Initial commit

ahelland · Dec 5, 2023 · bbb5137 · bbb5137
1 parent 93a4df1
commit bbb5137
Show file tree

Hide file tree

Showing 26 changed files with 1,469 additions and 0 deletions.
diff --git a/devCenter/deploy.azcli b/devCenter/deploy.azcli
@@ -0,0 +1,5 @@
+# To validate the deployment without creating resources
+az deployment sub what-if --location westeurope --name DevCenterStack --template-file main.bicep --parameters .\main.bicepparam
+
+# To deploy the Dev Center as a deployment stack
+az stack sub create --name DevCenterStack --location westeurope --template-file main.bicep --parameters .\main.bicepparam --deny-settings-mode none
diff --git a/devCenter/main.bicep b/devCenter/main.bicep
@@ -0,0 +1,102 @@
+targetScope = 'subscription'
+
+param location string
+
+@description('Tags retrieved from parameter file.')
+param resourceTags object = {}
+@description('Name of DevBox definition.')
+param definitionName string = 'DevBox-8-32'
+@description('DevBox definition SKU.')
+param definitionSKU string = 'general_i_8c32gb256ssd_v2'
+@description('DevBox definition storage type.')
+param definitionStorageType string = 'ssd_256gb'
+
+resource rg_devc 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: 'rg-devcenter'
+  location: location
+  tags: resourceTags
+}
+
+param vnetName string = 'core-vnet-weu'
+module vnet 'br/public:network/virtual-network:1.1.3' = {
+  scope: rg_devc
+  name: 'core-vnet-weu'
+  params: {
+    name: vnetName
+    location: location    
+    addressPrefixes: [
+      '10.1.0.0/16'
+    ]
+    subnets: [
+      {
+        name: 'snet-devbox-01'
+        addressPrefix: '10.1.1.0/24'
+        privateEndpointNetworkPolicies: 'Enabled'
+      }
+      {
+        name: 'snet-cae-01'
+        addressPrefix: '10.1.2.0/24'
+        privateEndpointNetworkPolicies: 'Enabled'
+        delegations: [
+          {            
+            name: 'Microsoft.App.environments'
+            properties: {
+              serviceName: 'Microsoft.App/environments'
+            }
+            type: 'Microsoft.Network/virtualNetworks/subnets/delegations'
+          }
+        ]
+      }    
+    ]
+  }
+}
+
+module devCenter '../modules/devcenter/main.bicep' = {
+  scope: rg_devc
+  name: 'devcenter'
+  params: {
+    location: location
+    devCenterName: 'devCenter'
+    definitionName: definitionName
+    definitionSKU: definitionSKU
+    definitionStorageType: definitionStorageType
+    image: 'microsoftvisualstudio_visualstudioplustools_vs-2022-ent-general-win11-m365-gen2'
+    networkConnectionId: networkConnection.outputs.id    
+  }
+}
+
+module devProject '../modules/project/main.bicep' = {
+  scope: rg_devc
+  name: 'devProject'
+  params: {
+    devBoxDefinitionName: definitionName
+    devCenterId: devCenter.outputs.devCenterId
+    devPoolName: 'devBoxPool'
+    location: location
+    networkConnectionName: devCenter.outputs.devCenterAttachedNetwork
+    projectName: 'devProject'
+    deploymentTargetId: subscription().id
+  }
+}
+
+//Add permissions for the dev environment identity to modify the vnet
+var networkContributorRole = resourceId('Microsoft.Authorization/roleAssignments','4d97b98b-1d4f-4787-a291-c67834d212e7')
+resource networkRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(rg_devc.id,devCenter.name,networkContributorRole)
+  properties: {
+    principalId: devProject.outputs.devEnvironmentManagedId
+    roleDefinitionId: networkContributorRole
+    principalType: 'ServicePrincipal'
+  }
+}
+
+//Connect the Dev Center to the custom vnet
+module networkConnection '../modules/network-connection/main.bicep' = {
+  scope: rg_devc
+  name: 'devcenter-network-connection'
+  params: {
+    connectionName: 'devcenter-network-connection'
+    location: location
+    snetId: vnet.outputs.subnetResourceIds[0]
+  }
+}
diff --git a/devCenter/main.bicepparam b/devCenter/main.bicepparam
@@ -0,0 +1,8 @@
+using './main.bicep'
+
+param resourceTags = {
+    IaC: 'Bicep'
+    Source: 'GitHub'  
+}
+
+param location = 'westeurope'
diff --git a/environments/ContainerEnvironment/dnsRecord.bicep b/environments/ContainerEnvironment/dnsRecord.bicep
@@ -0,0 +1,20 @@
+param zone string
+param recordName string
+param ipAddress string
+
+resource dnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = {
+  name: zone
+}
+
+resource record 'Microsoft.Network/privateDnsZones/A@2020-06-01' = {
+  parent: dnsZone
+  name: recordName
+  properties: {
+    ttl: 3600
+    aRecords: [
+      {
+        ipv4Address: ipAddress
+      }
+    ]
+  }
+}
diff --git a/environments/ContainerEnvironment/dnsZone.bicep b/environments/ContainerEnvironment/dnsZone.bicep
@@ -0,0 +1,34 @@
+metadata name = 'DNS Zone Private'
+metadata description = 'Creates a private DNS Zone hosted in Azure DNS.'
+metadata owner = 'ahelland'
+
+@description('Tags retrieved from parameter file.')
+param resourceTags object = {}
+
+@description('The name of the DNS zone to be created.  Must have at least 2 segments, e.g. hostname.org')
+param zoneName string
+
+@description('Enable auto-registration for virtual network.')
+param registrationEnabled bool
+@description('The name of vnet to connect the zone to (for naming of link). Null if registrationEnabled is false.')
+param vnetName string?
+@description('Vnet to link up with. Null if registrationEnabled is false.')
+param vnetId string?
+
+resource zone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+  name: zoneName
+  location: 'global'
+  tags: resourceTags
+
+  resource vnet 'virtualNetworkLinks@2020-06-01' = if (!empty(vnetName)) {
+    name: '${vnetName}-link'
+    location: 'global'
+    properties: {
+      registrationEnabled: registrationEnabled
+      virtualNetwork: {
+        id: vnetId
+      }
+    }
+
+  }
+}
diff --git a/environments/ContainerEnvironment/main.bicep b/environments/ContainerEnvironment/main.bicep
@@ -0,0 +1,145 @@
+metadata name = 'Container Environment - Azure'
+metadata description = 'Deploys a Container Environment in Azure.'
+metadata owner = 'ahelland'
+
+@description('Name of Container Environment')
+param name string
+@description('Location for Container Environment')
+param location string
+@description('Tags retrieved from parameter file.')
+param resourceTags object = {}
+
+@description('Should the Container Environment be connected to a custom virtual network? Enabling this also requires a valid value for snetId.')
+param vnetInternal bool = true
+@description('If vnet integration is enabled which subnet should the container environment be connected to?')
+param snetId string
+
+//Include Log Analytics in module to avoid passing clientSecret via outputs
+resource loganalytics 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: 'log-analytics-${name}'
+  location: location
+  tags: resourceTags
+  properties: any({
+    retentionInDays: 30
+    features: {
+      searchVersion: 1
+    }
+    sku: {
+      name: 'PerGB2018'
+    }
+  })
+}
+
+resource containerenvironment 'Microsoft.App/managedEnvironments@2023-05-02-preview' = {
+  name: 'container-environment-${name}'
+  location: location  
+  tags: resourceTags
+  properties: {    
+    appLogsConfiguration: {
+      destination: 'log-analytics'
+      logAnalyticsConfiguration: {
+        customerId: loganalytics.properties.customerId
+        sharedKey: loganalytics.listKeys().primarySharedKey
+      }
+    }
+    vnetConfiguration: {
+      internal: vnetInternal ? true : false
+      //If vnetInternal == false, snetId is assumed to be null.      
+      infrastructureSubnetId: snetId
+    }
+    peerAuthentication: {
+      mtls: {
+        enabled: true
+      }
+    }
+    workloadProfiles: [
+      {
+        workloadProfileType: 'Consumption'
+        name: 'Consumption'
+      }
+    ]
+  }  
+}
+
+//Split the subnetId into individual parts to build the vnetId part
+//Note: this is a quick hack type implementation
+var vnetComponents = split(snetId,'/')
+var vnetId = '/${vnetComponents[1]}/${vnetComponents[2]}/${vnetComponents[3]}/${vnetComponents[4]}/${vnetComponents[5]}/${vnetComponents[6]}/${vnetComponents[7]}/${vnetComponents[8]}'
+
+module dnsZone 'dnsZone.bicep' = {
+  name: '${containerenvironment.name}-dns'
+  params: {
+    resourceTags: resourceTags
+    registrationEnabled: false
+    zoneName: containerenvironment.properties.defaultDomain
+    vnetName: 'cae'
+    vnetId: vnetId
+  }
+}
+
+resource helloApp 'Microsoft.App/containerApps@2023-05-02-preview' = {
+  name: 'hello'
+  location: location
+  properties: {
+    managedEnvironmentId: containerenvironment.id
+    environmentId: containerenvironment.id
+    workloadProfileName: 'Consumption'
+    configuration: {
+      activeRevisionsMode: 'Single'
+      ingress: {
+        external: true
+        targetPort: 80
+        exposedPort: 0
+        transport: 'Auto'
+        traffic: [
+          {
+            weight: 100
+            latestRevision: true
+          }
+        ]
+        allowInsecure: false
+      }
+    }
+    template: {
+      revisionSuffix: ''
+      containers: [
+        {
+          image: 'mcr.microsoft.com/k8se/quickstart:latest'
+          name: 'simple-hello-world-container'
+          resources: {
+            cpu: json('0.25')
+            memory: '0.5Gi'
+          }
+        }
+      ]
+      scale: {
+        minReplicas: 0
+        maxReplicas: 10
+      }
+    }
+  }
+  identity: {
+    type: 'None'
+  }
+}
+
+module aRecord 'dnsRecord.bicep' = {
+  name: helloApp.name
+  params: {
+    ipAddress: containerenvironment.properties.staticIp
+    recordName: helloApp.name
+    zone: containerenvironment.properties.defaultDomain
+  }
+  dependsOn: [
+    dnsZone
+  ]
+}
+
+@description('Id of Container Environment')
+output id string              = containerenvironment.id
+@description('The static IP of the environment.')
+output staticIp string        = containerenvironment.properties.staticIp
+@description('The default domain.')
+output defaultDomain string   = containerenvironment.properties.defaultDomain
+@description('Verification id for creating DNS records')
+output verificationId string  = containerenvironment.properties.customDomainConfiguration.customDomainVerificationId