-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathdeploymentScript.bicep
155 lines (131 loc) · 5.19 KB
/
deploymentScript.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
// For more information, see https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/deployment-script-bicep
@description('Specifies the name of the deployment script uri.')
param name string = 'BashScript'
@description('Specifies the Azure CLI module version.')
param azCliVersion string = '2.61.0'
@description('Specifies the maximum allowed script execution time specified in ISO 8601 format. Default value is P1D.')
param timeout string = 'PT30M'
@description('Specifies the clean up preference when the script execution gets in a terminal state. Default setting is Always.')
@allowed([
'Always'
'OnExpiration'
'OnSuccess'
])
param cleanupPreference string = 'OnSuccess'
@description('Specifies the interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires.')
param retentionInterval string = 'P1D'
@description('Specifies the name of the user-assigned managed identity of the deployment script.')
param managedIdentityName string
@description('Specifies the primary script URI.')
param primaryScriptUri string
@description('Specifies the name of the AKS cluster.')
param clusterName string
@description('Specifies the resource group name')
param resourceGroupName string = resourceGroup().name
@description('Specifies the subscription id.')
param subscriptionId string = subscription().subscriptionId
@description('Specifies whether to deploy Prometheus and Grafana to the AKS cluster using a Helm chart.')
param deployPrometheusAndGrafanaViaHelm bool = true
@description('Specifies whether to whether to deploy the Certificate Manager to the AKS cluster using a Helm chart.')
param deployCertificateManagerViaHelm bool = true
@description('Specifies the list of ingress classes for which a cert-manager cluster issuer should be created.')
param ingressClassNames array = ['nginx', 'webapprouting.kubernetes.azure.com']
@description('Specifies the list of the names for the cert-manager cluster issuers.')
param clusterIssuerNames array = ['letsencrypt-nginx', 'letsencrypt-webapprouting']
@description('Specifies whether and how to deploy the NGINX Ingress Controller to the AKS cluster using a Helm chart. Possible values are None, Internal, and External.')
@allowed([
'None'
'Internal'
'External'
])
param deployNginxIngressControllerViaHelm string = 'Internal'
@description('Specifies the email address for the cert-manager cluster issuer.')
param email string = '[email protected]'
@description('Specifies the current datetime')
param utcValue string = utcNow()
@description('Specifies the location.')
param location string = resourceGroup().location
@description('Specifies the resource tags.')
param tags object
// Variables
var clusterAdminRoleDefinitionId = resourceId('Microsoft.Authorization/roleDefinitions', '0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8')
// Resources
resource aksCluster 'Microsoft.ContainerService/managedClusters@2022-11-02-preview' existing = {
name: clusterName
}
resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-07-31-preview' = {
name: managedIdentityName
location: location
tags: tags
}
resource clusterAdminContributorRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
name: guid(managedIdentity.id, aksCluster.id, clusterAdminRoleDefinitionId)
scope: aksCluster
properties: {
roleDefinitionId: clusterAdminRoleDefinitionId
principalId: managedIdentity.properties.principalId
principalType: 'ServicePrincipal'
}
}
// Script
resource deploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = if (deployPrometheusAndGrafanaViaHelm || deployCertificateManagerViaHelm || deployNginxIngressControllerViaHelm != 'None') {
name: name
location: location
kind: 'AzureCLI'
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${managedIdentity.id}': {}
}
}
properties: {
forceUpdateTag: utcValue
azCliVersion: azCliVersion
timeout: timeout
environmentVariables: [
{
name: 'clusterName'
value: clusterName
}
{
name: 'resourceGroupName'
value: resourceGroupName
}
{
name: 'subscriptionId'
value: subscriptionId
}
{
name: 'deployPrometheusAndGrafanaViaHelm'
value: deployPrometheusAndGrafanaViaHelm ? 'true' : 'false'
}
{
name: 'ingressClassNames'
value: join(ingressClassNames, ',')
}
{
name: 'clusterIssuerNames'
value: join(clusterIssuerNames, ',')
}
{
name: 'deployCertificateManagerViaHelm'
value: deployCertificateManagerViaHelm ? 'true' : 'false'
}
{
name: 'deployNginxIngressControllerViaHelm'
value: deployNginxIngressControllerViaHelm
}
{
name: 'email'
value: email
}
]
primaryScriptUri: primaryScriptUri
cleanupPreference: cleanupPreference
retentionInterval: retentionInterval
}
}
// Outputs
output result object = deploymentScript.properties.outputs
output certManager string = deploymentScript.properties.outputs.certManager
output nginxIngressController string = deploymentScript.properties.outputs.nginxIngressController