From f62364eeb1ef1a6cb53e93a4443d129a50af4e60 Mon Sep 17 00:00:00 2001 From: Gordon Byers Date: Mon, 20 Sep 2021 10:11:47 +0100 Subject: [PATCH] Change default AppGw listener configuration if PrivateIP provided (#54) * Use private frontend for default config if provided * Adding auto compiled bicep json Co-authored-by: Gordon Byers Co-authored-by: Gordonby --- bicep/compiled/main.json | 4 ++-- bicep/main.bicep | 37 ++----------------------------------- 2 files changed, 4 insertions(+), 37 deletions(-) diff --git a/bicep/compiled/main.json b/bicep/compiled/main.json index bdbaa90c5..eb4d79148 100644 --- a/bicep/compiled/main.json +++ b/bicep/compiled/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.4.613.9944", - "templateHash": "2019382473616223826" + "templateHash": "15689473077999260665" } }, "parameters": { @@ -385,7 +385,7 @@ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-appgw-{0}', parameters('resourceName')))]": {} } }, - "properties": "[union(createObject('sku', variables('appGWskuObj'), 'sslPolicy', createObject('policyType', 'Predefined', 'policyName', 'AppGwSslPolicy20170401S'), 'gatewayIPConfigurations', createArray(createObject('name', 'besubnet', 'properties', createObject('subnet', createObject('id', if(parameters('ingressApplicationGateway'), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', 'network'), '2019-10-01').outputs.appGwSubnetId.value, parameters('byoAGWSubnetId')), ''))))), 'frontendIPConfigurations', if(empty(parameters('privateIpApplicationGateway')), array(variables('frontendPublicIpConfig')), concat(array(variables('frontendPublicIpConfig')), array(createObject('properties', createObject('privateIPAllocationMethod', 'Static', 'privateIPAddress', parameters('privateIpApplicationGateway'), 'subnet', createObject('id', if(parameters('ingressApplicationGateway'), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', 'network'), '2019-10-01').outputs.appGwSubnetId.value, parameters('byoAGWSubnetId')), ''))), 'name', 'appGatewayPrivateIP')))), 'frontendPorts', createArray(createObject('name', 'appGatewayFrontendPort', 'properties', createObject('port', 80))), 'backendAddressPools', createArray(createObject('name', 'defaultaddresspool')), 'backendHttpSettingsCollection', createArray(createObject('name', 'defaulthttpsetting', 'properties', createObject('port', 80, 'protocol', 'Http', 'cookieBasedAffinity', 'Disabled', 'requestTimeout', 30, 'pickHostNameFromBackendAddress', true()))), 'httpListeners', createArray(createObject('name', 'hlisten', 'properties', createObject('frontendIPConfiguration', createObject('id', format('{0}/frontendIPConfigurations/appGatewayFrontendIP', variables('appgwResourceId'))), 'frontendPort', createObject('id', format('{0}/frontendPorts/appGatewayFrontendPort', variables('appgwResourceId'))), 'protocol', 'Http'))), 'requestRoutingRules', createArray(createObject('name', 'appGwRoutingRuleName', 'properties', createObject('ruleType', 'Basic', 'httpListener', createObject('id', format('{0}/httpListeners/hlisten', variables('appgwResourceId'))), 'backendAddressPool', createObject('id', format('{0}/backendAddressPools/defaultaddresspool', variables('appgwResourceId'))), 'backendHttpSettings', createObject('id', format('{0}/backendHttpSettingsCollection/defaulthttpsetting', variables('appgwResourceId'))))))), if(greater(parameters('appGWmaxCount'), 0), createObject('autoscaleConfiguration', createObject('minCapacity', parameters('appGWcount'), 'maxCapacity', parameters('appGWmaxCount'))), createObject()))]", + "properties": "[union(createObject('sku', variables('appGWskuObj'), 'sslPolicy', createObject('policyType', 'Predefined', 'policyName', 'AppGwSslPolicy20170401S'), 'gatewayIPConfigurations', createArray(createObject('name', 'besubnet', 'properties', createObject('subnet', createObject('id', if(parameters('ingressApplicationGateway'), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', 'network'), '2019-10-01').outputs.appGwSubnetId.value, parameters('byoAGWSubnetId')), ''))))), 'frontendIPConfigurations', if(empty(parameters('privateIpApplicationGateway')), array(variables('frontendPublicIpConfig')), concat(array(variables('frontendPublicIpConfig')), array(createObject('properties', createObject('privateIPAllocationMethod', 'Static', 'privateIPAddress', parameters('privateIpApplicationGateway'), 'subnet', createObject('id', if(parameters('ingressApplicationGateway'), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', 'network'), '2019-10-01').outputs.appGwSubnetId.value, parameters('byoAGWSubnetId')), ''))), 'name', 'appGatewayPrivateIP')))), 'frontendPorts', createArray(createObject('name', 'appGatewayFrontendPort', 'properties', createObject('port', 80))), 'backendAddressPools', createArray(createObject('name', 'defaultaddresspool')), 'backendHttpSettingsCollection', createArray(createObject('name', 'defaulthttpsetting', 'properties', createObject('port', 80, 'protocol', 'Http', 'cookieBasedAffinity', 'Disabled', 'requestTimeout', 30, 'pickHostNameFromBackendAddress', true()))), 'httpListeners', createArray(createObject('name', 'hlisten', 'properties', createObject('frontendIPConfiguration', createObject('id', if(empty(parameters('privateIpApplicationGateway')), format('{0}/frontendIPConfigurations/appGatewayFrontendIP', variables('appgwResourceId')), format('{0}/frontendIPConfigurations/appGatewayPrivateIP', variables('appgwResourceId')))), 'frontendPort', createObject('id', format('{0}/frontendPorts/appGatewayFrontendPort', variables('appgwResourceId'))), 'protocol', 'Http'))), 'requestRoutingRules', createArray(createObject('name', 'appGwRoutingRuleName', 'properties', createObject('ruleType', 'Basic', 'httpListener', createObject('id', format('{0}/httpListeners/hlisten', variables('appgwResourceId'))), 'backendAddressPool', createObject('id', format('{0}/backendAddressPools/defaultaddresspool', variables('appgwResourceId'))), 'backendHttpSettings', createObject('id', format('{0}/backendHttpSettingsCollection/defaulthttpsetting', variables('appgwResourceId'))))))), if(greater(parameters('appGWmaxCount'), 0), createObject('autoscaleConfiguration', createObject('minCapacity', parameters('appGWcount'), 'maxCapacity', parameters('appGWmaxCount'))), createObject()))]", "dependsOn": [ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-appgw-{0}', parameters('resourceName')))]", "[resourceId('Microsoft.Network/publicIPAddresses', format('pip-agw-{0}', parameters('resourceName')))]", diff --git a/bicep/main.bicep b/bicep/main.bicep index c0deb38f3..bd24076d2 100644 --- a/bicep/main.bicep +++ b/bicep/main.bicep @@ -207,16 +207,6 @@ resource acr 'Microsoft.ContainerRegistry/registries@2021-06-01-preview' = if (! } var AcrPullRole = resourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d') -/* -resource aks_acr_pull 'Microsoft.ContainerRegistry/registries/providers/roleAssignments@2017-05-01' = if (!empty(registries_sku)) { - name: '${acrName}/Microsoft.Authorization/${guid(resourceGroup().id, acrName)}' - properties: { - roleDefinitionId: AcrPullRole - principalId: aks.properties.identityProfile.kubeletidentity.objectId - principalType: 'ServicePrincipal' - } -} -*/ // New way of setting scope https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/scope-extension-resources resource aks_acr_pull 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = if (!empty(registries_sku)) { scope: acr // Use when specifying a scope that is different than the deployment scope @@ -260,31 +250,7 @@ resource appGwIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11 location: location } -// BYO AGIC identity to fix : AGIC Identity needs atleast has 'Contributor' access to Application Gateway 'xx' and 'Reader' access to Application Gateway's Resource Group -//resource agicIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = if (deployAppGw) { -// name: 'id-agic-${resourceName}' -// location: location -//} - -//module appGw './appgw.bicep' = if (deployAppGw) { -// name: 'addAppGw' -// params: { -// resourceName: resourceName -// agicPrincipleId: agicIdentity.properties.principalId // aks.properties.addonProfiles.ingressApplicationGateway.identity.clientId -// location: location -// appGwSubnetId: appGwSubnetId -// privateIpApplicationGateway: privateIpApplicationGateway -// availabilityZones: availabilityZones -// userAssignedIdentity: (appgwKVIntegration || deployAppGw) ? appGwIdentity.id : '' -// workspaceId: aks_law.id -// appGWcount: appGWcount -// appGWmaxCount: appGWmaxCount -// } -//} - -// ================== AppGW Module - in-lined ====== var workspaceId = aks_law.id - var appgwName = 'agw-${resourceName}' var appgwResourceId = deployAppGw ? resourceId('Microsoft.Network/applicationGateways', '${appgwName}') : '' @@ -375,7 +341,7 @@ var appgwProperties = union({ name: 'hlisten' properties: { frontendIPConfiguration: { - id: '${appgwResourceId}/frontendIPConfigurations/appGatewayFrontendIP' + id: empty(privateIpApplicationGateway) ? '${appgwResourceId}/frontendIPConfigurations/appGatewayFrontendIP' : '${appgwResourceId}/frontendIPConfigurations/appGatewayPrivateIP' } frontendPort: { id: '${appgwResourceId}/frontendPorts/appGatewayFrontendPort' @@ -634,6 +600,7 @@ var aks_addons1 = DEPLOY_APPGW_ADDON && ingressApplicationGateway ? union(aks_ad } }) : aks_addons + var aks_addons2 = omsagent ? union(aks_addons1, { omsagent: { enabled: true