-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c0e8f95
commit 3761093
Showing
15 changed files
with
418 additions
and
156 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
// =========== main.bicep =========== | ||
|
||
param buildId string | ||
param environment string | ||
param location string = resourceGroup().location | ||
|
||
|
||
|
||
module vnet '../../vnet.bicep' = { | ||
name: 'unit-test-${buildId}-vnet' | ||
params: { | ||
environment: environment | ||
location: location | ||
} | ||
} | ||
|
||
module snet '../../snet.bicep' = { | ||
name: 'unit-test-${buildId}-snet' | ||
params: { | ||
vnetName: vnet.outputs.name | ||
environment: environment | ||
location: location | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,35 @@ | ||
on: [push, workflow_dispatch] | ||
on: [push, workflow_dispatch] | ||
name: Azure ARM | ||
jobs: | ||
build-and-deploy: | ||
environment: Azure | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@main | ||
uses: actions/checkout@v3 | ||
|
||
- name: Log into Azure | ||
uses: azure/login@v1.4.3 | ||
uses: azure/login@v1 | ||
with: | ||
creds: ${{ secrets.AZURE_CREDENTIALS }} | ||
client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
|
||
- name: Deploy Bicep file | ||
uses: azure/arm-deploy@main | ||
- name: Test deployment of Bicep file resources | ||
uses: azure/arm-deploy@v1 | ||
with: | ||
scope: subscription | ||
deploymentName: ${{ github.run_number }} | ||
resourceGroupName: ${{ secrets.RESOURCE_GROUP }} | ||
region: southcentralus | ||
template: demo.bicep | ||
|
||
- name: Remove reployed resources | ||
uses: azure/arm-deploy@v1 | ||
with: | ||
scope: subscription | ||
deploymentName: ${{ github.run_number }} | ||
region: southcentralus | ||
template: demo.bicep | ||
deploymentMode: Complete | ||
parameters: delete=true | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
## Best Practices | ||
- [Bicep Parameters](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/best-practices#parameters) | ||
- [ARM Templates](https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/best-practices) | ||
|
||
- It is recommended to give a descriptive and unique [deploymentName](https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/azure-resource-manager-template-deployment-v3?view=azure-pipelines#inputs) for both the modules used and for the Azure Pipelines task itself. This allows for quicker and easier debugging of potential errors. | ||
|
||
- https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/best-practices#parameters | ||
|
||
- The idea is to be able to delete the entire application in Azure and be able to redeploy it with one click of a button | ||
|
||
- One thing that IaC does not address is data. | ||
|
||
|
||
- The principal behind these templates: | ||
- They can be deployed with only 1-2 parameters required from the consumer | ||
- Further configuration/customization possible, but not necessary | ||
|
||
- The idea is also to have these templates have all minimum and recommended security settings enabled by default (i.e., https/tls 1.2, ...) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
// =========== agw.bicep =========== | ||
|
||
// USER-PROVIDED PARAMETERS | ||
param application string | ||
param environment string | ||
param instance string = '1' | ||
param vnetName string | ||
param snetName string | ||
|
||
@allowed([443, 8080]) | ||
param httpSettingPort int = 443 | ||
param httpSettingProtocol string = 'Http' | ||
|
||
|
||
// PROPERTIES PARAMETERS | ||
param sku object = { | ||
name: 'Standard_Small' | ||
tier: 'Standard' | ||
capacity: 2 | ||
} | ||
param backendPools array = [ | ||
{ name: 'appGatewayBackendPool', properties: { backendAddresses: [ { IpAddress: '10.0.0.4' }, { IpAddress: '10.0.0.5' } ] } } | ||
] | ||
param backendHttpSettings array = [ | ||
{ name: 'appGatewayBackendHttpSettings', properties: { port: httpSettingPort, protocol: httpSettingProtocol, cookieBasedAffinity: 'Disabled' } } | ||
] | ||
param httpListeners array = [ | ||
{ name: 'appGatewayHttpListener', properties: { frontendIPConfiguration: { id: resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', name, 'appGatewayFrontendIP') }, frontendPort: { id: resourceId('Microsoft.Network/applicationGateways/frontendPorts', name, 'appGatewayFrontendPort') }, protocol: 'Http' } } | ||
] | ||
param requestRoutingRules array = [ | ||
{ name: 'rule1', properties: { ruleType: 'Basic', httpListener: { id: resourceId('Microsoft.Network/applicationGateways/httpListeners', name, 'appGatewayHttpListener') }, backendAddressPool: { id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', name, 'appGatewayBackendPool') }, backendHttpSettings: { id: resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', name, 'appGatewayBackendHttpSettings') } } } | ||
] | ||
param frontendPorts array = [ | ||
{ name: 'appGatewayFrontendPort', properties: { port: 80 } } | ||
] | ||
|
||
// BASE PARAMETERS | ||
param name string = 'agw-${application}-${environment}-${location}-${padLeft(instance, 3, '0')}' | ||
param location string = resourceGroup().location | ||
|
||
// DEPENDENCIES | ||
resource vnet 'Microsoft.Network/virtualNetworks@2022-11-01' existing = { name: vnetName } | ||
// resource snet 'Microsoft.Network/virtualNetworks/subnets@2022-11-01' existing = { name: snetName } | ||
var subnetRef = resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, snetName) | ||
|
||
|
||
// RESOURCE | ||
resource applicationGateway 'Microsoft.Network/applicationGateways@2022-11-01' = { | ||
name: name | ||
location: location | ||
properties: { | ||
sku: sku | ||
gatewayIPConfigurations: [ { name: 'appGatewayIpConfig', properties: { subnet: { id: subnetRef } } } ] | ||
frontendIPConfigurations: [ { name: 'appGatewayFrontendIP', properties: { subnet: { id: subnetRef } } } ] | ||
frontendPorts: [for frontendPort in frontendPorts: { name: frontendPort.name, properties: frontendPort.properties }] | ||
backendAddressPools: [for backendPool in backendPools: { name: backendPool.name, properties: backendPool.properties }] | ||
backendHttpSettingsCollection: [for backendHttpSetting in backendHttpSettings: { name: backendHttpSetting.name, properties: backendHttpSetting.properties }] | ||
httpListeners: [for httpListener in httpListeners: { name: httpListener.name, properties: httpListener.properties }] | ||
requestRoutingRules: [for requestRoutingRule in requestRoutingRules: { name: requestRoutingRule.name, properties: requestRoutingRule.properties }] | ||
} | ||
dependsOn: [ vnet ] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
// =========== app.bicep =========== | ||
|
||
// USER-PROVIDED PARAMETERS | ||
param application string | ||
param environment string | ||
param instance string = '1' | ||
param aspId string | ||
|
||
// PROPERTIES PARAMETERS | ||
param httpsOnly bool = true | ||
param isLinux bool = true | ||
|
||
// BASE PARAMETERS | ||
param name string = 'app-${application}-${environment}-${location}-${padLeft(instance, 3, '0')}' | ||
param location string = resourceGroup().location | ||
param kind string = 'app,linux' // 'app,linux,container' | ||
param properties object = { | ||
httpsOnly: httpsOnly | ||
reserved: isLinux | ||
serverFarmId: aspId | ||
siteConfig: { | ||
alwaysOn: true | ||
linuxFxVersion: 'DOTNETCORE|7.0' // 'DOCKER|crchenetteprod001.azurecr.io/dotnetwebapp:latest' | ||
} | ||
} | ||
|
||
// RESOURCE | ||
resource app 'Microsoft.Web/sites@2022-09-01' = { | ||
name: name | ||
location: location | ||
kind: kind | ||
properties: properties | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
// =========== asp.bicep =========== | ||
|
||
// USER-PROVIDED PARAMETERS | ||
param application string | ||
param environment string | ||
param instance string = '1' | ||
|
||
// SKU PARAMETERS | ||
param skuCapacity int = 1 | ||
param skuFamily string = 'B' | ||
param skuName string = 'B1' | ||
param skuSize string = 'B1' | ||
param skuTier string = 'Basic' | ||
|
||
// PROPERTIES PARAMETERS | ||
param isLinux bool = true | ||
|
||
// BASE PARAMETERS | ||
param name string = 'asp-${application}-${environment}-${location}-${padLeft(instance, 3, '0')}' | ||
param location string = resourceGroup().location | ||
param sku object = { | ||
capacity: skuCapacity | ||
family: skuFamily | ||
name: skuName | ||
size: skuSize | ||
tier: skuTier | ||
} | ||
param properties object = { | ||
reserved: isLinux | ||
} | ||
|
||
// RESOURCE | ||
resource asp 'Microsoft.Web/serverfarms@2022-09-01' = { | ||
name: name | ||
location: location | ||
sku: sku | ||
properties: properties | ||
} | ||
|
||
// OUTPUTS | ||
output resourceId string = asp.id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
// =========== cr.bicep =========== | ||
|
||
param name string | ||
param location string | ||
param sku string | ||
|
||
resource cr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = { | ||
name: name | ||
location: location | ||
sku: { | ||
name: sku | ||
} | ||
properties: { | ||
adminUserEnabled: true | ||
} | ||
} | ||
|
||
resource kv 'Microsoft.KeyVault/vaults@2023-02-01' = { | ||
name: name | ||
location: location | ||
properties: { | ||
enabledForTemplateDeployment: true | ||
tenantId: tenant().tenantId | ||
accessPolicies: [] | ||
sku: { | ||
name: 'standard' | ||
family: 'A' | ||
} | ||
} | ||
resource crUsername 'secrets' = { | ||
name: 'crUsername' | ||
properties: { | ||
value: cr.listCredentials().username | ||
} | ||
} | ||
resource crPassword1 'secrets' = { | ||
name: 'crPassword1' | ||
properties: { | ||
value: cr.listCredentials().passwords[0].value | ||
} | ||
} | ||
resource crPassword2 'secrets' = { | ||
name: 'crPassword2' | ||
properties: { | ||
value: cr.listCredentials().passwords[1].value | ||
} | ||
} | ||
} | ||
|
||
// output resource resource = cr |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
// =========== kv.bicep =========== | ||
|
||
@minLength(3) | ||
@maxLength(24) | ||
param name string | ||
|
||
param location string = resourceGroup().location | ||
param tags object = {} | ||
|
||
@allowed([ | ||
'standard' | ||
'premium' | ||
]) | ||
param skuName string = 'standard' | ||
|
||
resource kv 'Microsoft.KeyVault/vaults@2023-02-01' = { | ||
name: name | ||
location: location | ||
tags: tags | ||
properties: { | ||
accessPolicies: [] | ||
enabledForDeployment: false | ||
enabledForDiskEncryption: false | ||
enabledForTemplateDeployment: true | ||
enablePurgeProtection: false | ||
enableRbacAuthorization: false | ||
enableSoftDelete: false | ||
sku: { | ||
name: skuName | ||
family: 'A' | ||
} | ||
softDeleteRetentionInDays: 7 | ||
tenantId: subscription().tenantId | ||
} | ||
} |
Oops, something went wrong.