Skip to content

Commit

Permalink
Support for optional subnets in Machine Learning & Healthcare archety…
Browse files Browse the repository at this point in the history
…pes (#264)
  • Loading branch information
SenthuranSivananthan authored Apr 25, 2022
1 parent b33cd36 commit 2bc196a
Show file tree
Hide file tree
Showing 53 changed files with 1,342 additions and 222 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,34 @@
"comments": "Azure Web App Delegated Subnet",
"name": "webapp",
"addressPrefix": "10.5.8.0/25"
}
},
"optional": [
{
"comments": "Optional Subnet 1",
"name": "virtualMachines",
"addressPrefix": "10.5.9.0/25",
"nsg": {
"enabled": true
},
"udr": {
"enabled": true
}
},
{
"comments": "Optional Subnet 2 with delegation for NetApp Volumes",
"name": "NetappVolumes",
"addressPrefix": "10.5.10.0/25",
"nsg": {
"enabled": false
},
"udr": {
"enabled": false
},
"delegations": {
"serviceName": "Microsoft.NetApp/volumes"
}
}
]
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,34 @@
"comments": "App Service Subnet",
"name": "appService",
"addressPrefix": "10.6.10.0/25"
}
},
"optional": [
{
"comments": "Optional Subnet 1",
"name": "virtualMachines",
"addressPrefix": "10.6.11.0/25",
"nsg": {
"enabled": true
},
"udr": {
"enabled": true
}
},
{
"comments": "Optional Subnet 2 with delegation for NetApp Volumes",
"name": "NetappVolumes",
"addressPrefix": "10.6.12.0/25",
"nsg": {
"enabled": false
},
"udr": {
"enabled": false
},
"delegations": {
"serviceName": "Microsoft.NetApp/volumes"
}
}
]
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,8 @@
"comments": "App Service Subnet",
"name": "appService",
"addressPrefix": "10.1.10.0/25"
}
},
"optional": []
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,8 @@
"comments": "App Service Subnet",
"name": "appService",
"addressPrefix": "10.3.10.0/25"
}
},
"optional": []
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,8 @@
"comments": "App Service Subnet",
"name": "appService",
"addressPrefix": "10.4.10.0/25"
}
},
"optional": []
}
}
}
Expand Down
32 changes: 30 additions & 2 deletions docs/archetypes/healthcare.md
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,7 @@ As an administrator, you can lock a subscription, resource group, or resource to
| Deployment with Hub Virtual Network | [tests/schemas/lz-healthcare/FullDeployment-With-Hub.json](../../tests/schemas/lz-healthcare/FullDeployment-With-Hub.json) | - |
| Deployment with Location | [tests/schemas/lz-healthcare/FullDeployment-With-Location.json](../../tests/schemas/lz-healthcare/FullDeployment-With-Location.json) | `parameters.location.value` is `canadacentral` |
| Deployment without Hub Virtual Network | [tests/schemas/lz-healthcare/FullDeployment-Without-Hub.json](../../tests/schemas/lz-healthcare/FullDeployment-Without-Hub.json) | `parameters.hubNetwork.value.*` fields are empty & `parameters.network.value.peerToHubVirtualNetwork` is false. |
| Deployment with optional subnets | [tests/schemas/lz-healthcare/FullDeployment-With-OptionalSubnets.json](../../tests/schemas/lz-healthcare/FullDeployment-With-OptionalSubnets.json) | `parameters.network.subnets.optional` array is set with optional subnets. |
| Deployment with subscription budget | [tests/schemas/lz-healthcare/BudgetIsTrue.json](../../tests/schemas/lz-healthcare/BudgetIsTrue.json) | `parameters.subscriptionBudget.value.createBudget` is set to `true` and budget information filled in. |
| Deployment without subscription budget | [tests/schemas/lz-healthcare/BudgetIsFalse.json](../../tests/schemas/lz-healthcare/BudgetIsFalse.json) | `parameters.subscriptionBudget.value.createBudget` is set to `false` and budget information removed. |
| Deployment without resource tags | [tests/schemas/lz-healthcare/EmptyResourceTags.json](../../tests/schemas/lz-healthcare/EmptyResourceTags.json) | `parameters.resourceTags.value` is an empty object. |
Expand All @@ -290,7 +291,7 @@ This example configures:
6. Resource Tags (aligned to the default tags defined in [Policies](../../policy/custom/definitions/policyset/Tags.parameters.json))
7. Log Analytics Workspace integration through Azure Defender for Cloud
8. Automation Account
9. Spoke Virtual Network with Hub-managed DNS, Hub-managed private endpoint DNS Zones, Virtual Network Peering and all required subnets (zones).
9. Spoke Virtual Network with Hub-managed DNS, Hub-managed private endpoint DNS Zones, Virtual Network Peering and all required subnets and 2 optional subnets.
10. Deploys Azure resources with Customer Managed Keys.

> **Note 1:** Azure Automation Account is not deployed with Customer Managed Key as it requires an Azure Key Vault instance with public network access.
Expand Down Expand Up @@ -454,7 +455,34 @@ This example configures:
"comments": "Azure Web App Delegated Subnet",
"name": "webapp",
"addressPrefix": "10.5.8.0/25"
}
},
"optional": [
{
"comments": "Optional Subnet 1",
"name": "virtualMachines",
"addressPrefix": "10.5.9.0/25",
"nsg": {
"enabled": true
},
"udr": {
"enabled": true
}
},
{
"comments": "Optional Subnet 2 with delegation for NetApp Volumes",
"name": "NetappVolumes",
"addressPrefix": "10.5.10.0/25",
"nsg": {
"enabled": false
},
"udr": {
"enabled": false
},
"delegations": {
"serviceName": "Microsoft.NetApp/volumes"
}
}
]
}
}
}
Expand Down
34 changes: 31 additions & 3 deletions docs/archetypes/machinelearning.md
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,7 @@ As an administrator, you can lock a subscription, resource group, or resource to
| Deployment with Hub Virtual Network | [tests/schemas/lz-machinelearning/FullDeployment-With-Hub.json](../../tests/schemas/lz-machinelearning/FullDeployment-With-Hub.json) | - |
| Deployment with Location | [tests/schemas/lz-machinelearning/FullDeployment-With-Location.json](../../tests/schemas/lz-machinelearning/FullDeployment-With-Location.json) | `parameters.location.value` is `canadacentral` |
| Deployment without Hub Virtual Network | [tests/schemas/lz-machinelearning/FullDeployment-Without-Hub.json](../../tests/schemas/lz-machinelearning/FullDeployment-Without-Hub.json) | `parameters.hubNetwork.value.*` fields are empty & `parameters.network.value.peerToHubVirtualNetwork` is false. |
| Deployment with optional subnets | [tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json](../../tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json) | `parameters.network.subnets.optional` array is set with optional subnets. |
| Deployment with subscription budget | [tests/schemas/lz-machinelearning/BudgetIsTrue.json](../../tests/schemas/lz-machinelearning/BudgetIsTrue.json) | `parameters.subscriptionBudget.value.createBudget` is set to `true` and budget information filled in. |
| Deployment without subscription budget | [tests/schemas/lz-machinelearning/BudgetIsFalse.json](../../tests/schemas/lz-machinelearning/BudgetIsFalse.json) | `parameters.subscriptionBudget.value.createBudget` is set to `false` and budget information removed. |
| Deployment without resource tags | [tests/schemas/lz-machinelearning/EmptyResourceTags.json](../../tests/schemas/lz-machinelearning/EmptyResourceTags.json) | `parameters.resourceTags.value` is an empty object. |
Expand Down Expand Up @@ -295,7 +296,7 @@ This example configures:
6. Resource Tags (aligned to the default tags defined in [Policies](../../policy/custom/definitions/policyset/Tags.parameters.json))
7. Log Analytics Workspace integration through Azure Defender for Cloud
8. Automation Account
9. Spoke Virtual Network with Hub-managed DNS, Hub-managed private endpoint DNS Zones, Virtual Network Peering and all required subnets (zones).
9. Spoke Virtual Network with Hub-managed DNS, Hub-managed private endpoint DNS Zones, Virtual Network Peering and all required subnets and 2 optional subnets.
10. Deploys Azure resources with Customer Managed Keys.

> **Note 1:** Azure Automation Account is not deployed with Customer Managed Key as it requires an Azure Key Vault instance with public network access.
Expand Down Expand Up @@ -488,12 +489,39 @@ This example configures:
"comments": "AKS Subnet",
"name": "aks",
"addressPrefix": "10.4.9.0/25"
}
},
"appService": {
"comments": "App Service Subnet",
"name": "appService",
"addressPrefix": "10.4.10.0/25"
}
},
"optional": [
{
"comments": "Optional Subnet 1",
"name": "virtualMachines",
"addressPrefix": "10.4.11.0/25",
"nsg": {
"enabled": true
},
"udr": {
"enabled": true
}
},
{
"comments": "Optional Subnet 2 with delegation for NetApp Volumes",
"name": "NetappVolumes",
"addressPrefix": "10.4.12.0/25",
"nsg": {
"enabled": false
},
"udr": {
"enabled": false
},
"delegations": {
"serviceName": "Microsoft.NetApp/volumes"
}
}
]
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion landingzones/lz-healthcare/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ param synapse object
@description('Hub Network configuration that includes virtualNetworkId, rfc1918IPRange, rfc6598IPRange, egressVirtualApplianceIp, privateDnsManagedByHub flag, privateDnsManagedByHubSubscriptionId and privateDnsManagedByHubResourceGroupName.')
param hubNetwork object

@description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, databricksPublic, databricksPrivate, web) ')
@description('Network configuration. Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, databricksPublic, databricksPrivate, web, optional [array of optional subnets]) ')
param network object

// Telemetry - Azure customer usage attribution
Expand Down
Loading

0 comments on commit 2bc196a

Please sign in to comment.