[Modules] Extend managedClusters with flux config

modules/Microsoft.ContainerService/managedClusters/.test/flux/deploy.test.bicep

@@ -0,0 +1,108 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'ms.containerservice.managedclusters-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'csmmf2'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+// ============ //
+// Dependencies //
+// ============ //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
+  params: {
+    name: '${serviceShort}001'
+    enableDefaultTelemetry: enableDefaultTelemetry
+    systemAssignedIdentity: true
+    primaryAgentPoolProfile: [
+      {
+        name: 'systempool'
+        count: 1
+        vmSize: 'Standard_DS2_v2'
+        mode: 'System'
+      }
+    ]
+    fluxReleaseTrain: 'Stable'
+    fluxVersion: ''
+    fluxConfigurationProtectedSettings: {}
+    fluxConfigurationSettings: {
+      'helm-controller.enabled': 'true'
+      'source-controller.enabled': 'true'
+      'kustomize-controller.enabled': 'true'
+      'notification-controller.enabled': 'true'
+      'image-automation-controller.enabled': 'false'
+      'image-reflector-controller.enabled': 'false'
+    }
+    fluxConfigurations: [
+      {
+        namespace: 'flux-system'
+        scope: 'cluster'
+        gitRepository: {
+          repositoryRef: {
+            branch: 'main'
+          }
+          sshKnownHosts: ''
+          syncIntervalInSeconds: 300
+          timeoutInSeconds: 180
+          url: 'https://github.com/mspnp/aks-baseline'
+        }
+      }
+      {
+        namespace: 'flux-system-helm'
+        scope: 'cluster'
+        gitRepository: {
+          repositoryRef: {
+            branch: 'main'
+          }
+          sshKnownHosts: ''
+          syncIntervalInSeconds: 300
+          timeoutInSeconds: 180
+          url: 'https://github.com/Azure/gitops-flux2-kustomize-helm-mt'
+        }
+        kustomizations: {
+          infra: {
+            path: './infrastructure'
+            dependsOn: []
+            timeoutInSeconds: 600
+            syncIntervalInSeconds: 600
+            validation: 'none'
+            prune: true
+          }
+          apps: {
+            path: './apps/staging'
+            dependsOn: [
+              {
+                kustomizationName: 'infra'
+              }
+            ]
+            timeoutInSeconds: 600
+            syncIntervalInSeconds: 600
+            retryIntervalInSeconds: 600
+            prune: true
+          }
+        }
+      }
+    ]
+  }
+}

modules/Microsoft.ContainerService/managedClusters/deploy.bicep

@@ -295,6 +295,22 @@ param tags object = {}
 @description('Optional. The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided.')
 param diskEncryptionSetID string = ''
 
+@description('Optional. ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is "true".')
+param fluxReleaseTrain string = 'Stable'
+
+@description('Optional. Version of the extension for this extension, if it is "pinned" to a specific version.')
+param fluxVersion string = ''
+
+@description('Optional. Configuration settings that are sensitive, as name-value pairs for configuring this extension.')
+@secure()
+param fluxConfigurationProtectedSettings object = {}
+
+@description('Optional. Configuration settings, as name-value pairs for configuring this extension.')
+param fluxConfigurationSettings object = {}
+
+@description('Optional. A list of flux configuraitons.')
+param fluxConfigurations array = []
+
 @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.')
 @allowed([
   'allLogs'
@@ -553,6 +569,42 @@ module managedCluster_agentPools 'agentPools/deploy.bicep' = [for (agentPool, in
   }
 }]
 
+module managedCluster_extension '../../Microsoft.KubernetesConfiguration/extensions/deploy.bicep' = if (!empty(fluxConfigurations)) {
+  name: '${uniqueString(deployment().name, location)}-ManagedCluster-FluxExtension'
+  params: {
+    clusterName: managedCluster.name
+    configurationProtectedSettings: !empty(fluxConfigurationProtectedSettings) ? fluxConfigurationProtectedSettings : {}
+    configurationSettings: !empty(fluxConfigurationSettings) ? fluxConfigurationSettings : {}
+    enableDefaultTelemetry: enableReferencedModulesTelemetry
+    extensionType: 'microsoft.flux'
+    location: location
+    name: 'flux'
+    releaseNamespace: 'flux-system'
+    releaseTrain: !empty(fluxReleaseTrain) ? fluxReleaseTrain : 'Stable'
+    version: !empty(fluxVersion) ? fluxVersion : ''
+  }
+}
+
+module managedCluster_fluxConfiguration '../../Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep' = [for (fluxConfiguration, index) in fluxConfigurations: {
+  name: '${uniqueString(deployment().name, location)}-ManagedCluster-FluxConfiguration${index}'
+  params: {
+    bucket: contains(fluxConfiguration, 'bucket') ? fluxConfiguration.bucket : {}
+    clusterName: managedCluster.name
+    configurationProtectedSettings: contains(fluxConfiguration, 'configurationProtectedSettings') ? fluxConfiguration.configurationProtectedSettings : {}
+    enableDefaultTelemetry: enableDefaultTelemetry
+    gitRepository: contains(fluxConfiguration, 'gitRepository') ? fluxConfiguration.gitRepository : {}
+    kustomizations: contains(fluxConfiguration, 'kustomizations') ? fluxConfiguration.kustomizations : {}
+    name: contains(fluxConfiguration, 'name') ? fluxConfiguration.name : toLower('${managedCluster.name}-fluxconfiguration${index}')
+    namespace: fluxConfiguration.namespace
+    scope: fluxConfiguration.scope
+    sourceKind: contains(fluxConfiguration, 'gitRepository') ? 'GitRepository' : 'Bucket'
+    suspend: contains(fluxConfiguration, 'suspend') ? fluxConfiguration.suspend : false
+  }
+  dependsOn: [
+    managedCluster_extension
+  ]
+}]
+
 resource managedCluster_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) {
   name: '${managedCluster.name}-${lock}-lock'
   properties: {