diff --git a/.github/workflows/ms.network.loadbalancers.yml b/.github/workflows/ms.network.loadbalancers.yml index e490a3b069..0465e1d60a 100644 --- a/.github/workflows/ms.network.loadbalancers.yml +++ b/.github/workflows/ms.network.loadbalancers.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Network/loadBalancers/.test/common/dependencies.bicep b/modules/Microsoft.Network/loadBalancers/.test/common/dependencies.bicep new file mode 100644 index 0000000000..c435b9706a --- /dev/null +++ b/modules/Microsoft.Network/loadBalancers/.test/common/dependencies.bicep @@ -0,0 +1,36 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Public IP to create.') +param publicIPName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { + name: publicIPName + location: location + sku: { + name: 'Standard' + tier: 'Regional' + } + properties: { + publicIPAllocationMethod: 'Static' + } + zones: [ + '1' + '2' + '3' + ] +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Public IP.') +output publicIPResourceId string = publicIP.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/loadBalancers/.test/common/deploy.test.bicep b/modules/Microsoft.Network/loadBalancers/.test/common/deploy.test.bicep new file mode 100644 index 0000000000..2842508186 --- /dev/null +++ b/modules/Microsoft.Network/loadBalancers/.test/common/deploy.test.bicep @@ -0,0 +1,154 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.network.loadbalancers-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'nlbcom' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + publicIPName: 'dep-<>-pip-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + frontendIPConfigurations: [ + { + name: 'publicIPConfig1' + publicIPAddressId: resourceGroupResources.outputs.publicIPResourceId + } + ] + backendAddressPools: [ + { + name: 'backendAddressPool1' + } + { + name: 'backendAddressPool2' + } + ] + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + inboundNatRules: [ + { + backendPort: 443 + enableFloatingIP: false + enableTcpReset: false + frontendIPConfigurationName: 'publicIPConfig1' + frontendPort: 443 + idleTimeoutInMinutes: 4 + name: 'inboundNatRule1' + protocol: 'Tcp' + } + { + backendPort: 3389 + frontendIPConfigurationName: 'publicIPConfig1' + frontendPort: 3389 + name: 'inboundNatRule2' + } + ] + loadBalancingRules: [ + { + backendAddressPoolName: 'backendAddressPool1' + backendPort: 80 + disableOutboundSnat: true + enableFloatingIP: false + enableTcpReset: false + frontendIPConfigurationName: 'publicIPConfig1' + frontendPort: 80 + idleTimeoutInMinutes: 5 + loadDistribution: 'Default' + name: 'publicIPLBRule1' + probeName: 'probe1' + protocol: 'Tcp' + } + { + backendAddressPoolName: 'backendAddressPool2' + backendPort: 8080 + frontendIPConfigurationName: 'publicIPConfig1' + frontendPort: 8080 + loadDistribution: 'Default' + name: 'publicIPLBRule2' + probeName: 'probe2' + } + ] + lock: 'CanNotDelete' + outboundRules: [ + { + allocatedOutboundPorts: 63984 + backendAddressPoolName: 'backendAddressPool1' + frontendIPConfigurationName: 'publicIPConfig1' + name: 'outboundRule1' + } + ] + probes: [ + { + intervalInSeconds: 10 + name: 'probe1' + numberOfProbes: 5 + port: 80 + protocol: 'Tcp' + } + { + name: 'probe2' + port: 443 + protocol: 'Https' + requestPath: '/' + } + ] + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + } +} diff --git a/modules/Microsoft.Network/loadBalancers/.test/internal.parameters.json b/modules/Microsoft.Network/loadBalancers/.test/internal.parameters.json deleted file mode 100644 index 4c3ffb022f..0000000000 --- a/modules/Microsoft.Network/loadBalancers/.test/internal.parameters.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lb-internal-001" - }, - "loadBalancerSku": { - "value": "Standard" - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "privateIPConfig1", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001" - } - ] - }, - "backendAddressPools": { - "value": [ - { - "name": "servers" - } - ] - }, - "probes": { - "value": [ - { - "name": "probe1", - "protocol": "Tcp", - "port": "62000", - "intervalInSeconds": 5, - "numberOfProbes": 2 - } - ] - }, - "loadBalancingRules": { - "value": [ - { - "name": "privateIPLBRule1", - "frontendIPConfigurationName": "privateIPConfig1", - "frontendPort": 0, - "backendPort": 0, - "enableFloatingIP": true, - "idleTimeoutInMinutes": 4, - "protocol": "All", - "loadDistribution": "Default", - "probeName": "probe1", - "disableOutboundSnat": true, - "enableTcpReset": false, - "backendAddressPoolName": "servers" - } - ] - }, - "inboundNatRules": { - "value": [ - { - "name": "inboundNatRule1", - "frontendIPConfigurationName": "privateIPConfig1", - "frontendPort": 443, - "backendPort": 443, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableTcpReset": false - }, - { - "name": "inboundNatRule2", - "frontendIPConfigurationName": "privateIPConfig1", - "frontendPort": 3389, - "backendPort": 3389 - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/loadBalancers/.test/internal/dependencies.bicep b/modules/Microsoft.Network/loadBalancers/.test/internal/dependencies.bicep new file mode 100644 index 0000000000..c45afc0d82 --- /dev/null +++ b/modules/Microsoft.Network/loadBalancers/.test/internal/dependencies.bicep @@ -0,0 +1,39 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/loadBalancers/.test/internal/deploy.test.bicep b/modules/Microsoft.Network/loadBalancers/.test/internal/deploy.test.bicep new file mode 100644 index 0000000000..d5f25b8b25 --- /dev/null +++ b/modules/Microsoft.Network/loadBalancers/.test/internal/deploy.test.bicep @@ -0,0 +1,128 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.network.loadbalancers-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'nlbint' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + frontendIPConfigurations: [ + { + name: 'privateIPConfig1' + subnetId: resourceGroupResources.outputs.subnetResourceId + } + ] + backendAddressPools: [ + { + name: 'servers' + } + ] + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + inboundNatRules: [ + { + backendPort: 443 + enableFloatingIP: false + enableTcpReset: false + frontendIPConfigurationName: 'privateIPConfig1' + frontendPort: 443 + idleTimeoutInMinutes: 4 + name: 'inboundNatRule1' + protocol: 'Tcp' + } + { + backendPort: 3389 + frontendIPConfigurationName: 'privateIPConfig1' + frontendPort: 3389 + name: 'inboundNatRule2' + } + ] + loadBalancerSku: 'Standard' + loadBalancingRules: [ + { + backendAddressPoolName: 'servers' + backendPort: 0 + disableOutboundSnat: true + enableFloatingIP: true + enableTcpReset: false + frontendIPConfigurationName: 'privateIPConfig1' + frontendPort: 0 + idleTimeoutInMinutes: 4 + loadDistribution: 'Default' + name: 'privateIPLBRule1' + probeName: 'probe1' + protocol: 'All' + } + ] + probes: [ + { + intervalInSeconds: 5 + name: 'probe1' + numberOfProbes: 2 + port: '62000' + protocol: 'Tcp' + } + ] + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + } +} diff --git a/modules/Microsoft.Network/loadBalancers/.test/min.parameters.json b/modules/Microsoft.Network/loadBalancers/.test/min.parameters.json deleted file mode 100644 index 695027dc9f..0000000000 --- a/modules/Microsoft.Network/loadBalancers/.test/min.parameters.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lb-min-001" - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "publicIPConfig1", - "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-min-lb" - } - ] - } - } -} diff --git a/modules/Microsoft.Network/loadBalancers/.test/min/dependencies.bicep b/modules/Microsoft.Network/loadBalancers/.test/min/dependencies.bicep new file mode 100644 index 0000000000..6f05edd3d6 --- /dev/null +++ b/modules/Microsoft.Network/loadBalancers/.test/min/dependencies.bicep @@ -0,0 +1,25 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Public IP to create.') +param publicIPName string + +resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { + name: publicIPName + location: location + sku: { + name: 'Standard' + tier: 'Regional' + } + properties: { + publicIPAllocationMethod: 'Static' + } + zones: [ + '1' + '2' + '3' + ] +} + +@description('The resource ID of the created Public IP.') +output publicIPResourceId string = publicIP.id diff --git a/modules/Microsoft.Network/loadBalancers/.test/min/deploy.test.bicep b/modules/Microsoft.Network/loadBalancers/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..43af86182d --- /dev/null +++ b/modules/Microsoft.Network/loadBalancers/.test/min/deploy.test.bicep @@ -0,0 +1,52 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.network.loadbalancers-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'nlbmin' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + publicIPName: 'dep-<>-pip-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + + frontendIPConfigurations: [ + { + name: 'publicIPConfig1' + publicIPAddressId: resourceGroupResources.outputs.publicIPResourceId + } + ] + } +} diff --git a/modules/Microsoft.Network/loadBalancers/.test/parameters.json b/modules/Microsoft.Network/loadBalancers/.test/parameters.json deleted file mode 100644 index df44d93edf..0000000000 --- a/modules/Microsoft.Network/loadBalancers/.test/parameters.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lb-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "publicIPConfig1", - "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-lb" - } - ] - }, - "backendAddressPools": { - "value": [ - { - "name": "backendAddressPool1" - }, - { - "name": "backendAddressPool2" - } - ] - }, - "loadBalancingRules": { - "value": [ - { - "name": "publicIPLBRule1", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 80, - "backendPort": 80, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 5, - "protocol": "Tcp", - "enableTcpReset": false, - "loadDistribution": "Default", - "disableOutboundSnat": true, - "probeName": "probe1", - "backendAddressPoolName": "backendAddressPool1" - }, - { - "name": "publicIPLBRule2", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 8080, - "backendPort": 8080, - "loadDistribution": "Default", - "probeName": "probe2", - "backendAddressPoolName": "backendAddressPool2" - } - ] - }, - "inboundNatRules": { - "value": [ - { - "name": "inboundNatRule1", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 443, - "backendPort": 443, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableTcpReset": false - }, - { - "name": "inboundNatRule2", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 3389, - "backendPort": 3389 - } - ] - }, - "outboundRules": { - "value": [ - { - "name": "outboundRule1", - "frontendIPConfigurationName": "publicIPConfig1", - "backendAddressPoolName": "backendAddressPool1", - "allocatedOutboundPorts": 63984 - } - ] - }, - "probes": { - "value": [ - { - "name": "probe1", - "protocol": "Tcp", - "port": 80, - "intervalInSeconds": 10, - "numberOfProbes": 5 - }, - { - "name": "probe2", - "protocol": "Https", - "port": 443, - "requestPath": "/" - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/loadBalancers/readme.md b/modules/Microsoft.Network/loadBalancers/readme.md index 1556a0cadd..64088a447f 100644 --- a/modules/Microsoft.Network/loadBalancers/readme.md +++ b/modules/Microsoft.Network/loadBalancers/readme.md @@ -469,7 +469,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Internal

+

Example 1: Common

@@ -477,33 +477,36 @@ The following module usage examples are retrieved from the content of the files ```bicep module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-LoadBalancers' + name: '${uniqueString(deployment().name)}-test-nlbcom' params: { // Required parameters frontendIPConfigurations: [ { - name: 'privateIPConfig1' - subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001' + name: 'publicIPConfig1' + publicIPAddressId: '' } ] - name: '<>-az-lb-internal-001' + name: '<>nlbcom001' // Non-required parameters backendAddressPools: [ { - name: 'servers' + name: 'backendAddressPool1' + } + { + name: 'backendAddressPool2' } ] - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' inboundNatRules: [ { backendPort: 443 enableFloatingIP: false enableTcpReset: false - frontendIPConfigurationName: 'privateIPConfig1' + frontendIPConfigurationName: 'publicIPConfig1' frontendPort: 443 idleTimeoutInMinutes: 4 name: 'inboundNatRule1' @@ -511,41 +514,64 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { } { backendPort: 3389 - frontendIPConfigurationName: 'privateIPConfig1' + frontendIPConfigurationName: 'publicIPConfig1' frontendPort: 3389 name: 'inboundNatRule2' } ] - loadBalancerSku: 'Standard' loadBalancingRules: [ { - backendAddressPoolName: 'servers' - backendPort: 0 + backendAddressPoolName: 'backendAddressPool1' + backendPort: 80 disableOutboundSnat: true - enableFloatingIP: true + enableFloatingIP: false enableTcpReset: false - frontendIPConfigurationName: 'privateIPConfig1' - frontendPort: 0 - idleTimeoutInMinutes: 4 + frontendIPConfigurationName: 'publicIPConfig1' + frontendPort: 80 + idleTimeoutInMinutes: 5 loadDistribution: 'Default' - name: 'privateIPLBRule1' + name: 'publicIPLBRule1' probeName: 'probe1' - protocol: 'All' + protocol: 'Tcp' + } + { + backendAddressPoolName: 'backendAddressPool2' + backendPort: 8080 + frontendIPConfigurationName: 'publicIPConfig1' + frontendPort: 8080 + loadDistribution: 'Default' + name: 'publicIPLBRule2' + probeName: 'probe2' + } + ] + lock: 'CanNotDelete' + outboundRules: [ + { + allocatedOutboundPorts: 63984 + backendAddressPoolName: 'backendAddressPool1' + frontendIPConfigurationName: 'publicIPConfig1' + name: 'outboundRule1' } ] probes: [ { - intervalInSeconds: 5 + intervalInSeconds: 10 name: 'probe1' - numberOfProbes: 2 - port: '62000' + numberOfProbes: 5 + port: 80 protocol: 'Tcp' } + { + name: 'probe2' + port: 443 + protocol: 'Https' + requestPath: '/' + } ] roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -570,36 +596,39 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { "frontendIPConfigurations": { "value": [ { - "name": "privateIPConfig1", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001" + "name": "publicIPConfig1", + "publicIPAddressId": "" } ] }, "name": { - "value": "<>-az-lb-internal-001" + "value": "<>nlbcom001" }, // Non-required parameters "backendAddressPools": { "value": [ { - "name": "servers" + "name": "backendAddressPool1" + }, + { + "name": "backendAddressPool2" } ] }, "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "" }, "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" + "value": "" }, "diagnosticLogsRetentionInDays": { "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" }, "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + "value": "" }, "inboundNatRules": { "value": [ @@ -607,7 +636,7 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { "backendPort": 443, "enableFloatingIP": false, "enableTcpReset": false, - "frontendIPConfigurationName": "privateIPConfig1", + "frontendIPConfigurationName": "publicIPConfig1", "frontendPort": 443, "idleTimeoutInMinutes": 4, "name": "inboundNatRule1", @@ -615,41 +644,66 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { }, { "backendPort": 3389, - "frontendIPConfigurationName": "privateIPConfig1", + "frontendIPConfigurationName": "publicIPConfig1", "frontendPort": 3389, "name": "inboundNatRule2" } ] }, - "loadBalancerSku": { - "value": "Standard" - }, "loadBalancingRules": { "value": [ { - "backendAddressPoolName": "servers", - "backendPort": 0, + "backendAddressPoolName": "backendAddressPool1", + "backendPort": 80, "disableOutboundSnat": true, - "enableFloatingIP": true, + "enableFloatingIP": false, "enableTcpReset": false, - "frontendIPConfigurationName": "privateIPConfig1", - "frontendPort": 0, - "idleTimeoutInMinutes": 4, + "frontendIPConfigurationName": "publicIPConfig1", + "frontendPort": 80, + "idleTimeoutInMinutes": 5, "loadDistribution": "Default", - "name": "privateIPLBRule1", + "name": "publicIPLBRule1", "probeName": "probe1", - "protocol": "All" + "protocol": "Tcp" + }, + { + "backendAddressPoolName": "backendAddressPool2", + "backendPort": 8080, + "frontendIPConfigurationName": "publicIPConfig1", + "frontendPort": 8080, + "loadDistribution": "Default", + "name": "publicIPLBRule2", + "probeName": "probe2" + } + ] + }, + "lock": { + "value": "CanNotDelete" + }, + "outboundRules": { + "value": [ + { + "allocatedOutboundPorts": 63984, + "backendAddressPoolName": "backendAddressPool1", + "frontendIPConfigurationName": "publicIPConfig1", + "name": "outboundRule1" } ] }, "probes": { "value": [ { - "intervalInSeconds": 5, + "intervalInSeconds": 10, "name": "probe1", - "numberOfProbes": 2, - "port": "62000", + "numberOfProbes": 5, + "port": 80, "protocol": "Tcp" + }, + { + "name": "probe2", + "port": 443, + "protocol": "Https", + "requestPath": "/" } ] }, @@ -657,7 +711,7 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -670,60 +724,7 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = {

-

Example 2: Min

- -
- -via Bicep module - -```bicep -module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-LoadBalancers' - params: { - // Required parameters - frontendIPConfigurations: [ - { - name: 'publicIPConfig1' - publicIPAddressId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-min-lb' - } - ] - name: '<>-az-lb-min-001' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "frontendIPConfigurations": { - "value": [ - { - "name": "publicIPConfig1", - "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-min-lb" - } - ] - }, - "name": { - "value": "<>-az-lb-min-001" - } - } -} -``` - -
-

- -

Example 3: Parameters

+

Example 2: Internal

@@ -731,36 +732,33 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { ```bicep module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-LoadBalancers' + name: '${uniqueString(deployment().name)}-test-nlbint' params: { // Required parameters frontendIPConfigurations: [ { - name: 'publicIPConfig1' - publicIPAddressId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-lb' + name: 'privateIPConfig1' + subnetId: '' } ] - name: '<>-az-lb-x-001' + name: '<>nlbint001' // Non-required parameters backendAddressPools: [ { - name: 'backendAddressPool1' - } - { - name: 'backendAddressPool2' + name: 'servers' } ] - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' inboundNatRules: [ { backendPort: 443 enableFloatingIP: false enableTcpReset: false - frontendIPConfigurationName: 'publicIPConfig1' + frontendIPConfigurationName: 'privateIPConfig1' frontendPort: 443 idleTimeoutInMinutes: 4 name: 'inboundNatRule1' @@ -768,64 +766,41 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { } { backendPort: 3389 - frontendIPConfigurationName: 'publicIPConfig1' + frontendIPConfigurationName: 'privateIPConfig1' frontendPort: 3389 name: 'inboundNatRule2' } ] + loadBalancerSku: 'Standard' loadBalancingRules: [ { - backendAddressPoolName: 'backendAddressPool1' - backendPort: 80 + backendAddressPoolName: 'servers' + backendPort: 0 disableOutboundSnat: true - enableFloatingIP: false + enableFloatingIP: true enableTcpReset: false - frontendIPConfigurationName: 'publicIPConfig1' - frontendPort: 80 - idleTimeoutInMinutes: 5 + frontendIPConfigurationName: 'privateIPConfig1' + frontendPort: 0 + idleTimeoutInMinutes: 4 loadDistribution: 'Default' - name: 'publicIPLBRule1' + name: 'privateIPLBRule1' probeName: 'probe1' - protocol: 'Tcp' - } - { - backendAddressPoolName: 'backendAddressPool2' - backendPort: 8080 - frontendIPConfigurationName: 'publicIPConfig1' - frontendPort: 8080 - loadDistribution: 'Default' - name: 'publicIPLBRule2' - probeName: 'probe2' - } - ] - lock: 'CanNotDelete' - outboundRules: [ - { - allocatedOutboundPorts: 63984 - backendAddressPoolName: 'backendAddressPool1' - frontendIPConfigurationName: 'publicIPConfig1' - name: 'outboundRule1' + protocol: 'All' } ] probes: [ { - intervalInSeconds: 10 + intervalInSeconds: 5 name: 'probe1' - numberOfProbes: 5 - port: 80 + numberOfProbes: 2 + port: '62000' protocol: 'Tcp' } - { - name: 'probe2' - port: 443 - protocol: 'Https' - requestPath: '/' - } ] roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -850,39 +825,36 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { "frontendIPConfigurations": { "value": [ { - "name": "publicIPConfig1", - "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-lb" + "name": "privateIPConfig1", + "subnetId": "" } ] }, "name": { - "value": "<>-az-lb-x-001" + "value": "<>nlbint001" }, // Non-required parameters "backendAddressPools": { "value": [ { - "name": "backendAddressPool1" - }, - { - "name": "backendAddressPool2" + "name": "servers" } ] }, "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "" }, "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" + "value": "" }, "diagnosticLogsRetentionInDays": { "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" }, "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + "value": "" }, "inboundNatRules": { "value": [ @@ -890,7 +862,7 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { "backendPort": 443, "enableFloatingIP": false, "enableTcpReset": false, - "frontendIPConfigurationName": "publicIPConfig1", + "frontendIPConfigurationName": "privateIPConfig1", "frontendPort": 443, "idleTimeoutInMinutes": 4, "name": "inboundNatRule1", @@ -898,66 +870,41 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { }, { "backendPort": 3389, - "frontendIPConfigurationName": "publicIPConfig1", + "frontendIPConfigurationName": "privateIPConfig1", "frontendPort": 3389, "name": "inboundNatRule2" } ] }, + "loadBalancerSku": { + "value": "Standard" + }, "loadBalancingRules": { "value": [ { - "backendAddressPoolName": "backendAddressPool1", - "backendPort": 80, + "backendAddressPoolName": "servers", + "backendPort": 0, "disableOutboundSnat": true, - "enableFloatingIP": false, + "enableFloatingIP": true, "enableTcpReset": false, - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 80, - "idleTimeoutInMinutes": 5, + "frontendIPConfigurationName": "privateIPConfig1", + "frontendPort": 0, + "idleTimeoutInMinutes": 4, "loadDistribution": "Default", - "name": "publicIPLBRule1", + "name": "privateIPLBRule1", "probeName": "probe1", - "protocol": "Tcp" - }, - { - "backendAddressPoolName": "backendAddressPool2", - "backendPort": 8080, - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 8080, - "loadDistribution": "Default", - "name": "publicIPLBRule2", - "probeName": "probe2" - } - ] - }, - "lock": { - "value": "CanNotDelete" - }, - "outboundRules": { - "value": [ - { - "allocatedOutboundPorts": 63984, - "backendAddressPoolName": "backendAddressPool1", - "frontendIPConfigurationName": "publicIPConfig1", - "name": "outboundRule1" + "protocol": "All" } ] }, "probes": { "value": [ { - "intervalInSeconds": 10, + "intervalInSeconds": 5, "name": "probe1", - "numberOfProbes": 5, - "port": 80, + "numberOfProbes": 2, + "port": "62000", "protocol": "Tcp" - }, - { - "name": "probe2", - "port": 443, - "protocol": "Https", - "requestPath": "/" } ] }, @@ -965,7 +912,7 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -977,3 +924,56 @@ module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = {

+ +

Example 3: Min

+ +
+ +via Bicep module + +```bicep +module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-nlbmin' + params: { + // Required parameters + frontendIPConfigurations: [ + { + name: 'publicIPConfig1' + publicIPAddressId: '' + } + ] + name: '<>nlbmin001' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "frontendIPConfigurations": { + "value": [ + { + "name": "publicIPConfig1", + "publicIPAddressId": "" + } + ] + }, + "name": { + "value": "<>nlbmin001" + } + } +} +``` + +
+