Skip to content

Commit

Permalink
added modules
Browse files Browse the repository at this point in the history
  • Loading branch information
mpchenette committed Jul 15, 2023
1 parent c0e8f95 commit 3761093
Show file tree
Hide file tree
Showing 15 changed files with 418 additions and 156 deletions.
25 changes: 25 additions & 0 deletions .github/workflows/main.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
// =========== main.bicep ===========

param buildId string
param environment string
param location string = resourceGroup().location



module vnet '../../vnet.bicep' = {
name: 'unit-test-${buildId}-vnet'
params: {
environment: environment
location: location
}
}

module snet '../../snet.bicep' = {
name: 'unit-test-${buildId}-snet'
params: {
vnetName: vnet.outputs.name
environment: environment
location: location
}
}

28 changes: 21 additions & 7 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
@@ -1,21 +1,35 @@
on: [push, workflow_dispatch]
on: [push, workflow_dispatch]
name: Azure ARM
jobs:
build-and-deploy:
environment: Azure
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@main
uses: actions/checkout@v3

- name: Log into Azure
uses: azure/login@v1.4.3
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Deploy Bicep file
uses: azure/arm-deploy@main
- name: Test deployment of Bicep file resources
uses: azure/arm-deploy@v1
with:
scope: subscription
deploymentName: ${{ github.run_number }}
resourceGroupName: ${{ secrets.RESOURCE_GROUP }}
region: southcentralus
template: demo.bicep

- name: Remove reployed resources
uses: azure/arm-deploy@v1
with:
scope: subscription
deploymentName: ${{ github.run_number }}
region: southcentralus
template: demo.bicep
deploymentMode: Complete
parameters: delete=true

18 changes: 18 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
## Best Practices
- [Bicep Parameters](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/best-practices#parameters)
- [ARM Templates](https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/best-practices)

- It is recommended to give a descriptive and unique [deploymentName](https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/azure-resource-manager-template-deployment-v3?view=azure-pipelines#inputs) for both the modules used and for the Azure Pipelines task itself. This allows for quicker and easier debugging of potential errors.

- https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/best-practices#parameters

- The idea is to be able to delete the entire application in Azure and be able to redeploy it with one click of a button

- One thing that IaC does not address is data.


- The principal behind these templates:
- They can be deployed with only 1-2 parameters required from the consumer
- Further configuration/customization possible, but not necessary

- The idea is also to have these templates have all minimum and recommended security settings enabled by default (i.e., https/tls 1.2, ...)
62 changes: 62 additions & 0 deletions agw.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
// =========== agw.bicep ===========

// USER-PROVIDED PARAMETERS
param application string
param environment string
param instance string = '1'
param vnetName string
param snetName string

@allowed([443, 8080])
param httpSettingPort int = 443
param httpSettingProtocol string = 'Http'


// PROPERTIES PARAMETERS
param sku object = {
name: 'Standard_Small'
tier: 'Standard'
capacity: 2
}
param backendPools array = [
{ name: 'appGatewayBackendPool', properties: { backendAddresses: [ { IpAddress: '10.0.0.4' }, { IpAddress: '10.0.0.5' } ] } }
]
param backendHttpSettings array = [
{ name: 'appGatewayBackendHttpSettings', properties: { port: httpSettingPort, protocol: httpSettingProtocol, cookieBasedAffinity: 'Disabled' } }
]
param httpListeners array = [
{ name: 'appGatewayHttpListener', properties: { frontendIPConfiguration: { id: resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', name, 'appGatewayFrontendIP') }, frontendPort: { id: resourceId('Microsoft.Network/applicationGateways/frontendPorts', name, 'appGatewayFrontendPort') }, protocol: 'Http' } }
]
param requestRoutingRules array = [
{ name: 'rule1', properties: { ruleType: 'Basic', httpListener: { id: resourceId('Microsoft.Network/applicationGateways/httpListeners', name, 'appGatewayHttpListener') }, backendAddressPool: { id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', name, 'appGatewayBackendPool') }, backendHttpSettings: { id: resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', name, 'appGatewayBackendHttpSettings') } } }
]
param frontendPorts array = [
{ name: 'appGatewayFrontendPort', properties: { port: 80 } }
]

// BASE PARAMETERS
param name string = 'agw-${application}-${environment}-${location}-${padLeft(instance, 3, '0')}'
param location string = resourceGroup().location

// DEPENDENCIES
resource vnet 'Microsoft.Network/virtualNetworks@2022-11-01' existing = { name: vnetName }
// resource snet 'Microsoft.Network/virtualNetworks/subnets@2022-11-01' existing = { name: snetName }
var subnetRef = resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, snetName)


// RESOURCE
resource applicationGateway 'Microsoft.Network/applicationGateways@2022-11-01' = {
name: name
location: location
properties: {
sku: sku
gatewayIPConfigurations: [ { name: 'appGatewayIpConfig', properties: { subnet: { id: subnetRef } } } ]
frontendIPConfigurations: [ { name: 'appGatewayFrontendIP', properties: { subnet: { id: subnetRef } } } ]
frontendPorts: [for frontendPort in frontendPorts: { name: frontendPort.name, properties: frontendPort.properties }]
backendAddressPools: [for backendPool in backendPools: { name: backendPool.name, properties: backendPool.properties }]
backendHttpSettingsCollection: [for backendHttpSetting in backendHttpSettings: { name: backendHttpSetting.name, properties: backendHttpSetting.properties }]
httpListeners: [for httpListener in httpListeners: { name: httpListener.name, properties: httpListener.properties }]
requestRoutingRules: [for requestRoutingRule in requestRoutingRules: { name: requestRoutingRule.name, properties: requestRoutingRule.properties }]
}
dependsOn: [ vnet ]
}
33 changes: 33 additions & 0 deletions app.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
// =========== app.bicep ===========

// USER-PROVIDED PARAMETERS
param application string
param environment string
param instance string = '1'
param aspId string

// PROPERTIES PARAMETERS
param httpsOnly bool = true
param isLinux bool = true

// BASE PARAMETERS
param name string = 'app-${application}-${environment}-${location}-${padLeft(instance, 3, '0')}'
param location string = resourceGroup().location
param kind string = 'app,linux' // 'app,linux,container'
param properties object = {
httpsOnly: httpsOnly
reserved: isLinux
serverFarmId: aspId
siteConfig: {
alwaysOn: true
linuxFxVersion: 'DOTNETCORE|7.0' // 'DOCKER|crchenetteprod001.azurecr.io/dotnetwebapp:latest'
}
}

// RESOURCE
resource app 'Microsoft.Web/sites@2022-09-01' = {
name: name
location: location
kind: kind
properties: properties
}
41 changes: 41 additions & 0 deletions asp.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
// =========== asp.bicep ===========

// USER-PROVIDED PARAMETERS
param application string
param environment string
param instance string = '1'

// SKU PARAMETERS
param skuCapacity int = 1
param skuFamily string = 'B'
param skuName string = 'B1'
param skuSize string = 'B1'
param skuTier string = 'Basic'

// PROPERTIES PARAMETERS
param isLinux bool = true

// BASE PARAMETERS
param name string = 'asp-${application}-${environment}-${location}-${padLeft(instance, 3, '0')}'
param location string = resourceGroup().location
param sku object = {
capacity: skuCapacity
family: skuFamily
name: skuName
size: skuSize
tier: skuTier
}
param properties object = {
reserved: isLinux
}

// RESOURCE
resource asp 'Microsoft.Web/serverfarms@2022-09-01' = {
name: name
location: location
sku: sku
properties: properties
}

// OUTPUTS
output resourceId string = asp.id
50 changes: 50 additions & 0 deletions cr.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
// =========== cr.bicep ===========

param name string
param location string
param sku string

resource cr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
name: name
location: location
sku: {
name: sku
}
properties: {
adminUserEnabled: true
}
}

resource kv 'Microsoft.KeyVault/vaults@2023-02-01' = {
name: name
location: location
properties: {
enabledForTemplateDeployment: true
tenantId: tenant().tenantId
accessPolicies: []
sku: {
name: 'standard'
family: 'A'
}
}
resource crUsername 'secrets' = {
name: 'crUsername'
properties: {
value: cr.listCredentials().username
}
}
resource crPassword1 'secrets' = {
name: 'crPassword1'
properties: {
value: cr.listCredentials().passwords[0].value
}
}
resource crPassword2 'secrets' = {
name: 'crPassword2'
properties: {
value: cr.listCredentials().passwords[1].value
}
}
}

// output resource resource = cr
37 changes: 0 additions & 37 deletions demo.bicep

This file was deleted.

35 changes: 35 additions & 0 deletions kv.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
// =========== kv.bicep ===========

@minLength(3)
@maxLength(24)
param name string

param location string = resourceGroup().location
param tags object = {}

@allowed([
'standard'
'premium'
])
param skuName string = 'standard'

resource kv 'Microsoft.KeyVault/vaults@2023-02-01' = {
name: name
location: location
tags: tags
properties: {
accessPolicies: []
enabledForDeployment: false
enabledForDiskEncryption: false
enabledForTemplateDeployment: true
enablePurgeProtection: false
enableRbacAuthorization: false
enableSoftDelete: false
sku: {
name: skuName
family: 'A'
}
softDeleteRetentionInDays: 7
tenantId: subscription().tenantId
}
}
Loading

0 comments on commit 3761093

Please sign in to comment.