From 61dcba5c1832d12cfd178072785d5ce0f82d0254 Mon Sep 17 00:00:00 2001 From: JPEasier Date: Fri, 11 Nov 2022 13:03:11 +0100 Subject: [PATCH 1/4] update Orchestrator version when upgrade. --- .../managedClusters/agentPools/deploy.bicep | 4 ++-- .../managedClusters/agentPools/readme.md | 2 +- .../Microsoft.ContainerService/managedClusters/deploy.bicep | 6 +++--- .../Microsoft.ContainerService/managedClusters/readme.md | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep b/modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep index f02e9f2bd3..318659d9c6 100644 --- a/modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep @@ -187,11 +187,11 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-07-01' existing = { +resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-09-01' existing = { name: managedClusterName } -resource agentPool 'Microsoft.ContainerService/managedClusters/agentPools@2022-07-01' = { +resource agentPool 'Microsoft.ContainerService/managedClusters/agentPools@2022-09-01' = { name: name parent: managedCluster properties: { diff --git a/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md b/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md index f8a15d7344..e54f0a3918 100644 --- a/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md +++ b/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md @@ -13,7 +13,7 @@ This module deploys an Agent Pool for a Container Service Managed Cluster | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ContainerService/managedClusters/agentPools` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-07-01/managedClusters/agentPools) | +| `Microsoft.ContainerService/managedClusters/agentPools` | [2022-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-09-01/managedClusters/agentPools) | ## Parameters diff --git a/modules/Microsoft.ContainerService/managedClusters/deploy.bicep b/modules/Microsoft.ContainerService/managedClusters/deploy.bicep index 53007dfe62..97ec573324 100644 --- a/modules/Microsoft.ContainerService/managedClusters/deploy.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/deploy.bicep @@ -384,7 +384,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-07-01' = { +resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-09-01' = { name: name location: location tags: tags @@ -465,7 +465,7 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-07-01' } autoScalerProfile: { 'balance-similar-node-groups': autoScalerProfileBalanceSimilarNodeGroups - 'expander': autoScalerProfileExpander + expander: autoScalerProfileExpander 'max-empty-bulk-delete': autoScalerProfileMaxEmptyBulkDelete 'max-graceful-termination-sec': autoScalerProfileMaxGracefulTerminationSec 'max-node-provision-time': autoScalerProfileMaxNodeProvisionTime @@ -526,7 +526,7 @@ module managedCluster_agentPools 'agentPools/deploy.bicep' = [for (agentPool, in nodeLabels: contains(agentPool, 'nodeLabels') ? agentPool.nodeLabels : {} nodePublicIpPrefixId: contains(agentPool, 'nodePublicIpPrefixId') ? agentPool.nodePublicIpPrefixId : '' nodeTaints: contains(agentPool, 'nodeTaints') ? agentPool.nodeTaints : [] - orchestratorVersion: contains(agentPool, 'orchestratorVersion') ? agentPool.orchestratorVersion : '' + orchestratorVersion: contains(agentPool, 'orchestratorVersion') ? agentPool.orchestratorVersion : aksClusterKubernetesVersion osDiskSizeGB: contains(agentPool, 'osDiskSizeGB') ? agentPool.osDiskSizeGB : -1 osDiskType: contains(agentPool, 'osDiskType') ? agentPool.osDiskType : '' osSku: contains(agentPool, 'osSku') ? agentPool.osSku : '' diff --git a/modules/Microsoft.ContainerService/managedClusters/readme.md b/modules/Microsoft.ContainerService/managedClusters/readme.md index a9b458f9d4..60b3d0fc58 100644 --- a/modules/Microsoft.ContainerService/managedClusters/readme.md +++ b/modules/Microsoft.ContainerService/managedClusters/readme.md @@ -16,8 +16,8 @@ This module deploys Azure Kubernetes Cluster (AKS). | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.ContainerService/managedClusters` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-07-01/managedClusters) | -| `Microsoft.ContainerService/managedClusters/agentPools` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-07-01/managedClusters/agentPools) | +| `Microsoft.ContainerService/managedClusters` | [2022-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-09-01/managedClusters) | +| `Microsoft.ContainerService/managedClusters/agentPools` | [2022-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-09-01/managedClusters/agentPools) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | ## Parameters From c420976d482560cb03653b8548a3405e9a2fb351 Mon Sep 17 00:00:00 2001 From: JPEasier Date: Fri, 11 Nov 2022 23:07:56 +0100 Subject: [PATCH 2/4] add purge protection to keyValt for aks nodepools --- .../managedClusters/.test/azure/dependencies.bicep | 3 ++- .../managedClusters/.test/azure/deploy.test.bicep | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/azure/dependencies.bicep b/modules/Microsoft.ContainerService/managedClusters/.test/azure/dependencies.bicep index 36a473509a..9cd9b1f86e 100644 --- a/modules/Microsoft.ContainerService/managedClusters/.test/azure/dependencies.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/.test/azure/dependencies.bicep @@ -59,7 +59,8 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { name: 'standard' } tenantId: tenant().tenantId - enablePurgeProtection: null + enablePurgeProtection: true // Required by nodepool vmss + softDeleteRetentionInDays: 7 enabledForTemplateDeployment: true enabledForDiskEncryption: true enabledForDeployment: true diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep b/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep index 95204bc1f1..139299e15a 100644 --- a/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep @@ -13,6 +13,9 @@ param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'csmazure' +@description('Generated. Used as a basis for unique resource names.') +param baseTime string = utcNow('u') + // =========== // // Deployments // // =========== // @@ -31,7 +34,8 @@ module resourceGroupResources 'dependencies.bicep' = { virtualNetworkName: 'dep-<>-vnet-${serviceShort}' managedIdentityName: 'dep-<>-msi-${serviceShort}' diskEncryptionSetName: 'dep-<>-des-${serviceShort}' - keyVaultName: 'dep-<>-kv-${serviceShort}' + // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total) + keyVaultName: 'dep-<>-kv-${serviceShort}-${substring(uniqueString(baseTime), 0, 3)}' } } From 6d1581f6105b7eeb646d8bed0967a367f513a4e9 Mon Sep 17 00:00:00 2001 From: JPEasier Date: Fri, 11 Nov 2022 23:21:33 +0100 Subject: [PATCH 3/4] short the short name (kv name to long) --- .../managedClusters/.test/azure/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep b/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep index 139299e15a..922dd57b6e 100644 --- a/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep @@ -11,7 +11,7 @@ param resourceGroupName string = 'ms.containerservice.managedclusters-${serviceS param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'csmazure' +param serviceShort string = 'csmaz' @description('Generated. Used as a basis for unique resource names.') param baseTime string = utcNow('u') From 12b34f34edc9f3d28985389c3aed279f87734033 Mon Sep 17 00:00:00 2001 From: JPEasier Date: Fri, 11 Nov 2022 23:32:31 +0100 Subject: [PATCH 4/4] update readme --- .../Microsoft.ContainerService/managedClusters/readme.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.ContainerService/managedClusters/readme.md b/modules/Microsoft.ContainerService/managedClusters/readme.md index 60b3d0fc58..d8dc0d3641 100644 --- a/modules/Microsoft.ContainerService/managedClusters/readme.md +++ b/modules/Microsoft.ContainerService/managedClusters/readme.md @@ -381,10 +381,10 @@ The following module usage examples are retrieved from the content of the files ```bicep module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-csmazure' + name: '${uniqueString(deployment().name)}-test-csmaz' params: { // Required parameters - name: '<>csmazure001' + name: '<>csmaz001' primaryAgentPoolProfile: [ { availabilityZones: [ @@ -494,7 +494,7 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice "parameters": { // Required parameters "name": { - "value": "<>csmazure001" + "value": "<>csmaz001" }, "primaryAgentPoolProfile": { "value": [