ -metadata description = 'Creates a dashboard for an Application Insights instance.' -param name string -param applicationInsightsName string -param location string = resourceGroup().location -param tags object = {} - -// 2020-09-01-preview because that is the latest valid version -resource applicationInsightsDashboard 'Microsoft.Portal/dashboards@2020-09-01-preview' = { - name: name - location: location - tags: tags - properties: { - lenses: [ - { - order: 0 - parts: [ - { - position: { - x: 0 - y: 0 - colSpan: 2 - rowSpan: 1 - } - metadata: { - inputs: [ - { - name: 'id' - value: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - { - name: 'Version' - value: '1.0' - } - ] - #disable-next-line BCP036 - type: 'Extension/AppInsightsExtension/PartType/AspNetOverviewPinnedPart' - asset: { - idInputName: 'id' - type: 'ApplicationInsights' - } - defaultMenuItemId: 'overview' - } - } - { - position: { - x: 2 - y: 0 - colSpan: 1 - rowSpan: 1 - } - metadata: { - inputs: [ - { - name: 'ComponentId' - value: { - Name: applicationInsights.name - SubscriptionId: subscription().subscriptionId - ResourceGroup: resourceGroup().name - } - } - { - name: 'Version' - value: '1.0' - } - ] - #disable-next-line BCP036 - type: 'Extension/AppInsightsExtension/PartType/ProactiveDetectionAsyncPart' - asset: { - idInputName: 'ComponentId' - type: 'ApplicationInsights' - } - defaultMenuItemId: 'ProactiveDetection' - } - } - { - position: { - x: 3 - y: 0 - colSpan: 1 - rowSpan: 1 - } - metadata: { - inputs: [ - { - name: 'ComponentId' - value: { - Name: applicationInsights.name - SubscriptionId: subscription().subscriptionId - ResourceGroup: resourceGroup().name - } - } - { - name: 'ResourceId' - value: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - ] - #disable-next-line BCP036 - type: 'Extension/AppInsightsExtension/PartType/QuickPulseButtonSmallPart' - asset: { - idInputName: 'ComponentId' - type: 'ApplicationInsights' - } - } - } - { - position: { - x: 4 - y: 0 - colSpan: 1 - rowSpan: 1 - } - metadata: { - inputs: [ - { - name: 'ComponentId' - value: { - Name: applicationInsights.name - SubscriptionId: subscription().subscriptionId - ResourceGroup: resourceGroup().name - } - } - { - name: 'TimeContext' - value: { - durationMs: 86400000 - endTime: null - createdTime: '2018-05-04T01:20:33.345Z' - isInitialTime: true - grain: 1 - useDashboardTimeRange: false - } - } - { - name: 'Version' - value: '1.0' - } - ] - #disable-next-line BCP036 - type: 'Extension/AppInsightsExtension/PartType/AvailabilityNavButtonPart' - asset: { - idInputName: 'ComponentId' - type: 'ApplicationInsights' - } - } - } - { - position: { - x: 5 - y: 0 - colSpan: 1 - rowSpan: 1 - } - metadata: { - inputs: [ - { - name: 'ComponentId' - value: { - Name: applicationInsights.name - SubscriptionId: subscription().subscriptionId - ResourceGroup: resourceGroup().name - } - } - { - name: 'TimeContext' - value: { - durationMs: 86400000 - endTime: null - createdTime: '2018-05-08T18:47:35.237Z' - isInitialTime: true - grain: 1 - useDashboardTimeRange: false - } - } - { - name: 'ConfigurationId' - value: '78ce933e-e864-4b05-a27b-71fd55a6afad' - } - ] - #disable-next-line BCP036 - type: 'Extension/AppInsightsExtension/PartType/AppMapButtonPart' - asset: { - idInputName: 'ComponentId' - type: 'ApplicationInsights' - } - } - } - { - position: { - x: 0 - y: 1 - colSpan: 3 - rowSpan: 1 - } - metadata: { - inputs: [] - type: 'Extension/HubsExtension/PartType/MarkdownPart' - settings: { - content: { - settings: { - content: '# Usage' - title: '' - subtitle: '' - } - } - } - } - } - { - position: { - x: 3 - y: 1 - colSpan: 1 - rowSpan: 1 - } - metadata: { - inputs: [ - { - name: 'ComponentId' - value: { - Name: applicationInsights.name - SubscriptionId: subscription().subscriptionId - ResourceGroup: resourceGroup().name - } - } - { - name: 'TimeContext' - value: { - durationMs: 86400000 - endTime: null - createdTime: '2018-05-04T01:22:35.782Z' - isInitialTime: true - grain: 1 - useDashboardTimeRange: false - } - } - ] - #disable-next-line BCP036 - type: 'Extension/AppInsightsExtension/PartType/UsageUsersOverviewPart' - asset: { - idInputName: 'ComponentId' - type: 'ApplicationInsights' - } - } - } - { - position: { - x: 4 - y: 1 - colSpan: 3 - rowSpan: 1 - } - metadata: { - inputs: [] - type: 'Extension/HubsExtension/PartType/MarkdownPart' - settings: { - content: { - settings: { - content: '# Reliability' - title: '' - subtitle: '' - } - } - } - } - } - { - position: { - x: 7 - y: 1 - colSpan: 1 - rowSpan: 1 - } - metadata: { - inputs: [ - { - name: 'ResourceId' - value: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - { - name: 'DataModel' - value: { - version: '1.0.0' - timeContext: { - durationMs: 86400000 - createdTime: '2018-05-04T23:42:40.072Z' - isInitialTime: false - grain: 1 - useDashboardTimeRange: false - } - } - isOptional: true - } - { - name: 'ConfigurationId' - value: '8a02f7bf-ac0f-40e1-afe9-f0e72cfee77f' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/AppInsightsExtension/PartType/CuratedBladeFailuresPinnedPart' - isAdapter: true - asset: { - idInputName: 'ResourceId' - type: 'ApplicationInsights' - } - defaultMenuItemId: 'failures' - } - } - { - position: { - x: 8 - y: 1 - colSpan: 3 - rowSpan: 1 - } - metadata: { - inputs: [] - type: 'Extension/HubsExtension/PartType/MarkdownPart' - settings: { - content: { - settings: { - content: '# Responsiveness\r\n' - title: '' - subtitle: '' - } - } - } - } - } - { - position: { - x: 11 - y: 1 - colSpan: 1 - rowSpan: 1 - } - metadata: { - inputs: [ - { - name: 'ResourceId' - value: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - { - name: 'DataModel' - value: { - version: '1.0.0' - timeContext: { - durationMs: 86400000 - createdTime: '2018-05-04T23:43:37.804Z' - isInitialTime: false - grain: 1 - useDashboardTimeRange: false - } - } - isOptional: true - } - { - name: 'ConfigurationId' - value: '2a8ede4f-2bee-4b9c-aed9-2db0e8a01865' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/AppInsightsExtension/PartType/CuratedBladePerformancePinnedPart' - isAdapter: true - asset: { - idInputName: 'ResourceId' - type: 'ApplicationInsights' - } - defaultMenuItemId: 'performance' - } - } - { - position: { - x: 12 - y: 1 - colSpan: 3 - rowSpan: 1 - } - metadata: { - inputs: [] - type: 'Extension/HubsExtension/PartType/MarkdownPart' - settings: { - content: { - settings: { - content: '# Browser' - title: '' - subtitle: '' - } - } - } - } - } - { - position: { - x: 15 - y: 1 - colSpan: 1 - rowSpan: 1 - } - metadata: { - inputs: [ - { - name: 'ComponentId' - value: { - Name: applicationInsights.name - SubscriptionId: subscription().subscriptionId - ResourceGroup: resourceGroup().name - } - } - { - name: 'MetricsExplorerJsonDefinitionId' - value: 'BrowserPerformanceTimelineMetrics' - } - { - name: 'TimeContext' - value: { - durationMs: 86400000 - createdTime: '2018-05-08T12:16:27.534Z' - isInitialTime: false - grain: 1 - useDashboardTimeRange: false - } - } - { - name: 'CurrentFilter' - value: { - eventTypes: [ - 4 - 1 - 3 - 5 - 2 - 6 - 13 - ] - typeFacets: {} - isPermissive: false - } - } - { - name: 'id' - value: { - Name: applicationInsights.name - SubscriptionId: subscription().subscriptionId - ResourceGroup: resourceGroup().name - } - } - { - name: 'Version' - value: '1.0' - } - ] - #disable-next-line BCP036 - type: 'Extension/AppInsightsExtension/PartType/MetricsExplorerBladePinnedPart' - asset: { - idInputName: 'ComponentId' - type: 'ApplicationInsights' - } - defaultMenuItemId: 'browser' - } - } - { - position: { - x: 0 - y: 2 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'sessions/count' - aggregationType: 5 - namespace: 'microsoft.insights/components/kusto' - metricVisualization: { - displayName: 'Sessions' - color: '#47BDF5' - } - } - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'users/count' - aggregationType: 5 - namespace: 'microsoft.insights/components/kusto' - metricVisualization: { - displayName: 'Users' - color: '#7E58FF' - } - } - ] - title: 'Unique sessions and users' - visualization: { - chartType: 2 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - openBladeOnClick: { - openBlade: true - destinationBlade: { - extensionName: 'HubsExtension' - bladeName: 'ResourceMenuBlade' - parameters: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - menuid: 'segmentationUsers' - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - { - position: { - x: 4 - y: 2 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'requests/failed' - aggregationType: 7 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Failed requests' - color: '#EC008C' - } - } - ] - title: 'Failed requests' - visualization: { - chartType: 3 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - openBladeOnClick: { - openBlade: true - destinationBlade: { - extensionName: 'HubsExtension' - bladeName: 'ResourceMenuBlade' - parameters: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - menuid: 'failures' - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - { - position: { - x: 8 - y: 2 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'requests/duration' - aggregationType: 4 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Server response time' - color: '#00BCF2' - } - } - ] - title: 'Server response time' - visualization: { - chartType: 2 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - openBladeOnClick: { - openBlade: true - destinationBlade: { - extensionName: 'HubsExtension' - bladeName: 'ResourceMenuBlade' - parameters: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - menuid: 'performance' - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - { - position: { - x: 12 - y: 2 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'browserTimings/networkDuration' - aggregationType: 4 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Page load network connect time' - color: '#7E58FF' - } - } - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'browserTimings/processingDuration' - aggregationType: 4 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Client processing time' - color: '#44F1C8' - } - } - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'browserTimings/sendDuration' - aggregationType: 4 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Send request time' - color: '#EB9371' - } - } - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'browserTimings/receiveDuration' - aggregationType: 4 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Receiving response time' - color: '#0672F1' - } - } - ] - title: 'Average page load time breakdown' - visualization: { - chartType: 3 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - { - position: { - x: 0 - y: 5 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'availabilityResults/availabilityPercentage' - aggregationType: 4 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Availability' - color: '#47BDF5' - } - } - ] - title: 'Average availability' - visualization: { - chartType: 3 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - openBladeOnClick: { - openBlade: true - destinationBlade: { - extensionName: 'HubsExtension' - bladeName: 'ResourceMenuBlade' - parameters: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - menuid: 'availability' - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - { - position: { - x: 4 - y: 5 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'exceptions/server' - aggregationType: 7 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Server exceptions' - color: '#47BDF5' - } - } - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'dependencies/failed' - aggregationType: 7 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Dependency failures' - color: '#7E58FF' - } - } - ] - title: 'Server exceptions and Dependency failures' - visualization: { - chartType: 2 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - { - position: { - x: 8 - y: 5 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'performanceCounters/processorCpuPercentage' - aggregationType: 4 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Processor time' - color: '#47BDF5' - } - } - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'performanceCounters/processCpuPercentage' - aggregationType: 4 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Process CPU' - color: '#7E58FF' - } - } - ] - title: 'Average processor and process CPU utilization' - visualization: { - chartType: 2 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - { - position: { - x: 12 - y: 5 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'exceptions/browser' - aggregationType: 7 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Browser exceptions' - color: '#47BDF5' - } - } - ] - title: 'Browser exceptions' - visualization: { - chartType: 2 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - { - position: { - x: 0 - y: 8 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'availabilityResults/count' - aggregationType: 7 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Availability test results count' - color: '#47BDF5' - } - } - ] - title: 'Availability test results count' - visualization: { - chartType: 2 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - { - position: { - x: 4 - y: 8 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'performanceCounters/processIOBytesPerSecond' - aggregationType: 4 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Process IO rate' - color: '#47BDF5' - } - } - ] - title: 'Average process I/O rate' - visualization: { - chartType: 2 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - { - position: { - x: 8 - y: 8 - colSpan: 4 - rowSpan: 3 - } - metadata: { - inputs: [ - { - name: 'options' - value: { - chart: { - metrics: [ - { - resourceMetadata: { - id: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${applicationInsights.name}' - } - name: 'performanceCounters/memoryAvailableBytes' - aggregationType: 4 - namespace: 'microsoft.insights/components' - metricVisualization: { - displayName: 'Available memory' - color: '#47BDF5' - } - } - ] - title: 'Average available memory' - visualization: { - chartType: 2 - legendVisualization: { - isVisible: true - position: 2 - hideSubtitle: false - } - axisVisualization: { - x: { - isVisible: true - axisType: 2 - } - y: { - isVisible: true - axisType: 1 - } - } - } - } - } - } - { - name: 'sharedTimeRange' - isOptional: true - } - ] - #disable-next-line BCP036 - type: 'Extension/HubsExtension/PartType/MonitorChartPart' - settings: {} - } - } - ] - } - ] - } -} - -resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = { - name: applicationInsightsName -} diff --git a/Environments/App-Base-WebApp-AKS/core/monitor/applicationinsights.bicep b/Environments/App-Base-WebApp-AKS/core/monitor/applicationinsights.bicep deleted file mode 100644 index 4b4d01e3..00000000 --- a/Environments/App-Base-WebApp-AKS/core/monitor/applicationinsights.bicep +++ /dev/null @@ -1,30 +0,0 @@ -metadata description = 'Creates an Application Insights instance based on an existing Log Analytics workspace.' -param name string -param dashboardName string = '' -param location string = resourceGroup().location -param tags object = {} -param logAnalyticsWorkspaceId string - -resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = { - name: name - location: location - tags: tags - kind: 'web' - properties: { - Application_Type: 'web' - WorkspaceResourceId: logAnalyticsWorkspaceId - } -} - -module applicationInsightsDashboard 'applicationinsights-dashboard.bicep' = if (!empty(dashboardName)) { - name: 'application-insights-dashboard' - params: { - name: dashboardName - location: location - applicationInsightsName: applicationInsights.name - } -} - -output connectionString string = applicationInsights.properties.ConnectionString -output instrumentationKey string = applicationInsights.properties.InstrumentationKey -output name string = applicationInsights.name diff --git a/Environments/App-Base-WebApp-AKS/core/monitor/loganalytics.bicep b/Environments/App-Base-WebApp-AKS/core/monitor/loganalytics.bicep deleted file mode 100644 index 33f9dc29..00000000 --- a/Environments/App-Base-WebApp-AKS/core/monitor/loganalytics.bicep +++ /dev/null @@ -1,22 +0,0 @@ -metadata description = 'Creates a Log Analytics workspace.' -param name string -param location string = resourceGroup().location -param tags object = {} - -resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' = { - name: name - location: location - tags: tags - properties: any({ - retentionInDays: 30 - features: { - searchVersion: 1 - } - sku: { - name: 'PerGB2018' - } - }) -} - -output id string = logAnalytics.id -output name string = logAnalytics.name diff --git a/Environments/App-Base-WebApp-AKS/core/monitor/monitoring.bicep b/Environments/App-Base-WebApp-AKS/core/monitor/monitoring.bicep deleted file mode 100644 index 6bb05b0b..00000000 --- a/Environments/App-Base-WebApp-AKS/core/monitor/monitoring.bicep +++ /dev/null @@ -1,32 +0,0 @@ -metadata description = 'Creates an Application Insights instance and a Log Analytics workspace.' -param logAnalyticsName string -param applicationInsightsName string -param applicationInsightsDashboardName string = '' -param location string = resourceGroup().location -param tags object = {} - -module logAnalytics 'loganalytics.bicep' = { - name: 'loganalytics' - params: { - name: logAnalyticsName - location: location - tags: tags - } -} - -module applicationInsights 'applicationinsights.bicep' = { - name: 'applicationinsights' - params: { - name: applicationInsightsName - location: location - tags: tags - dashboardName: applicationInsightsDashboardName - logAnalyticsWorkspaceId: logAnalytics.outputs.id - } -} - -output applicationInsightsConnectionString string = applicationInsights.outputs.connectionString -output applicationInsightsInstrumentationKey string = applicationInsights.outputs.instrumentationKey -output applicationInsightsName string = applicationInsights.outputs.name -output logAnalyticsWorkspaceId string = logAnalytics.outputs.id -output logAnalyticsWorkspaceName string = logAnalytics.outputs.name diff --git a/Environments/App-Base-WebApp-AKS/core/networking/cdn-endpoint.bicep b/Environments/App-Base-WebApp-AKS/core/networking/cdn-endpoint.bicep deleted file mode 100644 index 5e8ab695..00000000 --- a/Environments/App-Base-WebApp-AKS/core/networking/cdn-endpoint.bicep +++ /dev/null @@ -1,52 +0,0 @@ -metadata description = 'Adds an endpoint to an Azure CDN profile.' -param name string -param location string = resourceGroup().location -param tags object = {} - -@description('The name of the CDN profile resource') -@minLength(1) -param cdnProfileName string - -@description('Delivery policy rules') -param deliveryPolicyRules array = [] - -@description('The origin URL for the endpoint') -@minLength(1) -param originUrl string - -resource endpoint 'Microsoft.Cdn/profiles/endpoints@2022-05-01-preview' = { - parent: cdnProfile - name: name - location: location - tags: tags - properties: { - originHostHeader: originUrl - isHttpAllowed: false - isHttpsAllowed: true - queryStringCachingBehavior: 'UseQueryString' - optimizationType: 'GeneralWebDelivery' - origins: [ - { - name: replace(originUrl, '.', '-') - properties: { - hostName: originUrl - originHostHeader: originUrl - priority: 1 - weight: 1000 - enabled: true - } - } - ] - deliveryPolicy: { - rules: deliveryPolicyRules - } - } -} - -resource cdnProfile 'Microsoft.Cdn/profiles@2022-05-01-preview' existing = { - name: cdnProfileName -} - -output id string = endpoint.id -output name string = endpoint.name -output uri string = 'https://${endpoint.properties.hostName}' diff --git a/Environments/App-Base-WebApp-AKS/core/networking/cdn-profile.bicep b/Environments/App-Base-WebApp-AKS/core/networking/cdn-profile.bicep deleted file mode 100644 index 27669ee2..00000000 --- a/Environments/App-Base-WebApp-AKS/core/networking/cdn-profile.bicep +++ /dev/null @@ -1,34 +0,0 @@ -metadata description = 'Creates an Azure CDN profile.' -param name string -param location string = resourceGroup().location -param tags object = {} - -@description('The pricing tier of this CDN profile') -@allowed([ - 'Custom_Verizon' - 'Premium_AzureFrontDoor' - 'Premium_Verizon' - 'StandardPlus_955BandWidth_ChinaCdn' - 'StandardPlus_AvgBandWidth_ChinaCdn' - 'StandardPlus_ChinaCdn' - 'Standard_955BandWidth_ChinaCdn' - 'Standard_Akamai' - 'Standard_AvgBandWidth_ChinaCdn' - 'Standard_AzureFrontDoor' - 'Standard_ChinaCdn' - 'Standard_Microsoft' - 'Standard_Verizon' -]) -param sku string = 'Standard_Microsoft' - -resource profile 'Microsoft.Cdn/profiles@2022-05-01-preview' = { - name: name - location: location - tags: tags - sku: { - name: sku - } -} - -output id string = profile.id -output name string = profile.name diff --git a/Environments/App-Base-WebApp-AKS/core/networking/cdn.bicep b/Environments/App-Base-WebApp-AKS/core/networking/cdn.bicep deleted file mode 100644 index de98a1f9..00000000 --- a/Environments/App-Base-WebApp-AKS/core/networking/cdn.bicep +++ /dev/null @@ -1,42 +0,0 @@ -metadata description = 'Creates an Azure CDN profile with a single endpoint.' -param location string = resourceGroup().location -param tags object = {} - -@description('Name of the CDN endpoint resource') -param cdnEndpointName string - -@description('Name of the CDN profile resource') -param cdnProfileName string - -@description('Delivery policy rules') -param deliveryPolicyRules array = [] - -@description('Origin URL for the CDN endpoint') -param originUrl string - -module cdnProfile 'cdn-profile.bicep' = { - name: 'cdn-profile' - params: { - name: cdnProfileName - location: location - tags: tags - } -} - -module cdnEndpoint 'cdn-endpoint.bicep' = { - name: 'cdn-endpoint' - params: { - name: cdnEndpointName - location: location - tags: tags - cdnProfileName: cdnProfile.outputs.name - originUrl: originUrl - deliveryPolicyRules: deliveryPolicyRules - } -} - -output endpointName string = cdnEndpoint.outputs.name -output endpointId string = cdnEndpoint.outputs.id -output profileName string = cdnProfile.outputs.name -output profileId string = cdnProfile.outputs.id -output uri string = cdnEndpoint.outputs.uri diff --git a/Environments/App-Base-WebApp-AKS/core/search/search-services.bicep b/Environments/App-Base-WebApp-AKS/core/search/search-services.bicep deleted file mode 100644 index d9c619a9..00000000 --- a/Environments/App-Base-WebApp-AKS/core/search/search-services.bicep +++ /dev/null @@ -1,68 +0,0 @@ -metadata description = 'Creates an Azure AI Search instance.' -param name string -param location string = resourceGroup().location -param tags object = {} - -param sku object = { - name: 'standard' -} - -param authOptions object = {} -param disableLocalAuth bool = false -param disabledDataExfiltrationOptions array = [] -param encryptionWithCmk object = { - enforcement: 'Unspecified' -} -@allowed([ - 'default' - 'highDensity' -]) -param hostingMode string = 'default' -param networkRuleSet object = { - bypass: 'None' - ipRules: [] -} -param partitionCount int = 1 -@allowed([ - 'enabled' - 'disabled' -]) -param publicNetworkAccess string = 'enabled' -param replicaCount int = 1 -@allowed([ - 'disabled' - 'free' - 'standard' -]) -param semanticSearch string = 'disabled' - -var searchIdentityProvider = (sku.name == 'free') ? null : { - type: 'SystemAssigned' -} - -resource search 'Microsoft.Search/searchServices@2021-04-01-preview' = { - name: name - location: location - tags: tags - // The free tier does not support managed identity - identity: searchIdentityProvider - properties: { - authOptions: authOptions - disableLocalAuth: disableLocalAuth - disabledDataExfiltrationOptions: disabledDataExfiltrationOptions - encryptionWithCmk: encryptionWithCmk - hostingMode: hostingMode - networkRuleSet: networkRuleSet - partitionCount: partitionCount - publicNetworkAccess: publicNetworkAccess - replicaCount: replicaCount - semanticSearch: semanticSearch - } - sku: sku -} - -output id string = search.id -output endpoint string = 'https://${name}.search.windows.net/' -output name string = search.name -output principalId string = !empty(searchIdentityProvider) ? search.identity.principalId : '' - diff --git a/Environments/App-Base-WebApp-AKS/core/storage/storage-account.bicep b/Environments/App-Base-WebApp-AKS/core/storage/storage-account.bicep deleted file mode 100644 index 4b6febbe..00000000 --- a/Environments/App-Base-WebApp-AKS/core/storage/storage-account.bicep +++ /dev/null @@ -1,64 +0,0 @@ -metadata description = 'Creates an Azure storage account.' -param name string -param location string = resourceGroup().location -param tags object = {} - -@allowed([ - 'Cool' - 'Hot' - 'Premium' ]) -param accessTier string = 'Hot' -param allowBlobPublicAccess bool = true -param allowCrossTenantReplication bool = true -param allowSharedKeyAccess bool = true -param containers array = [] -param defaultToOAuthAuthentication bool = false -param deleteRetentionPolicy object = {} -@allowed([ 'AzureDnsZone', 'Standard' ]) -param dnsEndpointType string = 'Standard' -param kind string = 'StorageV2' -param minimumTlsVersion string = 'TLS1_2' -param supportsHttpsTrafficOnly bool = true -param networkAcls object = { - bypass: 'AzureServices' - defaultAction: 'Allow' -} -@allowed([ 'Enabled', 'Disabled' ]) -param publicNetworkAccess string = 'Enabled' -param sku object = { name: 'Standard_LRS' } - -resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = { - name: name - location: location - tags: tags - kind: kind - sku: sku - properties: { - accessTier: accessTier - allowBlobPublicAccess: allowBlobPublicAccess - allowCrossTenantReplication: allowCrossTenantReplication - allowSharedKeyAccess: allowSharedKeyAccess - defaultToOAuthAuthentication: defaultToOAuthAuthentication - dnsEndpointType: dnsEndpointType - minimumTlsVersion: minimumTlsVersion - networkAcls: networkAcls - publicNetworkAccess: publicNetworkAccess - supportsHttpsTrafficOnly: supportsHttpsTrafficOnly - } - - resource blobServices 'blobServices' = if (!empty(containers)) { - name: 'default' - properties: { - deleteRetentionPolicy: deleteRetentionPolicy - } - resource container 'containers' = [for container in containers: { - name: container.name - properties: { - publicAccess: contains(container, 'publicAccess') ? container.publicAccess : 'None' - } - }] - } -} - -output name string = storage.name -output primaryEndpoints object = storage.properties.primaryEndpoints diff --git a/Environments/App-Base-WebApp-AKS/core/testing/loadtesting.bicep b/Environments/App-Base-WebApp-AKS/core/testing/loadtesting.bicep deleted file mode 100644 index 46781086..00000000 --- a/Environments/App-Base-WebApp-AKS/core/testing/loadtesting.bicep +++ /dev/null @@ -1,15 +0,0 @@ -param name string -param location string = resourceGroup().location -param managedIdentity bool = false -param tags object = {} - -resource loadTest 'Microsoft.LoadTestService/loadTests@2022-12-01' = { - name: name - location: location - tags: tags - identity: { type: managedIdentity ? 'SystemAssigned' : 'None' } - properties: { - } -} - -output loadTestingName string = loadTest.name diff --git a/Environments/App-Base-WebApp-AKS/main.bicep b/Environments/App-Base-WebApp-AKS/main.bicep index a382fedb..378c06a8 100644 --- a/Environments/App-Base-WebApp-AKS/main.bicep +++ b/Environments/App-Base-WebApp-AKS/main.bicep @@ -5,40 +5,18 @@ param environmentName string @minLength(1) @description('Primary location for all resources') -param location string +param location string = resourceGroup().location -@description('The resource name of the AKS cluster') -param clusterName string = '' - -@description('The resource name of the Container Registry (ACR)') -param containerRegistryName string = '' - -param applicationInsightsDashboardName string = '' -param applicationInsightsName string = '' param cosmosAccountName string = '' param cosmosDatabaseName string = '' param keyVaultName string = '' -param logAnalyticsName string = '' - -@description('Id of the user or app to assign application roles') param principalId string = '' +param aksClusterIdentityObjectId string var abbrs = loadJsonContent('./abbreviations.json') var resourceToken = toLower(uniqueString(subscription().id, environmentName, location)) var tags = { 'azd-env-name': environmentName } -// The AKS cluster to host applications -module aks './core/host/aks.bicep' = { - name: 'aks' - params: { - location: location - name: !empty(clusterName) ? clusterName : '${abbrs.containerServiceManagedClusters}${resourceToken}' - containerRegistryName: !empty(containerRegistryName) ? containerRegistryName : '${abbrs.containerRegistryRegistries}${resourceToken}' - logAnalyticsName: monitoring.outputs.logAnalyticsWorkspaceName - keyVaultName: keyVault.outputs.name - } -} - // The application database module cosmos './app/db.bicep' = { name: 'cosmos' @@ -62,15 +40,11 @@ module keyVault './core/security/keyvault.bicep' = { } } -// Monitor application with Azure Monitor -module monitoring './core/monitor/monitoring.bicep' = { - name: 'monitoring' +module clusterKeyVaultAccess './core/security/keyvault-access.bicep' = { + name: 'cluster-keyvault-access' params: { - location: location - tags: tags - logAnalyticsName: !empty(logAnalyticsName) ? logAnalyticsName : '${abbrs.operationalInsightsWorkspaces}${resourceToken}' - applicationInsightsName: !empty(applicationInsightsName) ? applicationInsightsName : '${abbrs.insightsComponents}${resourceToken}' - applicationInsightsDashboardName: !empty(applicationInsightsDashboardName) ? applicationInsightsDashboardName : '${abbrs.portalDashboards}${resourceToken}' + keyVaultName: keyVault.outputs.name + principalId: aksClusterIdentityObjectId } } @@ -79,13 +53,7 @@ output AZURE_COSMOS_CONNECTION_STRING_KEY string = cosmos.outputs.connectionStri output AZURE_COSMOS_DATABASE_NAME string = cosmos.outputs.databaseName // App outputs -output APPLICATIONINSIGHTS_CONNECTION_STRING string = monitoring.outputs.applicationInsightsConnectionString -output AZURE_KEY_VAULT_ENDPOINT string = keyVault.outputs.endpoint -output AZURE_KEY_VAULT_NAME string = keyVault.outputs.name output AZURE_LOCATION string = location output AZURE_TENANT_ID string = tenant().tenantId -output AZURE_AKS_CLUSTER_NAME string = aks.outputs.clusterName -output AZURE_AKS_IDENTITY_CLIENT_ID string = aks.outputs.clusterIdentity.clientId -output AZURE_CONTAINER_REGISTRY_ENDPOINT string = aks.outputs.containerRegistryLoginServer -output AZURE_CONTAINER_REGISTRY_NAME string = aks.outputs.containerRegistryName -output REACT_APP_APPLICATIONINSIGHTS_CONNECTION_STRING string = monitoring.outputs.applicationInsightsConnectionString +output AZURE_KEY_VAULT_ENDPOINT string = keyVault.outputs.endpoint +output AZURE_KEY_VAULT_NAME string = keyVault.outputs.name diff --git a/Environments/App-Base-WebApp-AKS/manifest.yaml b/Environments/App-Base-WebApp-AKS/manifest.yaml index 7e08cb3e..cbc7191c 100644 --- a/Environments/App-Base-WebApp-AKS/manifest.yaml +++ b/Environments/App-Base-WebApp-AKS/manifest.yaml @@ -1,7 +1,7 @@ name: App-Base-WebApp-AKS version: 1.0.0 -summary: App Base Nodejs Mongo AKS -description: Deploys a base infra for AKS app dev with Nodejs and Mongo +summary: Base infra for AKS web app dev +description: Deploys a todo app with Nodejs and Mongo runner: ARM templatePath: azuredeploy.json @@ -18,11 +18,8 @@ parameters: type: string required: true -- id: "principalId" - name: "principalId (e.g. )" - description: "principal id that have the permission (get list) to access key vault" +- id: "aksClusterIdentityObjectId" + name: "AKS Cluster Identity Object Id" + description: "Object Id of the identity used by the AKS cluster to access the KeyVault" type: string - required: false - default: '' - - + required: true