-
Notifications
You must be signed in to change notification settings - Fork 16
/
main.https.nginxviahelm.bicepparam
163 lines (161 loc) · 5.24 KB
/
main.https.nginxviahelm.bicepparam
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
using './main.bicep'
// Variables
var httpFrontendPortName = 'HttpFrontendPort'
var httpListenerName = 'DefaultHttpListener'
var requestRoutingRuleName = 'DefaultRequestRoutingRule'
var backendHttpSettingsName = 'DefaultBackendHttpSettings'
var probeName = 'DefaultProbe'
var hostnames = ['your-yelb-hostname']
// Parameters
param aksClusterNetworkMode = 'transparent'
param aksClusterNetworkDataplane = 'cilium'
param aksClusterNetworkPlugin = 'azure'
param aksClusterNetworkPluginMode = 'overlay'
param aksClusterNetworkPolicy = 'cilium'
param aksClusterWebAppRoutingEnabled = false
param aksClusterSkuTier = 'Standard'
param aksClusterPodCidr = '192.168.0.0/16'
param aksClusterServiceCidr = '172.16.0.0/16'
param aksClusterDnsServiceIP = '172.16.0.10'
param aksClusterOutboundType = 'userAssignedNATGateway'
param aksClusterKubernetesVersion = '1.30.4'
param aksClusterAdminUsername = 'azadmin'
param aksClusterSshPublicKey = '<ssh-public-key>'
param loadBalancerBackendPoolType = 'nodeIP'
param aadProfileManaged = true
param aadProfileEnableAzureRBAC = true
param aadProfileAdminGroupObjectIDs = [
'<entra-id-admin-group-object-id>'
]
param systemAgentPoolName = 'system'
param systemAgentPoolVmSize = 'Standard_F8s_v2'
param systemAgentPoolOsDiskSizeGB = 80
param systemAgentPoolAgentCount = 3
param systemAgentPoolMaxCount = 5
param systemAgentPoolMinCount = 3
param systemAgentPoolNodeTaints = [
'CriticalAddonsOnly=true:NoSchedule'
]
param userAgentPoolName = 'user'
param userAgentPoolVmSize = 'Standard_F8s_v2'
param userAgentPoolOsDiskSizeGB = 80
param userAgentPoolAgentCount = 3
param userAgentPoolMaxCount = 5
param userAgentPoolMinCount = 3
param enableVnetIntegration = true
param virtualNetworkAddressPrefixes = '10.0.0.0/8'
param systemAgentPoolSubnetName = 'SystemSubnet'
param systemAgentPoolSubnetAddressPrefix = '10.240.0.0/16'
param userAgentPoolSubnetName = 'UserSubnet'
param userAgentPoolSubnetAddressPrefix = '10.241.0.0/16'
param podSubnetName = 'PodSubnet'
param podSubnetAddressPrefix = '10.242.0.0/16'
param apiServerSubnetName = 'ApiServerSubnet'
param apiServerSubnetAddressPrefix = '10.243.0.0/27'
param vmSubnetName = 'VmSubnet'
param vmSubnetAddressPrefix = '10.243.1.0/24'
param bastionSubnetAddressPrefix = '10.243.2.0/24'
param logAnalyticsSku = 'PerGB2018'
param logAnalyticsRetentionInDays = 60
param vmEnabled = true
param vmName = 'TestVm'
param vmSize = 'Standard_F8s_v2'
param imagePublisher = 'Canonical'
param imageOffer = '0001-com-ubuntu-server-jammy'
param imageSku = '22_04-lts-gen2'
param authenticationType = 'sshPublicKey'
param vmAdminUsername = 'azadmin'
param vmAdminPasswordOrKey = '<ssh-public-key>'
param diskStorageAccountType = 'Premium_LRS'
param numDataDisks = 1
param osDiskSize = 50
param dataDiskSize = 50
param dataDiskCaching = 'ReadWrite'
param aksClusterEnablePrivateCluster = false
param aksEnablePrivateClusterPublicFQDN = false
param podIdentityProfileEnabled = false
param kedaEnabled = true
param daprEnabled = true
param fluxGitOpsEnabled = false
param verticalPodAutoscalerEnabled = true
param deploymentScriptUri = 'https://raw.githubusercontent.com/paolosalvatori/scripts/refs/heads/main/install-packages.sh'
param blobCSIDriverEnabled = true
param diskCSIDriverEnabled = true
param fileCSIDriverEnabled = true
param snapshotControllerEnabled = true
param defenderSecurityMonitoringEnabled = true
param imageCleanerEnabled = true
param imageCleanerIntervalHours = 24
param nodeRestrictionEnabled = true
param workloadIdentityEnabled = true
param oidcIssuerProfileEnabled = true
param dnsZoneName = '<your-azure-dns-name-eg-contoso-com>'
param dnsZoneResourceGroupName = '<your-azure-dns-resource-group-name>'
param actionGroupEmailAddress = '<your-email-adddress>'
param keyVaultName = '<key-vault-name>'
param keyVaultResourceGroupName = '<key-vault-resource-group-name>'
param keyVaultCertificateName = '<key-vault-certificate-name>'
param backendAddressPoolName = 'DefaultBackendAddressPool'
param frontendPorts = [
{
name: httpFrontendPortName
port: 443
}
]
param httpListeners = [
{
name: httpListenerName
protocol: 'Https'
frontendPort: httpFrontendPortName
sslCertificate: keyVaultCertificateName
hostNames: hostnames
firewallPolicy: 'Enabled'
}
]
param requestRoutingRules = [
{
name: requestRoutingRuleName
ruleType: 'Basic'
priority: 1000
listener: httpListenerName
backendPool: backendAddressPoolName
backendHttpSettings: backendHttpSettingsName
}
]
param backendHttpSettings = [
{
name: backendHttpSettingsName
port: 443
protocol: 'Https'
cookieBasedAffinity: 'Disabled'
probeName: probeName
probeEnabled: true
pickHostNameFromBackendAddress: false
requestTimeout: 300
}
]
param probes = [
{
name: probeName
protocol: 'Https'
path: '/'
host: hostnames[0]
port: 443
interval: 60
timeout: 30
unhealthyThreshold: 3
pickHostNameFromBackendHttpSettings: false
match: {
statusCodes: [
'200'
]
}
}
]
param redirectConfigurations = []
param deployPrometheusAndGrafanaViaHelm = true
param deployCertificateManagerViaHelm = true
param ingressClassNames = ['nginx']
param clusterIssuerNames = ['letsencrypt-nginx']
param deployNginxIngressControllerViaHelm = 'Internal'
param email = '<your-email-adddress>'