From 087d52b4782326aa8d98e106d0ccd106df325d1a Mon Sep 17 00:00:00 2001 From: JPEasier Date: Fri, 2 Sep 2022 16:29:41 +0200 Subject: [PATCH 01/35] change containers param --- .../containerGroups/.test/parameters.json | 34 ++++++-- .../containerGroups/deploy.bicep | 43 ++-------- .../containerGroups/readme.md | 80 ++++++++++++++----- 3 files changed, 94 insertions(+), 63 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json index cdbb1078cd..40452be673 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json @@ -8,13 +8,35 @@ "lock": { "value": "CanNotDelete" }, - "containerName": { - "value": "<>-az-aci-x-001" - }, - "image": { - "value": "mcr.microsoft.com/azuredocs/aci-helloworld" + "containers": { + "value": [ + { + "name": "<>-az-aci-x-001", + "properties": { + "command": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ + { + "protocol": "Tcp", + "port": "8080" + }, + { + "protocol": "Tcp", + "port": "9000" + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + }, + "environmentVariables": [] + } + } + ] }, - "ports": { + "groupPorts": { "value": [ { "protocol": "Tcp", diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 457484992c..420268a81d 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -1,25 +1,11 @@ @description('Required. Name for the container group.') param name string -@description('Required. Name for the container.') -param containername string - -@description('Required. Name of the image.') -param image string +@description('Required. The containers and their respective config within the container group.') +param containers array @description('Optional. Port to open on the container and the public IP address.') -param ports array = [ - { - protocol: 'TCP' - port: '443' - } -] - -@description('Optional. The number of CPU cores to allocate to the container.') -param cpuCores int = 2 - -@description('Optional. The amount of memory to allocate to the container in gigabytes.') -param memoryInGB int = 2 +param groupPorts array = [] @description('Optional. The operating system type required by the containers in the container group. - Windows or Linux.') param osType string = 'Linux' @@ -33,9 +19,6 @@ param ipAddressType string = 'Public' @description('Optional. The image registry credentials by which the container group is created from.') param imageRegistryCredentials array = [] -@description('Optional. Environment variables of the container group.') -param environmentVariables array = [] - @description('Optional. Location for all Resources.') param location string = resourceGroup().location @@ -84,29 +67,13 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01' identity: identity tags: tags properties: { - containers: [ - { - name: containername - properties: { - command: [] - image: image - ports: ports - resources: { - requests: { - cpu: cpuCores - memoryInGB: memoryInGB - } - } - environmentVariables: environmentVariables - } - } - ] + containers: containers imageRegistryCredentials: imageRegistryCredentials restartPolicy: restartPolicy osType: osType ipAddress: { type: ipAddressType - ports: ports + ports: groupPorts } } } diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 3059fba8ea..fe371c9f90 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -24,23 +24,19 @@ The top-level resource in Azure Container Instances is the container group. A co **Required parameters** | Parameter Name | Type | Description | | :-- | :-- | :-- | -| `containername` | string | Name for the container. | -| `image` | string | Name of the image. | +| `containers` | array | The containers and their respective config within the container group. | | `name` | string | Name for the container group. | **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `cpuCores` | int | `2` | | The number of CPU cores to allocate to the container. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `environmentVariables` | array | `[]` | | Environment variables of the container group. | +| `groupPorts` | array | `[]` | | Port to open on the container and the public IP address. | | `imageRegistryCredentials` | array | `[]` | | The image registry credentials by which the container group is created from. | | `ipAddressType` | string | `'Public'` | | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `memoryInGB` | int | `2` | | The amount of memory to allocate to the container in gigabytes. | | `osType` | string | `'Linux'` | | The operating system type required by the containers in the container group. - Windows or Linux. | -| `ports` | array | `[System.Collections.Hashtable]` | | Port to open on the container and the public IP address. | | `restartPolicy` | string | `'Always'` | | Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | @@ -190,12 +186,35 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic name: '${uniqueString(deployment().name)}-ContainerGroups' params: { // Required parameters - containerName: '<>-az-aci-x-001' - image: 'mcr.microsoft.com/azuredocs/aci-helloworld' + containers: [ + { + name: '<>-az-aci-x-001' + properties: { + command: [] + environmentVariables: [] + image: 'mcr.microsoft.com/azuredocs/aci-helloworld' + ports: [ + { + port: '8080' + protocol: 'Tcp' + } + { + port: '9000' + protocol: 'Tcp' + } + ] + resources: { + requests: { + cpu: 2 + memoryInGB: 2 + } + } + } + } + ] name: '<>-az-acg-x-001' // Non-required parameters - lock: 'CanNotDelete' - ports: [ + groupPorts: [ { port: '80' protocol: 'Tcp' @@ -205,6 +224,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic protocol: 'Tcp' } ] + lock: 'CanNotDelete' systemAssignedIdentity: true userAssignedIdentities: { '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} @@ -226,20 +246,39 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "contentVersion": "1.0.0.0", "parameters": { // Required parameters - "containerName": { - "value": "<>-az-aci-x-001" - }, - "image": { - "value": "mcr.microsoft.com/azuredocs/aci-helloworld" + "containers": { + "value": [ + { + "name": "<>-az-aci-x-001", + "properties": { + "command": [], + "environmentVariables": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ + { + "port": "8080", + "protocol": "Tcp" + }, + { + "port": "9000", + "protocol": "Tcp" + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + } + } + } + ] }, "name": { "value": "<>-az-acg-x-001" }, // Non-required parameters - "lock": { - "value": "CanNotDelete" - }, - "ports": { + "groupPorts": { "value": [ { "port": "80", @@ -251,6 +290,9 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } ] }, + "lock": { + "value": "CanNotDelete" + }, "systemAssignedIdentity": { "value": true }, From 867ed262b3fd8d1d7be6997115067b5fd374db61 Mon Sep 17 00:00:00 2001 From: JPEasier Date: Fri, 2 Sep 2022 16:42:10 +0200 Subject: [PATCH 02/35] parameter update --- .../containerGroups/.test/parameters.json | 22 ++++++++-- .../containerGroups/readme.md | 42 ++++++++++++++++--- 2 files changed, 56 insertions(+), 8 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json index 40452be673..1faa3a77ea 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json @@ -18,11 +18,27 @@ "ports": [ { "protocol": "Tcp", - "port": "8080" - }, + "port": "80" + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + }, + "environmentVariables": [] + } + }, + { + "name": "<>-az-aci-x-002", + "properties": { + "command": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ { "protocol": "Tcp", - "port": "9000" + "port": "443" } ], "resources": { diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index fe371c9f90..bee05e9e9b 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -195,11 +195,27 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic image: 'mcr.microsoft.com/azuredocs/aci-helloworld' ports: [ { - port: '8080' + port: '80' protocol: 'Tcp' } + ] + resources: { + requests: { + cpu: 2 + memoryInGB: 2 + } + } + } + } + { + name: '<>-az-aci-x-002' + properties: { + command: [] + environmentVariables: [] + image: 'mcr.microsoft.com/azuredocs/aci-helloworld' + ports: [ { - port: '9000' + port: '443' protocol: 'Tcp' } ] @@ -256,11 +272,27 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "image": "mcr.microsoft.com/azuredocs/aci-helloworld", "ports": [ { - "port": "8080", + "port": "80", "protocol": "Tcp" - }, + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + } + } + }, + { + "name": "<>-az-aci-x-002", + "properties": { + "command": [], + "environmentVariables": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ { - "port": "9000", + "port": "443", "protocol": "Tcp" } ], From 36084f117ac7761798531a6876751f26b9951ee3 Mon Sep 17 00:00:00 2001 From: JPEasier Date: Fri, 2 Sep 2022 17:05:10 +0200 Subject: [PATCH 03/35] update readme --- .../containerGroups/.test/min.parameters.json | 60 +++++++ .../containerGroups/.test/parameters.json | 12 +- .../containerGroups/deploy.bicep | 6 +- .../containerGroups/readme.md | 165 +++++++++++++++++- 4 files changed, 232 insertions(+), 11 deletions(-) create mode 100644 modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json new file mode 100644 index 0000000000..7240bf0494 --- /dev/null +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json @@ -0,0 +1,60 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-acg-x-001" + }, + "lock": { + "value": "CanNotDelete" + }, + "containers": { + "value": [ + { + "name": "<>-az-aci-x-001", + "properties": { + "command": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ + { + "protocol": "Tcp", + "port": "80" + }, + { + "protocol": "Tcp", + "port": "443" + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + }, + "environmentVariables": [] + } + } + ] + }, + "ipAddressPorts": { + "value": [ + { + "protocol": "Tcp", + "port": "80" + }, + { + "protocol": "Tcp", + "port": "443" + } + ] + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } + } + } +} diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json index 1faa3a77ea..037d647af4 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json @@ -19,6 +19,10 @@ { "protocol": "Tcp", "port": "80" + }, + { + "protocol": "Tcp", + "port": "443" } ], "resources": { @@ -38,7 +42,7 @@ "ports": [ { "protocol": "Tcp", - "port": "443" + "port": "8080" } ], "resources": { @@ -52,7 +56,7 @@ } ] }, - "groupPorts": { + "ipAddressPorts": { "value": [ { "protocol": "Tcp", @@ -61,6 +65,10 @@ { "protocol": "Tcp", "port": "443" + }, + { + "protocol": "Tcp", + "port": "8080" } ] }, diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 420268a81d..247586756a 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -4,8 +4,8 @@ param name string @description('Required. The containers and their respective config within the container group.') param containers array -@description('Optional. Port to open on the container and the public IP address.') -param groupPorts array = [] +@description('Conditional. Ports to open on the public IP address. Must include all ports assigned on container level.') +param ipAddressPorts array = [] @description('Optional. The operating system type required by the containers in the container group. - Windows or Linux.') param osType string = 'Linux' @@ -73,7 +73,7 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01' osType: osType ipAddress: { type: ipAddressType - ports: groupPorts + ports: ipAddressPorts } } } diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index bee05e9e9b..b24042b1b2 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -27,11 +27,15 @@ The top-level resource in Azure Container Instances is the container group. A co | `containers` | array | The containers and their respective config within the container group. | | `name` | string | Name for the container group. | +**Conditional parameters** +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `ipAddressPorts` | array | Ports to open on the public IP address. Must include all ports assigned on container level. | + **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `groupPorts` | array | `[]` | | Port to open on the container and the public IP address. | | `imageRegistryCredentials` | array | `[]` | | The image registry credentials by which the container group is created from. | | `ipAddressType` | string | `'Public'` | | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | @@ -175,7 +179,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Parameters

+

Example 1: Min

@@ -198,6 +202,10 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic port: '80' protocol: 'Tcp' } + { + port: '443' + protocol: 'Tcp' + } ] resources: { requests: { @@ -207,13 +215,126 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } } + ] + name: '<>-az-acg-x-001' + // Non-required parameters + ipAddressPorts: [ { - name: '<>-az-aci-x-002' + port: '80' + protocol: 'Tcp' + } + { + port: '443' + protocol: 'Tcp' + } + ] + lock: 'CanNotDelete' + systemAssignedIdentity: true + userAssignedIdentities: { + '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "containers": { + "value": [ + { + "name": "<>-az-aci-x-001", + "properties": { + "command": [], + "environmentVariables": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ + { + "port": "80", + "protocol": "Tcp" + }, + { + "port": "443", + "protocol": "Tcp" + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + } + } + } + ] + }, + "name": { + "value": "<>-az-acg-x-001" + }, + // Non-required parameters + "ipAddressPorts": { + "value": [ + { + "port": "80", + "protocol": "Tcp" + }, + { + "port": "443", + "protocol": "Tcp" + } + ] + }, + "lock": { + "value": "CanNotDelete" + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } + } + } +} +``` + +
+

+ +

Example 2: Parameters

+ +
+ +via Bicep module + +```bicep +module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-ContainerGroups' + params: { + // Required parameters + containers: [ + { + name: '<>-az-aci-x-001' properties: { command: [] environmentVariables: [] image: 'mcr.microsoft.com/azuredocs/aci-helloworld' ports: [ + { + port: '80' + protocol: 'Tcp' + } { port: '443' protocol: 'Tcp' @@ -227,10 +348,30 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } } + { + name: '<>-az-aci-x-002' + properties: { + command: [] + environmentVariables: [] + image: 'mcr.microsoft.com/azuredocs/aci-helloworld' + ports: [ + { + port: '8080' + protocol: 'Tcp' + } + ] + resources: { + requests: { + cpu: 2 + memoryInGB: 2 + } + } + } + } ] name: '<>-az-acg-x-001' // Non-required parameters - groupPorts: [ + ipAddressPorts: [ { port: '80' protocol: 'Tcp' @@ -239,6 +380,10 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic port: '443' protocol: 'Tcp' } + { + port: '8080' + protocol: 'Tcp' + } ] lock: 'CanNotDelete' systemAssignedIdentity: true @@ -274,6 +419,10 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic { "port": "80", "protocol": "Tcp" + }, + { + "port": "443", + "protocol": "Tcp" } ], "resources": { @@ -292,7 +441,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "image": "mcr.microsoft.com/azuredocs/aci-helloworld", "ports": [ { - "port": "443", + "port": "8080", "protocol": "Tcp" } ], @@ -310,7 +459,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "value": "<>-az-acg-x-001" }, // Non-required parameters - "groupPorts": { + "ipAddressPorts": { "value": [ { "port": "80", @@ -319,6 +468,10 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic { "port": "443", "protocol": "Tcp" + }, + { + "port": "8080", + "protocol": "Tcp" } ] }, From 4c4b50cb622599488a2d17b8b879ee864312641e Mon Sep 17 00:00:00 2001 From: JPEasier Date: Fri, 2 Sep 2022 17:16:27 +0200 Subject: [PATCH 04/35] set param to optional --- .../containerGroups/deploy.bicep | 2 +- .../Microsoft.ContainerInstance/containerGroups/readme.md | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 247586756a..9e561416ff 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -4,7 +4,7 @@ param name string @description('Required. The containers and their respective config within the container group.') param containers array -@description('Conditional. Ports to open on the public IP address. Must include all ports assigned on container level.') +@description('Optional. Ports to open on the public IP address. Must include all ports assigned on container level.') param ipAddressPorts array = [] @description('Optional. The operating system type required by the containers in the container group. - Windows or Linux.') diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index b24042b1b2..87cfb8f1a4 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -27,16 +27,12 @@ The top-level resource in Azure Container Instances is the container group. A co | `containers` | array | The containers and their respective config within the container group. | | `name` | string | Name for the container group. | -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `ipAddressPorts` | array | Ports to open on the public IP address. Must include all ports assigned on container level. | - **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `imageRegistryCredentials` | array | `[]` | | The image registry credentials by which the container group is created from. | +| `ipAddressPorts` | array | `[]` | | Ports to open on the public IP address. Must include all ports assigned on container level. | | `ipAddressType` | string | `'Public'` | | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | From 834d9258398fc85412ed8d8c906ff6d4660d1daa Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 14:12:07 +0200 Subject: [PATCH 05/35] added further options to containergroups --- ...parameters.json => public.parameters.json} | 22 +++++- .../containerGroups/deploy.bicep | 76 +++++++++++++++++++ .../containerGroups/readme.md | 53 ++++++++++++- 3 files changed, 146 insertions(+), 5 deletions(-) rename modules/Microsoft.ContainerInstance/containerGroups/.test/{parameters.json => public.parameters.json} (82%) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json similarity index 82% rename from modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json rename to modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json index 037d647af4..d829d492ee 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json @@ -31,6 +31,12 @@ "memoryInGB": 2 } }, + "volumeMounts": [ + { + "name": "helloWorld", + "mountPath": "/mnt/empty" + } + ], "environmentVariables": [] } }, @@ -79,6 +85,20 @@ "value": { "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} } + }, + "dnsNameLabel": { + "value": "hellocarml" + }, + "autoGeneratedDomainNameLabelScope": { + "value": "Unsecure" + }, + "volumes": { + "value": [ + { + "emptyDir": {}, + "name": "helloWorld" + } + ] } } -} +} \ No newline at end of file diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 9e561416ff..6efeecaef5 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -10,9 +10,18 @@ param ipAddressPorts array = [] @description('Optional. The operating system type required by the containers in the container group. - Windows or Linux.') param osType string = 'Linux' +@allowed([ + 'Always' + 'OnFailure' + 'Never' +]) @description('Optional. Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never.') param restartPolicy string = 'Always' +@allowed([ + 'Public' + 'Private' +]) @description('Optional. Specifies if the IP is exposed to the public internet or private VNET. - Public or Private.') param ipAddressType string = 'Public' @@ -22,6 +31,50 @@ param imageRegistryCredentials array = [] @description('Optional. Location for all Resources.') param location string = resourceGroup().location +@allowed([ + 'Noreuse' + 'ResourceGroupReuse' + 'SubscriptionReuse' + 'TenantReuse' + 'Unsecure' +]) +@description('Optional. Specify level of protection of the domain name label.') +param autoGeneratedDomainNameLabelScope string = 'TenantReuse' + +@description('Optional. The Dns name label for the resource.') +param dnsNameLabel string = '' + +@allowed([ + 'Standard' + 'Dedicated' +]) +@description('Optional. Specify the Sku.') +param sku string = 'Standard' + +@description('Optional. If Non-Microsoft-managed encryption should be used, specify the key vaults base url.') +param encryptionVaultBaseUrl string = '' + +@description('Optional. If Non-Microsoft-managed encryption should be used, specify the key name.') +param encrytionKeyName string = '' + +@description('Optional. If Non-Microsoft-managed encryption should be used, specify the key version.') +param encryptionKeyVersion string = '' + +@description('Optional. List of dns servers used by the containers for lookups.') +param dnsNameServers array = [] + +@description('Optional. DNS search domain which will be appended to each DNS lookup.') +param dnsSearchDomains string = '' + +@description('Optional. A list of container definitions which will be executed before the application container starts.') +param initContainers array = [] + +@description('Optional. Resource ID of the subnet. Only specify when ipAddressType is Private.') +param subnetId string = '' + +@description('Optional. Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup.') +param volumes array = [] + @allowed([ '' 'CanNotDelete' @@ -49,6 +102,17 @@ var identity = identityType != 'None' ? { userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null } : null +var dnsConfig = !empty(dnsNameServers) ? { + nameServers: dnsNameServers + searchDomains: dnsSearchDomains +} : null + +var encryptionProperties = !empty(encryptionVaultBaseUrl) ? { + vaultBaseUrl: encryptionVaultBaseUrl + keyName: encrytionKeyName + keyVersion: encryptionKeyVersion +} : null + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' properties: { @@ -68,13 +132,25 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01' tags: tags properties: { containers: containers + dnsConfig: dnsConfig + encryptionProperties: encryptionProperties imageRegistryCredentials: imageRegistryCredentials + initContainers: initContainers restartPolicy: restartPolicy osType: osType ipAddress: { type: ipAddressType + autoGeneratedDomainNameLabelScope: autoGeneratedDomainNameLabelScope + dnsNameLabel: dnsNameLabel ports: ipAddressPorts } + sku: sku + subnetIds: [ + { + id: subnetId + } + ] + volumes: volumes } } diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 09c9f68333..0d7f5d55a6 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -32,17 +32,28 @@ The top-level resource in Azure Container Instances is the container group. A co | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `autoGeneratedDomainNameLabelScope` | string | `'TenantReuse'` | `[Noreuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse, Unsecure]` | Specify level of protection of the domain name label. | +| `dnsNameLabel` | string | `''` | | The Dns name label for the resource. | +| `dnsNameServers` | array | `[]` | | List of dns servers used by the containers for lookups. | +| `dnsSearchDomains` | string | `''` | | DNS search domain which will be appended to each DNS lookup. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `encryptionKeyVersion` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key version. | +| `encryptionVaultBaseUrl` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key vaults base url. | +| `encrytionKeyName` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key name. | | `imageRegistryCredentials` | array | `[]` | | The image registry credentials by which the container group is created from. | +| `initContainers` | array | `[]` | | A list of container definitions which will be executed before the application container starts. | | `ipAddressPorts` | array | `[]` | | Ports to open on the public IP address. Must include all ports assigned on container level. | -| `ipAddressType` | string | `'Public'` | | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | +| `ipAddressType` | string | `'Public'` | `[Private, Public]` | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | | `osType` | string | `'Linux'` | | The operating system type required by the containers in the container group. - Windows or Linux. | -| `restartPolicy` | string | `'Always'` | | Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. | +| `restartPolicy` | string | `'Always'` | `[Always, Never, OnFailure]` | Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. | +| `sku` | string | `'Standard'` | `[Dedicated, Standard]` | Specify the Sku. | +| `subnetId` | string | `''` | | Resource ID of the subnet. Only specify when ipAddressType is Private. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +| `volumes` | array | `[]` | | Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. | ### Parameter Usage: `imageRegistryCredentials` @@ -311,7 +322,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic

-

Example 2: Parameters

+

Example 2: Public

@@ -345,6 +356,12 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic memoryInGB: 2 } } + volumeMounts: [ + { + mountPath: '/mnt/empty' + name: 'helloWorld' + } + ] } } { @@ -370,6 +387,8 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] name: '<>-az-acg-x-001' // Non-required parameters + autoGeneratedDomainNameLabelScope: 'Unsecure' + dnsNameLabel: 'hellocarml' ipAddressPorts: [ { port: '80' @@ -389,6 +408,12 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic userAssignedIdentities: { '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} } + volumes: [ + { + emptyDir: {} + name: 'helloWorld' + } + ] } } ``` @@ -429,7 +454,13 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "cpu": 2, "memoryInGB": 2 } - } + }, + "volumeMounts": [ + { + "mountPath": "/mnt/empty", + "name": "helloWorld" + } + ] } }, { @@ -458,6 +489,12 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "value": "<>-az-acg-x-001" }, // Non-required parameters + "autoGeneratedDomainNameLabelScope": { + "value": "Unsecure" + }, + "dnsNameLabel": { + "value": "hellocarml" + }, "ipAddressPorts": { "value": [ { @@ -484,6 +521,14 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "value": { "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} } + }, + "volumes": { + "value": [ + { + "emptyDir": {}, + "name": "helloWorld" + } + ] } } } From 6e90273b640e982cb39e2d74d65ad6fc41e25659 Mon Sep 17 00:00:00 2001 From: JPEasier Date: Thu, 6 Oct 2022 14:13:32 +0200 Subject: [PATCH 06/35] add subnet for ContainerInstance --- .../virtualNetworks/parameters/parameters.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json index 66377e9cb5..b141237a35 100644 --- a/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json @@ -127,6 +127,12 @@ "addressPrefix": "10.0.10.0/24", "privateEndpointNetworkPolicies": "Disabled", "privateLinkServiceNetworkPolicies": "Disabled" + }, + { + "name": "<>-az-subnet-x-010", // CGI subnet 1 + "addressPrefix": "10.0.11.0/24", + "privateEndpointNetworkPolicies": "Disabled", + "privateLinkServiceNetworkPolicies": "Disabled" } ] } From 40107e5fdd710e8eed746b4e2ec6d7fa38fffac8 Mon Sep 17 00:00:00 2001 From: JPEasier Date: Thu, 6 Oct 2022 14:14:52 +0200 Subject: [PATCH 07/35] change description --- .../virtualNetworks/parameters/parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json index b141237a35..4ec8d25b39 100644 --- a/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json @@ -129,7 +129,7 @@ "privateLinkServiceNetworkPolicies": "Disabled" }, { - "name": "<>-az-subnet-x-010", // CGI subnet 1 + "name": "<>-az-subnet-x-010", // Container Instance subnet "addressPrefix": "10.0.11.0/24", "privateEndpointNetworkPolicies": "Disabled", "privateLinkServiceNetworkPolicies": "Disabled" From 200bd52b7e60848cfbec98bffda9f4a832b6208d Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 14:37:51 +0200 Subject: [PATCH 08/35] added union flag for property split --- .../.test/private.parameters.json | 110 ++++++++++++++++++ .../containerGroups/deploy.bicep | 42 ++++--- 2 files changed, 133 insertions(+), 19 deletions(-) create mode 100644 modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json new file mode 100644 index 0000000000..791264c240 --- /dev/null +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json @@ -0,0 +1,110 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-acg-x-001" + }, + "lock": { + "value": "CanNotDelete" + }, + "containers": { + "value": [ + { + "name": "<>-az-aci-x-001", + "properties": { + "command": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ + { + "protocol": "Tcp", + "port": "80" + }, + { + "protocol": "Tcp", + "port": "443" + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + }, + "volumeMounts": [ + { + "name": "helloWorld", + "mountPath": "/mnt/empty" + } + ], + "environmentVariables": [] + } + }, + { + "name": "<>-az-aci-x-002", + "properties": { + "command": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ + { + "protocol": "Tcp", + "port": "8080" + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + }, + "environmentVariables": [] + } + } + ] + }, + "ipAddressType":{ + "value": "Private" + }, + "ipAddressPorts": { + "value": [ + { + "protocol": "Tcp", + "port": "80" + }, + { + "protocol": "Tcp", + "port": "443" + }, + { + "protocol": "Tcp", + "port": "8080" + } + ] + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } + }, + "dnsNameLabel": { + "value": "helloprivatecarml" + }, + "autoGeneratedDomainNameLabelScope": { + "value": "TenantReuse" + }, + "subnetId": { + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010" + }, + "volumes": { + "value": [ + { + "emptyDir": {}, + "name": "helloWorld" + } + ] + } + } +} \ No newline at end of file diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 6efeecaef5..72680ab6f0 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -113,25 +113,8 @@ var encryptionProperties = !empty(encryptionVaultBaseUrl) ? { keyVersion: encryptionKeyVersion } : null -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01' = { - name: name - location: location - identity: identity - tags: tags - properties: { - containers: containers +var basicContainerProperties = { + containers: containers dnsConfig: dnsConfig encryptionProperties: encryptionProperties imageRegistryCredentials: imageRegistryCredentials @@ -151,9 +134,30 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01' } ] volumes: volumes +} + +var containerProperties = !empty(dnsNameServers) ? union(basicContainerProperties,{ dnsConfig: dnsConfig}) : basicContainerProperties + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } } } +resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01' = { + name: name + location: location + identity: identity + tags: tags + properties: containerProperties +} + resource containergroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { name: '${containergroup.name}-${lock}-lock' properties: { From adaf867894f7d92fd0eea3020b27bbf74eed714e Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 14:40:55 +0200 Subject: [PATCH 09/35] updated readme --- .../containerGroups/readme.md | 225 +++++++++++++++++- 1 file changed, 224 insertions(+), 1 deletion(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 0d7f5d55a6..49356eb6ee 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -322,7 +322,230 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic

-

Example 2: Public

+

Example 2: Private

+ +
+ +via Bicep module + +```bicep +module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-ContainerGroups' + params: { + // Required parameters + containers: [ + { + name: '<>-az-aci-x-001' + properties: { + command: [] + environmentVariables: [] + image: 'mcr.microsoft.com/azuredocs/aci-helloworld' + ports: [ + { + port: '80' + protocol: 'Tcp' + } + { + port: '443' + protocol: 'Tcp' + } + ] + resources: { + requests: { + cpu: 2 + memoryInGB: 2 + } + } + volumeMounts: [ + { + mountPath: '/mnt/empty' + name: 'helloWorld' + } + ] + } + } + { + name: '<>-az-aci-x-002' + properties: { + command: [] + environmentVariables: [] + image: 'mcr.microsoft.com/azuredocs/aci-helloworld' + ports: [ + { + port: '8080' + protocol: 'Tcp' + } + ] + resources: { + requests: { + cpu: 2 + memoryInGB: 2 + } + } + } + } + ] + name: '<>-az-acg-x-001' + // Non-required parameters + autoGeneratedDomainNameLabelScope: 'TenantReuse' + dnsNameLabel: 'helloprivatecarml' + ipAddressPorts: [ + { + port: '80' + protocol: 'Tcp' + } + { + port: '443' + protocol: 'Tcp' + } + { + port: '8080' + protocol: 'Tcp' + } + ] + ipAddressType: 'Private' + lock: 'CanNotDelete' + subnetId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010' + systemAssignedIdentity: true + userAssignedIdentities: { + '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} + } + volumes: [ + { + emptyDir: {} + name: 'helloWorld' + } + ] + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "containers": { + "value": [ + { + "name": "<>-az-aci-x-001", + "properties": { + "command": [], + "environmentVariables": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ + { + "port": "80", + "protocol": "Tcp" + }, + { + "port": "443", + "protocol": "Tcp" + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + }, + "volumeMounts": [ + { + "mountPath": "/mnt/empty", + "name": "helloWorld" + } + ] + } + }, + { + "name": "<>-az-aci-x-002", + "properties": { + "command": [], + "environmentVariables": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ + { + "port": "8080", + "protocol": "Tcp" + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + } + } + } + ] + }, + "name": { + "value": "<>-az-acg-x-001" + }, + // Non-required parameters + "autoGeneratedDomainNameLabelScope": { + "value": "TenantReuse" + }, + "dnsNameLabel": { + "value": "helloprivatecarml" + }, + "ipAddressPorts": { + "value": [ + { + "port": "80", + "protocol": "Tcp" + }, + { + "port": "443", + "protocol": "Tcp" + }, + { + "port": "8080", + "protocol": "Tcp" + } + ] + }, + "ipAddressType": { + "value": "Private" + }, + "lock": { + "value": "CanNotDelete" + }, + "subnetId": { + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010" + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } + }, + "volumes": { + "value": [ + { + "emptyDir": {}, + "name": "helloWorld" + } + ] + } + } +} +``` + +
+

+ +

Example 3: Public

From 1833b34f09fbf91653ecfca8cdbe9eea2a266b37 Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 14:50:05 +0200 Subject: [PATCH 10/35] changed subnetid indent --- .../containerGroups/deploy.bicep | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 72680ab6f0..176989a8cb 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -113,6 +113,12 @@ var encryptionProperties = !empty(encryptionVaultBaseUrl) ? { keyVersion: encryptionKeyVersion } : null +var subnetIds = !empty(subnetId) ? [ + { + id: subnetId + } +] : null + var basicContainerProperties = { containers: containers dnsConfig: dnsConfig @@ -128,11 +134,7 @@ var basicContainerProperties = { ports: ipAddressPorts } sku: sku - subnetIds: [ - { - id: subnetId - } - ] + subnetIds: subnetIds volumes: volumes } From ca4c28dd279e156b3cc0e027662bc5cbbecceb68 Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 14:51:00 +0200 Subject: [PATCH 11/35] changed private deployment params --- .../containerGroups/.test/private.parameters.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json index 791264c240..c00e366904 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json @@ -89,12 +89,6 @@ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} } }, - "dnsNameLabel": { - "value": "helloprivatecarml" - }, - "autoGeneratedDomainNameLabelScope": { - "value": "TenantReuse" - }, "subnetId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010" }, From ce7de777588d9ebd4fa2b69649e10ec27e346c4f Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 14:53:35 +0200 Subject: [PATCH 12/35] updated param file --- .../Microsoft.ContainerInstance/containerGroups/readme.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 49356eb6ee..1241a72482 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -387,8 +387,6 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] name: '<>-az-acg-x-001' // Non-required parameters - autoGeneratedDomainNameLabelScope: 'TenantReuse' - dnsNameLabel: 'helloprivatecarml' ipAddressPorts: [ { port: '80' @@ -491,12 +489,6 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "value": "<>-az-acg-x-001" }, // Non-required parameters - "autoGeneratedDomainNameLabelScope": { - "value": "TenantReuse" - }, - "dnsNameLabel": { - "value": "helloprivatecarml" - }, "ipAddressPorts": { "value": [ { From 4d4c112777910b45dee18a9cd4a9225ea7c24cb9 Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 15:03:19 +0200 Subject: [PATCH 13/35] fixed volume name --- .../.test/private.parameters.json | 4 ++-- .../containerGroups/.test/public.parameters.json | 4 ++-- .../containerGroups/readme.md | 16 ++++++++-------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json index c00e366904..7c5b7a07e7 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json @@ -33,7 +33,7 @@ }, "volumeMounts": [ { - "name": "helloWorld", + "name": "my-name", "mountPath": "/mnt/empty" } ], @@ -96,7 +96,7 @@ "value": [ { "emptyDir": {}, - "name": "helloWorld" + "name": "my-name" } ] } diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json index d829d492ee..d4943b2474 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json @@ -33,7 +33,7 @@ }, "volumeMounts": [ { - "name": "helloWorld", + "name": "my-name", "mountPath": "/mnt/empty" } ], @@ -96,7 +96,7 @@ "value": [ { "emptyDir": {}, - "name": "helloWorld" + "name": "my-name" } ] } diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 1241a72482..6836caa5f0 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -359,7 +359,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic volumeMounts: [ { mountPath: '/mnt/empty' - name: 'helloWorld' + name: 'my-name' } ] } @@ -411,7 +411,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic volumes: [ { emptyDir: {} - name: 'helloWorld' + name: 'my-name' } ] } @@ -458,7 +458,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "volumeMounts": [ { "mountPath": "/mnt/empty", - "name": "helloWorld" + "name": "my-name" } ] } @@ -526,7 +526,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "value": [ { "emptyDir": {}, - "name": "helloWorld" + "name": "my-name" } ] } @@ -574,7 +574,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic volumeMounts: [ { mountPath: '/mnt/empty' - name: 'helloWorld' + name: 'my-name' } ] } @@ -626,7 +626,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic volumes: [ { emptyDir: {} - name: 'helloWorld' + name: 'my-name' } ] } @@ -673,7 +673,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "volumeMounts": [ { "mountPath": "/mnt/empty", - "name": "helloWorld" + "name": "my-name" } ] } @@ -741,7 +741,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "value": [ { "emptyDir": {}, - "name": "helloWorld" + "name": "my-name" } ] } From 90cdb6984b6d5bcd7e3b0896d89107fc8334f855 Mon Sep 17 00:00:00 2001 From: JPEasier Date: Thu, 6 Oct 2022 15:29:41 +0200 Subject: [PATCH 14/35] add subnet delegation --- .../virtualNetworks/parameters/parameters.json | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json index 4ec8d25b39..9a7086672c 100644 --- a/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json @@ -131,8 +131,14 @@ { "name": "<>-az-subnet-x-010", // Container Instance subnet "addressPrefix": "10.0.11.0/24", - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Disabled" + "delegations": [ + { + "name": "containerInstance", + "properties": { + "serviceName": "Microsoft.containerInstance/containerGroups" + } + } + ] } ] } From c702cc39f5993f916a164e4a828caac1c9d515f6 Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 15:42:57 +0200 Subject: [PATCH 15/35] smaller fixes --- .../containerGroups/.test/min.parameters.json | 5 ----- .../.test/private.parameters.json | 2 +- .../containerGroups/.test/public.parameters.json | 2 +- .../containerGroups/readme.md | 16 ++++------------ 4 files changed, 6 insertions(+), 19 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json index 7240bf0494..fd32f3c015 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json @@ -50,11 +50,6 @@ }, "systemAssignedIdentity": { "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } } } } diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json index 7c5b7a07e7..f3a2ace4bd 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-az-acg-x-001" + "value": "<>-az-acg-x-002" }, "lock": { "value": "CanNotDelete" diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json index d4943b2474..5e47deea6d 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/public.parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-az-acg-x-001" + "value": "<>-az-acg-x-003" }, "lock": { "value": "CanNotDelete" diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 6836caa5f0..af457d5a99 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -240,9 +240,6 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] lock: 'CanNotDelete' systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } } } ``` @@ -309,11 +306,6 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic }, "systemAssignedIdentity": { "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } } } } @@ -385,7 +377,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } ] - name: '<>-az-acg-x-001' + name: '<>-az-acg-x-002' // Non-required parameters ipAddressPorts: [ { @@ -486,7 +478,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] }, "name": { - "value": "<>-az-acg-x-001" + "value": "<>-az-acg-x-002" }, // Non-required parameters "ipAddressPorts": { @@ -600,7 +592,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } ] - name: '<>-az-acg-x-001' + name: '<>-az-acg-x-003' // Non-required parameters autoGeneratedDomainNameLabelScope: 'Unsecure' dnsNameLabel: 'hellocarml' @@ -701,7 +693,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] }, "name": { - "value": "<>-az-acg-x-001" + "value": "<>-az-acg-x-003" }, // Non-required parameters "autoGeneratedDomainNameLabelScope": { From 023fa9059e0d793f4dfe748b4538f8af1044ba89 Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 15:54:58 +0200 Subject: [PATCH 16/35] changed min param name --- .../containerGroups/.test/min.parameters.json | 2 +- modules/Microsoft.ContainerInstance/containerGroups/readme.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json index fd32f3c015..10bc1de667 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-az-acg-x-001" + "value": "<>-az-acg-x-004" }, "lock": { "value": "CanNotDelete" diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index af457d5a99..2eb20d3ae4 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -226,7 +226,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } ] - name: '<>-az-acg-x-001' + name: '<>-az-acg-x-004' // Non-required parameters ipAddressPorts: [ { @@ -286,7 +286,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] }, "name": { - "value": "<>-az-acg-x-001" + "value": "<>-az-acg-x-004" }, // Non-required parameters "ipAddressPorts": { From ae23039f0be9485df228a564e929ae4cac6f83fd Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 16:16:04 +0200 Subject: [PATCH 17/35] removed autodnslabel --- .../Microsoft.ContainerInstance/containerGroups/deploy.bicep | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 176989a8cb..ec56c139e2 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -119,6 +119,8 @@ var subnetIds = !empty(subnetId) ? [ } ] : null +var generatedDomainNameLabelScope = !empty(dnsNameServers) ? autoGeneratedDomainNameLabelScope : null + var basicContainerProperties = { containers: containers dnsConfig: dnsConfig @@ -129,7 +131,7 @@ var basicContainerProperties = { osType: osType ipAddress: { type: ipAddressType - autoGeneratedDomainNameLabelScope: autoGeneratedDomainNameLabelScope + autoGeneratedDomainNameLabelScope: generatedDomainNameLabelScope dnsNameLabel: dnsNameLabel ports: ipAddressPorts } From 95a7f7b8476a64434077d825775b711a0ecdd82b Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 16:16:53 +0200 Subject: [PATCH 18/35] updated min param name --- .../containerGroups/.test/min.parameters.json | 2 +- modules/Microsoft.ContainerInstance/containerGroups/readme.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json index 10bc1de667..fd32f3c015 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/min.parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-az-acg-x-004" + "value": "<>-az-acg-x-001" }, "lock": { "value": "CanNotDelete" diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 2eb20d3ae4..af457d5a99 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -226,7 +226,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } ] - name: '<>-az-acg-x-004' + name: '<>-az-acg-x-001' // Non-required parameters ipAddressPorts: [ { @@ -286,7 +286,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] }, "name": { - "value": "<>-az-acg-x-004" + "value": "<>-az-acg-x-001" }, // Non-required parameters "ipAddressPorts": { From f5c9ace6232b444c6dfc72741ca0c930fd0649d9 Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 16:32:41 +0200 Subject: [PATCH 19/35] updated naming --- .../Microsoft.ContainerInstance/containerGroups/deploy.bicep | 2 +- modules/Microsoft.ContainerInstance/containerGroups/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index ec56c139e2..4532dc6ba0 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -51,7 +51,7 @@ param dnsNameLabel string = '' @description('Optional. Specify the Sku.') param sku string = 'Standard' -@description('Optional. If Non-Microsoft-managed encryption should be used, specify the key vaults base url.') +@description('Optional. If Non-Microsoft-managed encryption should be used, specify the key vaults base URL.') param encryptionVaultBaseUrl string = '' @description('Optional. If Non-Microsoft-managed encryption should be used, specify the key name.') diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index af457d5a99..f7b511a779 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -38,7 +38,7 @@ The top-level resource in Azure Container Instances is the container group. A co | `dnsSearchDomains` | string | `''` | | DNS search domain which will be appended to each DNS lookup. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `encryptionKeyVersion` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key version. | -| `encryptionVaultBaseUrl` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key vaults base url. | +| `encryptionVaultBaseUrl` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key vaults base URL. | | `encrytionKeyName` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key name. | | `imageRegistryCredentials` | array | `[]` | | The image registry credentials by which the container group is created from. | | `initContainers` | array | `[]` | | A list of container definitions which will be executed before the application container starts. | From 969b13f2f22753bac405819059f90e5baae97289 Mon Sep 17 00:00:00 2001 From: Felix Borst Date: Thu, 6 Oct 2022 16:43:28 +0200 Subject: [PATCH 20/35] updated readme --- .../containerGroups/readme.md | 104 ++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index f7b511a779..4a6df103d6 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -134,6 +134,110 @@ tags: {

+### Parameter Usage: `autoGeneratedDomainNameLabelScope` + +DNS name reuse is convenient for DevOps within any modern company. The idea of redeploying an application by reusing the DNS name fulfills an on-demand philosophy that secures cloud development. Therefore, it's important to note that DNS names that are available to anyone become a problem when one customer releases a name only to have that same name taken by another customer. This is called subdomain takeover. A customer releases a resource using a particular name, and another customer creates a new resource with that same DNS name. If there were any records pointing to the old resource, they now also point to the new resource. + +This field can only be used when the `ipAddressType` is set to `Public`. + +Allowed values are: +| Policy name | Policy definition | | | | +|--------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---|---|---| +| unsecure | Hash will be generated based on only the DNS name. Avoiding subdomain takeover is not guaranteed if another customer uses the same DNS name. | | | | +| tenantReuse | Default Hash will be generated based on the DNS name and the tenant ID. Object's domain name label can be reused within the same tenant. | | | | +| subscriptionReuse | Hash will be generated based on the DNS name and the tenant ID and subscription ID. Object's domain name label can be reused within the same subscription. | | | | +| resourceGroupReuse | Hash will be generated based on the DNS name and the tenant ID, subscription ID, and resource group name. Object's domain name label can be reused within the same resource group. | | | | +| noReuse | Hash will not be generated. Object's domain label can't be reused within resource group, subscription, or tenant. | | | | + +

+ +Parameter JSON format + +```json +"autoGeneratedDomainNameLabelScope": { + "value": "Unsecure" + }, +``` + +
+ +
+ +Bicep format + +```bicep +autoGeneratedDomainNameLabelScope: 'Unsecure' +``` + +
+

+ +### Parameter Usage: `volumes` + +By default, Azure Container Instances are stateless. If the container is restarted, crashes, or stops, all of its state is lost. To persist state beyond the lifetime of the container, you must mount a volume from an external store. Currently, Azure volume mounting is only supported on a linux based image. + +You can mount: + +- an Azure File Share (make sure the storage account has a service endpoint when running the container in private mode!) +- a secret +- a GitHub Repository +- an empty local directory + +

+ +Parameter JSON format + +```json +"volumes": [ + { + "azureFile": { + "readOnly": "bool", + "shareName": "string", + "storageAccountKey": "string", + "storageAccountName": "string" + }, + "emptyDir": {}, + "gitRepo": { + "directory": "string", + "repository": "string", + "revision": "string" + }, + "name": "string", + "secret": {} + } + ] +``` + +
+ +
+ +Bicep format + +```bicep +volumes: [ + { + azureFile: { + readOnly: bool + shareName: 'string' + storageAccountKey: 'string' + storageAccountName: 'string' + } + emptyDir: any() + gitRepo: { + directory: 'string' + repository: 'string' + revision: 'string' + } + name: 'string' + secret: {} + } + ] +``` + +
+

+ ### Parameter Usage: `userAssignedIdentities` You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: From 770afa95c3ffa3c465bcdad4deeb439300df36c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Thu, 1 Dec 2022 12:57:17 +0100 Subject: [PATCH 21/35] add privat ip deployment --- .../.test/private.parameters.json | 104 ------ .../.test/private/dependencies.bicep | 47 +++ .../.test/private/deploy.test.bicep | 129 ++++++++ .../containerGroups/readme.md | 304 ++++++++++++++---- 4 files changed, 422 insertions(+), 162 deletions(-) delete mode 100644 modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json create mode 100644 modules/Microsoft.ContainerInstance/containerGroups/.test/private/dependencies.bicep create mode 100644 modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json deleted file mode 100644 index f3a2ace4bd..0000000000 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/private.parameters.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-acg-x-002" - }, - "lock": { - "value": "CanNotDelete" - }, - "containers": { - "value": [ - { - "name": "<>-az-aci-x-001", - "properties": { - "command": [], - "image": "mcr.microsoft.com/azuredocs/aci-helloworld", - "ports": [ - { - "protocol": "Tcp", - "port": "80" - }, - { - "protocol": "Tcp", - "port": "443" - } - ], - "resources": { - "requests": { - "cpu": 2, - "memoryInGB": 2 - } - }, - "volumeMounts": [ - { - "name": "my-name", - "mountPath": "/mnt/empty" - } - ], - "environmentVariables": [] - } - }, - { - "name": "<>-az-aci-x-002", - "properties": { - "command": [], - "image": "mcr.microsoft.com/azuredocs/aci-helloworld", - "ports": [ - { - "protocol": "Tcp", - "port": "8080" - } - ], - "resources": { - "requests": { - "cpu": 2, - "memoryInGB": 2 - } - }, - "environmentVariables": [] - } - } - ] - }, - "ipAddressType":{ - "value": "Private" - }, - "ipAddressPorts": { - "value": [ - { - "protocol": "Tcp", - "port": "80" - }, - { - "protocol": "Tcp", - "port": "443" - }, - { - "protocol": "Tcp", - "port": "8080" - } - ] - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "subnetId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010" - }, - "volumes": { - "value": [ - { - "emptyDir": {}, - "name": "my-name" - } - ] - } - } -} \ No newline at end of file diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private/dependencies.bicep b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/dependencies.bicep new file mode 100644 index 0000000000..9a7a0bc4c3 --- /dev/null +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/dependencies.bicep @@ -0,0 +1,47 @@ +@description('Required. The name of the managed identity to create.') +param managedIdentityName string + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + delegations: [ + { + name: 'Microsoft.ContainerInstance.containerGroups' + properties: { + serviceName: 'Microsoft.ContainerInstance/containerGroups' + } + } + ] + } + } + ] + } +} + +@description('The resource ID of the created managed identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep new file mode 100644 index 0000000000..34556688d0 --- /dev/null +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep @@ -0,0 +1,129 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.containerinstance.containergroups-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'cicgcom' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + managedIdentityName: 'dep-jpe-msi-${serviceShort}' + virtualNetworkName: 'dep-jpe-vnet-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: 'jpe${serviceShort}001' + lock: 'CanNotDelete' + containers: [ + { + name: 'jpe-az-aci-x-001' + properties: { + command: [] + environmentVariables: [] + image: 'mcr.microsoft.com/azuredocs/aci-helloworld' + ports: [ + { + port: '80' + protocol: 'Tcp' + } + { + port: '443' + protocol: 'Tcp' + } + ] + resources: { + requests: { + cpu: 2 + memoryInGB: 2 + } + } + volumeMounts: [ + { + name: 'my-name' + mountPath: '/mnt/empty' + } + ] + } + } + { + name: 'jpe-az-aci-x-002' + properties: { + command: [] + environmentVariables: [] + image: 'mcr.microsoft.com/azuredocs/aci-helloworld' + ports: [ + { + port: '8080' + protocol: 'Tcp' + } + ] + resources: { + requests: { + cpu: 2 + memoryInGB: 2 + } + } + } + } + ] + ipAddressType: 'Private' + ipAddressPorts: [ + { + protocol: 'Tcp' + port: 80 + } + { + protocol: 'Tcp' + port: 443 + } + { + protocol: 'Tcp' + port: '8080' + } + ] + subnetId: resourceGroupResources.outputs.subnetResourceId + volumes: [ + { + emptyDir: {} + name: 'my-name' + } + ] + systemAssignedIdentity: true + userAssignedIdentities: { + '${resourceGroupResources.outputs.managedIdentityResourceId}': {} + } + } +} diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 0995e15767..6b87ad5499 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -32,7 +32,14 @@ The top-level resource in Azure Container Instances is the container group. A co | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `autoGeneratedDomainNameLabelScope` | string | `'TenantReuse'` | `[Noreuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse, Unsecure]` | Specify level of protection of the domain name label. | +| `dnsNameLabel` | string | `''` | | The Dns name label for the resource. | +| `dnsNameServers` | array | `[]` | | List of dns servers used by the containers for lookups. | +| `dnsSearchDomains` | string | `''` | | DNS search domain which will be appended to each DNS lookup. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | +| `encryptionKeyVersion` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key version. | +| `encryptionVaultBaseUrl` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key vaults base URL. | +| `encrytionKeyName` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key name. | | `imageRegistryCredentials` | array | `[]` | | The image registry credentials by which the container group is created from. | | `initContainers` | array | `[]` | | A list of container definitions which will be executed before the application container starts. | | `ipAddressPorts` | array | `[]` | | Ports to open on the public IP address. Must include all ports assigned on container level. | @@ -320,12 +327,6 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic memoryInGB: 2 } } - volumeMounts: [ - { - mountPath: '/mnt/empty' - name: 'my-name' - } - ] } } { @@ -362,19 +363,11 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic protocol: 'Tcp' } ] - ipAddressType: 'Private' lock: 'CanNotDelete' - subnetId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010' systemAssignedIdentity: true userAssignedIdentities: { '': {} } - volumes: [ - { - emptyDir: {} - name: 'my-name' - } - ] } } ``` @@ -415,13 +408,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "cpu": 2, "memoryInGB": 2 } - }, - "volumeMounts": [ - { - "mountPath": "/mnt/empty", - "name": "my-name" - } - ] + } } }, { @@ -465,28 +452,115 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } ] }, - "ipAddressType": { - "value": "Private" - }, "lock": { "value": "CanNotDelete" }, - "subnetId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010" - }, "systemAssignedIdentity": { "value": true }, "userAssignedIdentities": { "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + "": {} } + } + } +} +``` + + +

+ +

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-cicgmin' + params: { + // Required parameters + containers: [ + { + name: '<>-az-aci-x-001' + properties: { + image: 'mcr.microsoft.com/azuredocs/aci-helloworld' + ports: [ + { + port: '443' + protocol: 'Tcp' + } + ] + resources: { + requests: { + cpu: 2 + memoryInGB: 2 + } + } + } + } + ] + name: '<>cicgmin001' + // Non-required parameters + enableDefaultTelemetry: '' + ipAddressPorts: [ + { + port: 443 + protocol: 'Tcp' + } + ] + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "containers": { + "value": [ + { + "name": "<>-az-aci-x-001", + "properties": { + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ + { + "port": "443", + "protocol": "Tcp" + } + ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + } + } + } + ] }, - "volumes": { + "name": { + "value": "<>cicgmin001" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "ipAddressPorts": { "value": [ { - "emptyDir": {}, - "name": "my-name" + "port": 443, + "protocol": "Tcp" } ] } @@ -497,7 +571,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic

-

Example 3: Public

+

Example 3: Private

@@ -505,7 +579,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ```bicep module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-ContainerGroups' + name: '${uniqueString(deployment().name)}-test-cicgcom' params: { // Required parameters containers: [ @@ -560,17 +634,16 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } ] - name: '<>-az-acg-x-003' + name: '<>cicgcom001' // Non-required parameters - autoGeneratedDomainNameLabelScope: 'Unsecure' - dnsNameLabel: 'hellocarml' + enableDefaultTelemetry: '' ipAddressPorts: [ { - port: '80' + port: 80 protocol: 'Tcp' } { - port: '443' + port: 443 protocol: 'Tcp' } { @@ -579,9 +652,10 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } ] lock: 'CanNotDelete' + subnetId: '' systemAssignedIdentity: true userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} + '': {} } volumes: [ { @@ -661,23 +735,20 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] }, "name": { - "value": "<>-az-acg-x-003" + "value": "<>cicgcom001" }, // Non-required parameters - "autoGeneratedDomainNameLabelScope": { - "value": "Unsecure" - }, - "dnsNameLabel": { - "value": "hellocarml" + "enableDefaultTelemetry": { + "value": "" }, "ipAddressPorts": { "value": [ { - "port": "80", + "port": 80, "protocol": "Tcp" }, { - "port": "443", + "port": 443, "protocol": "Tcp" }, { @@ -689,6 +760,9 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "lock": { "value": "CanNotDelete" }, + "subnetId": { + "value": "" + }, "systemAssignedIdentity": { "value": true }, @@ -712,23 +786,29 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic

-

Example 2: Min

+

Example 4: Private

via Bicep module ```bicep -module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-cicgmin' +module containerGroups 'ts/modules:microsoft.containerinstance.containergroups:1.0.0 = { + name: '${uniqueString(deployment().name)}-ContainerGroups' params: { // Required parameters containers: [ { name: '<>-az-aci-x-001' properties: { + command: [] + environmentVariables: [] image: 'mcr.microsoft.com/azuredocs/aci-helloworld' ports: [ + { + port: '80' + protocol: 'Tcp' + } { port: '443' protocol: 'Tcp' @@ -740,18 +820,64 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic memoryInGB: 2 } } + volumeMounts: [ + { + mountPath: '/mnt/empty' + name: 'my-name' + } + ] + } + } + { + name: '<>-az-aci-x-002' + properties: { + command: [] + environmentVariables: [] + image: 'mcr.microsoft.com/azuredocs/aci-helloworld' + ports: [ + { + port: '8080' + protocol: 'Tcp' + } + ] + resources: { + requests: { + cpu: 2 + memoryInGB: 2 + } + } } } ] - name: '<>cicgmin001' + name: '<>-az-acg-x-002' // Non-required parameters - enableDefaultTelemetry: '' ipAddressPorts: [ { - port: 443 + port: '80' + protocol: 'Tcp' + } + { + port: '443' + protocol: 'Tcp' + } + { + port: '8080' protocol: 'Tcp' } ] + ipAddressType: 'Private' + lock: 'CanNotDelete' + subnetId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010' + systemAssignedIdentity: true + userAssignedIdentities: { + '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} + } + volumes: [ + { + emptyDir: {} + name: 'my-name' + } + ] } } ``` @@ -774,13 +900,45 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic { "name": "<>-az-aci-x-001", "properties": { + "command": [], + "environmentVariables": [], "image": "mcr.microsoft.com/azuredocs/aci-helloworld", "ports": [ + { + "port": "80", + "protocol": "Tcp" + }, { "port": "443", "protocol": "Tcp" } ], + "resources": { + "requests": { + "cpu": 2, + "memoryInGB": 2 + } + }, + "volumeMounts": [ + { + "mountPath": "/mnt/empty", + "name": "my-name" + } + ] + } + }, + { + "name": "<>-az-aci-x-002", + "properties": { + "command": [], + "environmentVariables": [], + "image": "mcr.microsoft.com/azuredocs/aci-helloworld", + "ports": [ + { + "port": "8080", + "protocol": "Tcp" + } + ], "resources": { "requests": { "cpu": 2, @@ -792,19 +950,49 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] }, "name": { - "value": "<>cicgmin001" + "value": "<>-az-acg-x-002" }, // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, "ipAddressPorts": { "value": [ { - "port": 443, + "port": "80", + "protocol": "Tcp" + }, + { + "port": "443", + "protocol": "Tcp" + }, + { + "port": "8080", "protocol": "Tcp" } ] + }, + "ipAddressType": { + "value": "Private" + }, + "lock": { + "value": "CanNotDelete" + }, + "subnetId": { + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010" + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } + }, + "volumes": { + "value": [ + { + "emptyDir": {}, + "name": "my-name" + } + ] } } } From cc2d8060ddb1ec89ee568f4126bb391a9e144339 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Thu, 1 Dec 2022 12:58:04 +0100 Subject: [PATCH 22/35] namePrefix --- .../containerGroups/.test/private/deploy.test.bicep | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep index 34556688d0..a06a4bb3f0 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep @@ -31,8 +31,8 @@ module resourceGroupResources 'dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-paramNested' params: { - managedIdentityName: 'dep-jpe-msi-${serviceShort}' - virtualNetworkName: 'dep-jpe-vnet-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' } } @@ -45,11 +45,11 @@ module testDeployment '../../deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-${serviceShort}' params: { enableDefaultTelemetry: enableDefaultTelemetry - name: 'jpe${serviceShort}001' + name: '<>${serviceShort}001' lock: 'CanNotDelete' containers: [ { - name: 'jpe-az-aci-x-001' + name: '<>-az-aci-x-001' properties: { command: [] environmentVariables: [] @@ -79,7 +79,7 @@ module testDeployment '../../deploy.bicep' = { } } { - name: 'jpe-az-aci-x-002' + name: '<>-az-aci-x-002' properties: { command: [] environmentVariables: [] From 5c2a50131f4c4aa7a17755b0dc71f6e824e18ab6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Thu, 1 Dec 2022 13:20:05 +0100 Subject: [PATCH 23/35] update param ipAdressPort to 'required' --- .../.test/min/deploy.test.bicep | 4 +- .../containerGroups/deploy.bicep | 34 +-- .../containerGroups/readme.md | 229 +----------------- 3 files changed, 28 insertions(+), 239 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/min/deploy.test.bicep b/modules/Microsoft.ContainerInstance/containerGroups/.test/min/deploy.test.bicep index 28f1902f7f..6256bd44b8 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/min/deploy.test.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/min/deploy.test.bicep @@ -36,10 +36,10 @@ module testDeployment '../../deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-${serviceShort}' params: { enableDefaultTelemetry: enableDefaultTelemetry - name: '<>${serviceShort}001' + name: 'jpe${serviceShort}001' containers: [ { - name: '<>-az-aci-x-001' + name: 'jpe-az-aci-x-001' properties: { image: 'mcr.microsoft.com/azuredocs/aci-helloworld' ports: [ diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index c5e6b4ffa8..ca923baf13 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -4,7 +4,7 @@ param name string @description('Required. The containers and their respective config within the container group.') param containers array -@description('Optional. Ports to open on the public IP address. Must include all ports assigned on container level.') +@description('Required. Ports to open on the public IP address. Must include all ports assigned on container level.') param ipAddressPorts array = [] @description('Optional. The operating system type required by the containers in the container group. - Windows or Linux.') @@ -123,24 +123,24 @@ var generatedDomainNameLabelScope = !empty(dnsNameServers) ? autoGeneratedDomain var basicContainerProperties = { containers: containers - dnsConfig: dnsConfig - encryptionProperties: encryptionProperties - imageRegistryCredentials: imageRegistryCredentials - initContainers: initContainers - restartPolicy: restartPolicy - osType: osType - ipAddress: { - type: ipAddressType - autoGeneratedDomainNameLabelScope: generatedDomainNameLabelScope - dnsNameLabel: dnsNameLabel - ports: ipAddressPorts - } - sku: sku - subnetIds: subnetIds - volumes: volumes + dnsConfig: dnsConfig + encryptionProperties: encryptionProperties + imageRegistryCredentials: imageRegistryCredentials + initContainers: initContainers + restartPolicy: restartPolicy + osType: osType + ipAddress: { + type: ipAddressType + autoGeneratedDomainNameLabelScope: generatedDomainNameLabelScope + dnsNameLabel: dnsNameLabel + ports: ipAddressPorts + } + sku: sku + subnetIds: subnetIds + volumes: volumes } -var containerProperties = !empty(dnsNameServers) ? union(basicContainerProperties,{ dnsConfig: dnsConfig}) : basicContainerProperties +var containerProperties = !empty(dnsNameServers) ? union(basicContainerProperties, { dnsConfig: dnsConfig }) : basicContainerProperties resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 6b87ad5499..d27b9e80fa 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -26,6 +26,7 @@ The top-level resource in Azure Container Instances is the container group. A co | Parameter Name | Type | Description | | :-- | :-- | :-- | | `containers` | array | The containers and their respective config within the container group. | +| `ipAddressPorts` | array | Ports to open on the public IP address. Must include all ports assigned on container level. | | `name` | string | Name for the container group. | **Optional parameters** @@ -42,7 +43,6 @@ The top-level resource in Azure Container Instances is the container group. A co | `encrytionKeyName` | string | `''` | | If Non-Microsoft-managed encryption should be used, specify the key name. | | `imageRegistryCredentials` | array | `[]` | | The image registry credentials by which the container group is created from. | | `initContainers` | array | `[]` | | A list of container definitions which will be executed before the application container starts. | -| `ipAddressPorts` | array | `[]` | | Ports to open on the public IP address. Must include all ports assigned on container level. | | `ipAddressType` | string | `'Public'` | `[Private, Public]` | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | @@ -483,7 +483,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic // Required parameters containers: [ { - name: '<>-az-aci-x-001' + name: 'jpe-az-aci-x-001' properties: { image: 'mcr.microsoft.com/azuredocs/aci-helloworld' ports: [ @@ -501,7 +501,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } ] - name: '<>cicgmin001' + name: 'jpecicgmin001' // Non-required parameters enableDefaultTelemetry: '' ipAddressPorts: [ @@ -530,7 +530,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "containers": { "value": [ { - "name": "<>-az-aci-x-001", + "name": "jpe-az-aci-x-001", "properties": { "image": "mcr.microsoft.com/azuredocs/aci-helloworld", "ports": [ @@ -550,7 +550,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] }, "name": { - "value": "<>cicgmin001" + "value": "jpecicgmin001" }, // Non-required parameters "enableDefaultTelemetry": { @@ -651,8 +651,9 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic protocol: 'Tcp' } ] + ipAddressType: 'Private' lock: 'CanNotDelete' - subnetId: '' + subnetId: '' systemAssignedIdentity: true userAssignedIdentities: { '': {} @@ -757,218 +758,6 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } ] }, - "lock": { - "value": "CanNotDelete" - }, - "subnetId": { - "value": "" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "": {} - } - }, - "volumes": { - "value": [ - { - "emptyDir": {}, - "name": "my-name" - } - ] - } - } -} -``` - -
-

- -

Example 4: Private

- -
- -via Bicep module - -```bicep -module containerGroups 'ts/modules:microsoft.containerinstance.containergroups:1.0.0 = { - name: '${uniqueString(deployment().name)}-ContainerGroups' - params: { - // Required parameters - containers: [ - { - name: '<>-az-aci-x-001' - properties: { - command: [] - environmentVariables: [] - image: 'mcr.microsoft.com/azuredocs/aci-helloworld' - ports: [ - { - port: '80' - protocol: 'Tcp' - } - { - port: '443' - protocol: 'Tcp' - } - ] - resources: { - requests: { - cpu: 2 - memoryInGB: 2 - } - } - volumeMounts: [ - { - mountPath: '/mnt/empty' - name: 'my-name' - } - ] - } - } - { - name: '<>-az-aci-x-002' - properties: { - command: [] - environmentVariables: [] - image: 'mcr.microsoft.com/azuredocs/aci-helloworld' - ports: [ - { - port: '8080' - protocol: 'Tcp' - } - ] - resources: { - requests: { - cpu: 2 - memoryInGB: 2 - } - } - } - } - ] - name: '<>-az-acg-x-002' - // Non-required parameters - ipAddressPorts: [ - { - port: '80' - protocol: 'Tcp' - } - { - port: '443' - protocol: 'Tcp' - } - { - port: '8080' - protocol: 'Tcp' - } - ] - ipAddressType: 'Private' - lock: 'CanNotDelete' - subnetId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010' - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - volumes: [ - { - emptyDir: {} - name: 'my-name' - } - ] - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "containers": { - "value": [ - { - "name": "<>-az-aci-x-001", - "properties": { - "command": [], - "environmentVariables": [], - "image": "mcr.microsoft.com/azuredocs/aci-helloworld", - "ports": [ - { - "port": "80", - "protocol": "Tcp" - }, - { - "port": "443", - "protocol": "Tcp" - } - ], - "resources": { - "requests": { - "cpu": 2, - "memoryInGB": 2 - } - }, - "volumeMounts": [ - { - "mountPath": "/mnt/empty", - "name": "my-name" - } - ] - } - }, - { - "name": "<>-az-aci-x-002", - "properties": { - "command": [], - "environmentVariables": [], - "image": "mcr.microsoft.com/azuredocs/aci-helloworld", - "ports": [ - { - "port": "8080", - "protocol": "Tcp" - } - ], - "resources": { - "requests": { - "cpu": 2, - "memoryInGB": 2 - } - } - } - } - ] - }, - "name": { - "value": "<>-az-acg-x-002" - }, - // Non-required parameters - "ipAddressPorts": { - "value": [ - { - "port": "80", - "protocol": "Tcp" - }, - { - "port": "443", - "protocol": "Tcp" - }, - { - "port": "8080", - "protocol": "Tcp" - } - ] - }, "ipAddressType": { "value": "Private" }, @@ -976,14 +765,14 @@ module containerGroups 'ts/modules:microsoft.containerinstance.containergroups:1 "value": "CanNotDelete" }, "subnetId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-010" + "value": "" }, "systemAssignedIdentity": { "value": true }, "userAssignedIdentities": { "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + "": {} } }, "volumes": { From 9ca4642e5c6b9dbd00f0bcba4920dbc7705e7efb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Thu, 1 Dec 2022 13:20:55 +0100 Subject: [PATCH 24/35] namePrifix --- .../containerGroups/.test/min/deploy.test.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/min/deploy.test.bicep b/modules/Microsoft.ContainerInstance/containerGroups/.test/min/deploy.test.bicep index 6256bd44b8..28f1902f7f 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/min/deploy.test.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/min/deploy.test.bicep @@ -36,10 +36,10 @@ module testDeployment '../../deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-${serviceShort}' params: { enableDefaultTelemetry: enableDefaultTelemetry - name: 'jpe${serviceShort}001' + name: '<>${serviceShort}001' containers: [ { - name: 'jpe-az-aci-x-001' + name: '<>-az-aci-x-001' properties: { image: 'mcr.microsoft.com/azuredocs/aci-helloworld' ports: [ From fdb633b5b48d4858fd7d7339f188e846f944f23b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Thu, 1 Dec 2022 15:23:08 +0100 Subject: [PATCH 25/35] update readme for linter --- .../containerGroups/.test/private/deploy.test.bicep | 2 +- .../containerGroups/readme.md | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep index a06a4bb3f0..96695986a9 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep @@ -67,7 +67,7 @@ module testDeployment '../../deploy.bicep' = { resources: { requests: { cpu: 2 - memoryInGB: 2 + memoryInGB: 4 } } volumeMounts: [ diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index d27b9e80fa..1d2182d875 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -483,7 +483,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic // Required parameters containers: [ { - name: 'jpe-az-aci-x-001' + name: '<>-az-aci-x-001' properties: { image: 'mcr.microsoft.com/azuredocs/aci-helloworld' ports: [ @@ -501,7 +501,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } ] - name: 'jpecicgmin001' + name: '<>cicgmin001' // Non-required parameters enableDefaultTelemetry: '' ipAddressPorts: [ @@ -530,7 +530,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "containers": { "value": [ { - "name": "jpe-az-aci-x-001", + "name": "<>-az-aci-x-001", "properties": { "image": "mcr.microsoft.com/azuredocs/aci-helloworld", "ports": [ @@ -550,7 +550,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] }, "name": { - "value": "jpecicgmin001" + "value": "<>cicgmin001" }, // Non-required parameters "enableDefaultTelemetry": { @@ -602,7 +602,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic resources: { requests: { cpu: 2 - memoryInGB: 2 + memoryInGB: 4 } } volumeMounts: [ @@ -702,7 +702,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "resources": { "requests": { "cpu": 2, - "memoryInGB": 2 + "memoryInGB": 4 } }, "volumeMounts": [ From 76e8fac6b64f91dca4192fabc31475c67915511e Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Fri, 2 Dec 2022 10:52:38 +0100 Subject: [PATCH 26/35] Update modules/Microsoft.ContainerInstance/containerGroups/.test/private/dependencies.bicep --- .../containerGroups/.test/private/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private/dependencies.bicep b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/dependencies.bicep index 9a7a0bc4c3..2d569ac75c 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/private/dependencies.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/dependencies.bicep @@ -40,7 +40,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } -@description('The resource ID of the created managed identity.') +@description('The resource ID of the created Managed Identity.') output managedIdentityResourceId string = managedIdentity.id @description('The resource ID of the created Virtual Network Subnet.') From 2038051fc81a52e42c3b31ec97ff362c55b51704 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= <30857628+JPEasier@users.noreply.github.com> Date: Fri, 2 Dec 2022 15:01:13 +0100 Subject: [PATCH 27/35] Update modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep --- .../Microsoft.ContainerInstance/containerGroups/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index ca923baf13..54d9cae288 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -4,7 +4,7 @@ param name string @description('Required. The containers and their respective config within the container group.') param containers array -@description('Required. Ports to open on the public IP address. Must include all ports assigned on container level.') +@description('Conditional. Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`.') param ipAddressPorts array = [] @description('Optional. The operating system type required by the containers in the container group. - Windows or Linux.') From 2ac55d4e4eb63c0e9c43b1dc54311930be7d4036 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= <30857628+JPEasier@users.noreply.github.com> Date: Fri, 2 Dec 2022 15:01:26 +0100 Subject: [PATCH 28/35] Update modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep Co-authored-by: Alexander Sehr --- .../containerGroups/.test/private/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep index 96695986a9..c72a39f178 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/private/deploy.test.bicep @@ -11,7 +11,7 @@ param resourceGroupName string = 'ms.containerinstance.containergroups-${service param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'cicgcom' +param serviceShort string = 'cicgprivate' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true From 09670f195b744fae9276fd39f1ad3bf6562115d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Fri, 2 Dec 2022 15:10:25 +0100 Subject: [PATCH 29/35] use union on properties object --- .../containerGroups/deploy.bicep | 42 +++++++++---------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 54d9cae288..f9c6d73802 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -121,27 +121,6 @@ var subnetIds = !empty(subnetId) ? [ var generatedDomainNameLabelScope = !empty(dnsNameServers) ? autoGeneratedDomainNameLabelScope : null -var basicContainerProperties = { - containers: containers - dnsConfig: dnsConfig - encryptionProperties: encryptionProperties - imageRegistryCredentials: imageRegistryCredentials - initContainers: initContainers - restartPolicy: restartPolicy - osType: osType - ipAddress: { - type: ipAddressType - autoGeneratedDomainNameLabelScope: generatedDomainNameLabelScope - dnsNameLabel: dnsNameLabel - ports: ipAddressPorts - } - sku: sku - subnetIds: subnetIds - volumes: volumes -} - -var containerProperties = !empty(dnsNameServers) ? union(basicContainerProperties, { dnsConfig: dnsConfig }) : basicContainerProperties - resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' properties: { @@ -159,7 +138,26 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01' location: location identity: identity tags: tags - properties: containerProperties + properties: union({ + containers: containers + dnsConfig: dnsConfig + encryptionProperties: encryptionProperties + imageRegistryCredentials: imageRegistryCredentials + initContainers: initContainers + restartPolicy: restartPolicy + osType: osType + ipAddress: { + type: ipAddressType + autoGeneratedDomainNameLabelScope: generatedDomainNameLabelScope + dnsNameLabel: dnsNameLabel + ports: ipAddressPorts + } + sku: sku + subnetIds: subnetIds + volumes: volumes + }, !empty(dnsConfig) ? { + dnsConfig: dnsConfig + } : {}) } resource containergroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { From e7a122ba59ba72acbb712186b6a0460f6a48d5c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Fri, 2 Dec 2022 15:11:32 +0100 Subject: [PATCH 30/35] update readme --- .../containerGroups/readme.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 1d2182d875..292c29087d 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -26,9 +26,14 @@ The top-level resource in Azure Container Instances is the container group. A co | Parameter Name | Type | Description | | :-- | :-- | :-- | | `containers` | array | The containers and their respective config within the container group. | -| `ipAddressPorts` | array | Ports to open on the public IP address. Must include all ports assigned on container level. | | `name` | string | Name for the container group. | +**Conditional parameters** + +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `ipAddressPorts` | array | Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. | + **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | @@ -579,7 +584,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ```bicep module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-cicgcom' + name: '${uniqueString(deployment().name)}-test-cicgprivate' params: { // Required parameters containers: [ @@ -634,7 +639,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } ] - name: '<>cicgcom001' + name: '<>cicgprivate001' // Non-required parameters enableDefaultTelemetry: '' ipAddressPorts: [ @@ -736,7 +741,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] }, "name": { - "value": "<>cicgcom001" + "value": "<>cicgprivate001" }, // Non-required parameters "enableDefaultTelemetry": { From 59fd9d9dedef4acaad17f89ed155415c0e0507ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Fri, 2 Dec 2022 16:17:47 +0100 Subject: [PATCH 31/35] update union --- .../Microsoft.ContainerInstance/containerGroups/deploy.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index f9c6d73802..54d0023a01 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -155,9 +155,9 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01' sku: sku subnetIds: subnetIds volumes: volumes - }, !empty(dnsConfig) ? { + }, (!empty(dnsConfig) ? { dnsConfig: dnsConfig - } : {}) + } : {})) } resource containergroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { From ee3645eccb0e67dcaafab801026431ac4e92b644 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Mon, 5 Dec 2022 16:05:50 +0100 Subject: [PATCH 32/35] remove dnsConfig from basic properties --- modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 54d0023a01..d122906ecc 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -140,7 +140,6 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01' tags: tags properties: union({ containers: containers - dnsConfig: dnsConfig encryptionProperties: encryptionProperties imageRegistryCredentials: imageRegistryCredentials initContainers: initContainers From 46aebf9356aa1aab82e3fd0f09e8fa65d6dfc814 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Mon, 5 Dec 2022 16:18:36 +0100 Subject: [PATCH 33/35] go back to variables --- .../.test/common/deploy.test.bicep | 8 ++-- .../containerGroups/deploy.bicep | 41 ++++++++++--------- 2 files changed, 26 insertions(+), 23 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/common/deploy.test.bicep b/modules/Microsoft.ContainerInstance/containerGroups/.test/common/deploy.test.bicep index 35c5abd5c9..5eee90ab4c 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/common/deploy.test.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/common/deploy.test.bicep @@ -31,7 +31,7 @@ module resourceGroupResources 'dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-paramNested' params: { - managedIdentityName: 'dep-<>-msi-${serviceShort}' + managedIdentityName: 'dep-jpe-msi-${serviceShort}' } } @@ -44,11 +44,11 @@ module testDeployment '../../deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-${serviceShort}' params: { enableDefaultTelemetry: enableDefaultTelemetry - name: '<>${serviceShort}001' + name: 'jpe${serviceShort}001' lock: 'CanNotDelete' containers: [ { - name: '<>-az-aci-x-001' + name: 'jpe-az-aci-x-001' properties: { command: [] environmentVariables: [] @@ -72,7 +72,7 @@ module testDeployment '../../deploy.bicep' = { } } { - name: '<>-az-aci-x-002' + name: 'jpe-az-aci-x-002' properties: { command: [] environmentVariables: [] diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep index d122906ecc..54d9cae288 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -121,6 +121,27 @@ var subnetIds = !empty(subnetId) ? [ var generatedDomainNameLabelScope = !empty(dnsNameServers) ? autoGeneratedDomainNameLabelScope : null +var basicContainerProperties = { + containers: containers + dnsConfig: dnsConfig + encryptionProperties: encryptionProperties + imageRegistryCredentials: imageRegistryCredentials + initContainers: initContainers + restartPolicy: restartPolicy + osType: osType + ipAddress: { + type: ipAddressType + autoGeneratedDomainNameLabelScope: generatedDomainNameLabelScope + dnsNameLabel: dnsNameLabel + ports: ipAddressPorts + } + sku: sku + subnetIds: subnetIds + volumes: volumes +} + +var containerProperties = !empty(dnsNameServers) ? union(basicContainerProperties, { dnsConfig: dnsConfig }) : basicContainerProperties + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' properties: { @@ -138,25 +159,7 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01' location: location identity: identity tags: tags - properties: union({ - containers: containers - encryptionProperties: encryptionProperties - imageRegistryCredentials: imageRegistryCredentials - initContainers: initContainers - restartPolicy: restartPolicy - osType: osType - ipAddress: { - type: ipAddressType - autoGeneratedDomainNameLabelScope: generatedDomainNameLabelScope - dnsNameLabel: dnsNameLabel - ports: ipAddressPorts - } - sku: sku - subnetIds: subnetIds - volumes: volumes - }, (!empty(dnsConfig) ? { - dnsConfig: dnsConfig - } : {})) + properties: containerProperties } resource containergroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { From 612c1c16d68e68e4d81d9945556ae4049d5c7ce4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Mon, 5 Dec 2022 16:24:18 +0100 Subject: [PATCH 34/35] update readme --- .../containerGroups/readme.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md index 292c29087d..f2b07e3afc 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md @@ -311,7 +311,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic // Required parameters containers: [ { - name: '<>-az-aci-x-001' + name: 'jpe-az-aci-x-001' properties: { command: [] environmentVariables: [] @@ -335,7 +335,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } { - name: '<>-az-aci-x-002' + name: 'jpe-az-aci-x-002' properties: { command: [] environmentVariables: [] @@ -355,7 +355,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } } ] - name: '<>cicgcom001' + name: 'jpecicgcom001' // Non-required parameters enableDefaultTelemetry: '' ipAddressPorts: [ @@ -393,7 +393,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic "containers": { "value": [ { - "name": "<>-az-aci-x-001", + "name": "jpe-az-aci-x-001", "properties": { "command": [], "environmentVariables": [], @@ -417,7 +417,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic } }, { - "name": "<>-az-aci-x-002", + "name": "jpe-az-aci-x-002", "properties": { "command": [], "environmentVariables": [], @@ -439,7 +439,7 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic ] }, "name": { - "value": "<>cicgcom001" + "value": "jpecicgcom001" }, // Non-required parameters "enableDefaultTelemetry": { From 96a7004b9da22f997fc1876c956fa9f1609a07c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Pei=C3=9Fker?= Date: Mon, 5 Dec 2022 17:10:57 +0100 Subject: [PATCH 35/35] rename prifix --- .../containerGroups/.test/common/deploy.test.bicep | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.test/common/deploy.test.bicep b/modules/Microsoft.ContainerInstance/containerGroups/.test/common/deploy.test.bicep index 5eee90ab4c..35c5abd5c9 100644 --- a/modules/Microsoft.ContainerInstance/containerGroups/.test/common/deploy.test.bicep +++ b/modules/Microsoft.ContainerInstance/containerGroups/.test/common/deploy.test.bicep @@ -31,7 +31,7 @@ module resourceGroupResources 'dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-paramNested' params: { - managedIdentityName: 'dep-jpe-msi-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' } } @@ -44,11 +44,11 @@ module testDeployment '../../deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-${serviceShort}' params: { enableDefaultTelemetry: enableDefaultTelemetry - name: 'jpe${serviceShort}001' + name: '<>${serviceShort}001' lock: 'CanNotDelete' containers: [ { - name: 'jpe-az-aci-x-001' + name: '<>-az-aci-x-001' properties: { command: [] environmentVariables: [] @@ -72,7 +72,7 @@ module testDeployment '../../deploy.bicep' = { } } { - name: 'jpe-az-aci-x-002' + name: '<>-az-aci-x-002' properties: { command: [] environmentVariables: []