-
Notifications
You must be signed in to change notification settings - Fork 51
/
Copy pathmain.bicep
142 lines (127 loc) · 4.16 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
@minLength(36)
@maxLength(36)
@description('Used to set the Keyvault access policy - run this command using az cli to get your ObjectID : az ad signed-in-user show --query id -o tsv')
param adUserId string = ''
@description('Set the resource group name, this will be created automatically')
@minLength(3)
@maxLength(10)
param ResourceGroupName string = 'dockerhost'
@description('Set the size for the VM')
@minLength(6)
param HostVmSize string = 'Standard_D2_v3'
targetScope = 'subscription'
var location = deployment().location // linting warning here, but for this deployment it is at subscription level and so if we have a separate parameter specified here,
// there will be two "location" options on the "Deploy to Azure" custom deployment and this is confusing for the user.
var VnetName = 'dockervnet'
var subnetname = 'dockersubnet'
var VnetAddressPrefix = '172.16.0.0/16'
var subnetprefix = '172.16.24.0/24'
var bastionSubnet = '172.16.1.0/24'
var bastionNetworkName = 'AzureBastionSubnet'
var subnet1ref = '${dockernetwork.outputs.vnid}/subnets/${dockernetwork.outputs.subnetname}'
var bastionNetworkref = '${dockernetwork.outputs.vnid}/subnets/${dockernetwork.outputs.bastionSubnetName}'
var VmHostnamePrefix = 'docker-host-'
var VmAdminUsername = 'localadmin'
var repoName = 'nehalineogi'
var branchName = 'main'
var githubPath = 'https://raw.githubusercontent.com/${repoName}/azure-cross-solution-network-architectures/${branchName}/bicep/dockerhost/scripts/'
resource rg 'Microsoft.Resources/resourceGroups@2020-10-01' = {
name: ResourceGroupName
location: location
}
module kv './modules/kv.bicep' = {
params: {
location: location
adUserId: adUserId
}
name: 'kv'
scope: rg
}
module dockerhost1 './modules/vm.bicep' = {
params: {
location : location
adminusername: VmAdminUsername
keyvault_name: kv.outputs.keyvaultname
vmname : '${VmHostnamePrefix}1'
subnet1ref : subnet1ref
vmSize : HostVmSize
githubPath : githubPath
adUserId : adUserId
}
name: '${VmHostnamePrefix}1'
scope: rg
}
module dockerhost2 './modules/vm.bicep' = {
params: {
location : location
adminusername: VmAdminUsername
keyvault_name: kv.outputs.keyvaultname
vmname : '${VmHostnamePrefix}2'
subnet1ref : subnet1ref
vmSize : HostVmSize
githubPath : githubPath
adUserId : adUserId
}
name: '${VmHostnamePrefix}2'
scope: rg
dependsOn: [
dockerhost1
]
}
module dockernetwork './modules/network.bicep' = {
params: {
addressPrefix : VnetAddressPrefix
location : location
subnetname : subnetname
subnetprefix : subnetprefix
bastionNetworkName: bastionNetworkName
bastionSubnet : bastionSubnet
virtualNetworkName: VnetName
}
name: 'dockernetwork'
scope: rg
}
module defaultNSG './modules/nsg.bicep' = {
name: 'hubNSG'
params:{
location: location
destinationAddressPrefix:dockernetwork.outputs.subnet1addressPrefix
}
scope:rg
}
module bastionNSG './modules/nsg_bastion.bicep' = {
name: 'bastionNSG'
params:{
location: location
}
scope:rg
}
module onpremNsgAttachment './modules/nsgAttachment.bicep' = {
name: 'onpremNsgAttachment'
params:{
nsgId : defaultNSG.outputs.nsgId
subnetAddressPrefix: dockernetwork.outputs.subnet1addressPrefix
subnetName : dockernetwork.outputs.subnetname
vnetName : dockernetwork.outputs.vnName
}
scope:rg
}
module bastionNsgAttachment './modules/nsgAttachment.bicep' = {
name: 'bastionNsgAttachment'
params:{
nsgId : bastionNSG.outputs.nsgId
subnetAddressPrefix: dockernetwork.outputs.bastionsubnetprefix
subnetName : dockernetwork.outputs.bastionSubnetName
vnetName : dockernetwork.outputs.vnName
}
scope:rg
}
module Bastion './modules/bastion.bicep' = {
params:{
bastionHostName: 'bastion'
location: location
subnetRef: bastionNetworkref
}
scope:rg
name: 'bastion'
}