Azure · MariusStorhaug · Feb 14, 2023 · Feb 9, 2023 · Feb 9, 2023 · Feb 9, 2023
@@ -158,5 +158,63 @@ module testDeployment '../../deploy.bicep' = {
       }
     ]
     systemAssignedIdentity: true
+    fluxExtension: {
+      configurationSettings: {
+        'helm-controller.enabled': 'true'
+        'source-controller.enabled': 'true'
+        'kustomize-controller.enabled': 'true'
+        'notification-controller.enabled': 'true'
+        'image-automation-controller.enabled': 'false'
+        'image-reflector-controller.enabled': 'false'
+      }
+      configurations: [
+        {
+          namespace: 'flux-system'
+          scope: 'cluster'
+          gitRepository: {
+            repositoryRef: {
+              branch: 'main'
+            }
+            sshKnownHosts: ''
+            syncIntervalInSeconds: 300
+            timeoutInSeconds: 180
+            url: 'https://github.com/mspnp/aks-baseline'
+          }
+        }
+        {
+          namespace: 'flux-system-helm'
+          scope: 'cluster'
+          gitRepository: {
+            repositoryRef: {
+              branch: 'main'
+            }
+            sshKnownHosts: ''
+            syncIntervalInSeconds: 300
+            timeoutInSeconds: 180
+            url: 'https://github.com/Azure/gitops-flux2-kustomize-helm-mt'
+          }
+          kustomizations: {
+            infra: {
+              path: './infrastructure'
+              dependsOn: []
+              timeoutInSeconds: 600
+              syncIntervalInSeconds: 600
+              validation: 'none'
+              prune: true
+            }
+            apps: {
+              path: './apps/staging'
+              dependsOn: [
+                'infra'
+              ]
+              timeoutInSeconds: 600
+              syncIntervalInSeconds: 600
+              retryIntervalInSeconds: 120
+              prune: true
+            }
+          }
+        }
+      ]
+    }
   }
 }
@@ -295,6 +295,13 @@ param tags object = {}
 @description('Optional. The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided.')
 param diskEncryptionSetID string = ''
 
+@description('Optional. Configuration settings that are sensitive, as name-value pairs for configuring this extension.')
+@secure()
+param fluxConfigurationProtectedSettings object = {}
+
+@description('Optional. Settings and configurations for the flux extension.')
+param fluxExtension object = {}
+
 @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.')
 @allowed([
   'allLogs'
@@ -553,6 +560,23 @@ module managedCluster_agentPools 'agentPools/deploy.bicep' = [for (agentPool, in
   }
 }]
 
+module managedCluster_extension '../../Microsoft.KubernetesConfiguration/extensions/deploy.bicep' = if (!empty(fluxExtension)) {
+  name: '${uniqueString(deployment().name, location)}-ManagedCluster-FluxExtension'
+  params: {
+    clusterName: managedCluster.name
+    configurationProtectedSettings: !empty(fluxConfigurationProtectedSettings) ? fluxConfigurationProtectedSettings : {}
+    configurationSettings: contains(fluxExtension, 'configurationSettings') ? fluxExtension.configurationSettings : {}
+    enableDefaultTelemetry: enableReferencedModulesTelemetry
+    extensionType: 'microsoft.flux'
+    fluxConfigurations: fluxExtension.configurations
+    location: location
+    name: 'flux'
+    releaseNamespace: 'flux-system'
+    releaseTrain: contains(fluxExtension, 'releaseTrain') ? fluxExtension.releaseTrain : 'Stable'
+    version: contains(fluxExtension, 'version') ? fluxExtension.version : ''
+  }
+}
+
 resource managedCluster_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) {
   name: '${managedCluster.name}-${lock}-lock'
   properties: {

@@ -19,6 +19,8 @@ This module deploys Azure Kubernetes Cluster (AKS).
 | `Microsoft.ContainerService/managedClusters` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-09-01/managedClusters) |
 | `Microsoft.ContainerService/managedClusters/agentPools` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-09-01/managedClusters/agentPools) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
+| `Microsoft.KubernetesConfiguration/extensions` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/extensions) |
+| `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) |
 
 ## Parameters
 
@@ -102,6 +104,8 @@ This module deploys Azure Kubernetes Cluster (AKS).
 | `enablePrivateClusterPublicFQDN` | bool | `False` |  | Whether to create additional public FQDN for private cluster or not. |
 | `enableRBAC` | bool | `True` |  | Whether to enable Kubernetes Role-Based Access Control. |
 | `enableSecretRotation` | string | `'false'` | `[false, true]` | Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. |
+| `fluxConfigurationProtectedSettings` | secureObject | `{object}` |  | Configuration settings that are sensitive, as name-value pairs for configuring this extension. |
+| `fluxExtension` | object | `{object}` |  | Settings and configurations for the flux extension. |
 | `httpApplicationRoutingEnabled` | bool | `False` |  | Specifies whether the httpApplicationRouting add-on is enabled or not. |
 | `ingressApplicationGatewayEnabled` | bool | `False` |  | Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. |
 | `kubeDashboardEnabled` | bool | `False` |  | Specifies whether the kubeDashboard add-on is enabled or not. |
@@ -365,7 +369,12 @@ userAssignedIdentities: {
 
 ## Cross-referenced modules
 
-_None_
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `Microsoft.KubernetesConfiguration/extensions` | Local reference |
+| `Microsoft.KubernetesConfiguration/fluxConfigurations` | Local reference |
 
 ## Deployment examples
 
@@ -468,6 +477,59 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
     diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     diskEncryptionSetID: '<diskEncryptionSetID>'
     enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    fluxExtension: {
+      configurations: [
+        {
+          gitRepository: {
+            repositoryRef: {
+              branch: 'main'
+            }
+            sshKnownHosts: ''
+            syncIntervalInSeconds: 300
+            timeoutInSeconds: 180
+            url: 'https://github.com/mspnp/aks-baseline'
+          }
+          namespace: 'flux-system'
+        }
+        {
+          gitRepository: {
+            repositoryRef: {
+              branch: 'main'
+            }
+            sshKnownHosts: ''
+            syncIntervalInSeconds: 300
+            timeoutInSeconds: 180
+            url: 'https://github.com/Azure/gitops-flux2-kustomize-helm-mt'
+          }
+          kustomizations: {
+            apps: {
+              path: './apps/staging'
+              prune: true
+              retryIntervalInSeconds: 120
+              syncIntervalInSeconds: 600
+              timeoutInSeconds: 600
+            }
+            infra: {
+              dependsOn: []
+              path: './infrastructure'
+              prune: true
+              syncIntervalInSeconds: 600
+              timeoutInSeconds: 600
+              validation: 'none'
+            }
+          }
+          namespace: 'flux-system-helm'
+        }
+      ]
+      configurationSettings: {
+        'helm-controller.enabled': 'true'
+        'image-automation-controller.enabled': 'false'
+        'image-reflector-controller.enabled': 'false'
+        'kustomize-controller.enabled': 'true'
+        'notification-controller.enabled': 'true'
+        'source-controller.enabled': 'true'
+      }
+    }
     lock: 'CanNotDelete'
     roleAssignments: [
       {
@@ -601,6 +663,64 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
     "enableDefaultTelemetry": {
       "value": "<enableDefaultTelemetry>"
     },
+    "fluxExtension": {
+      "value": {
+        "configurations": [
+          {
+            "gitRepository": {
+              "repositoryRef": {
+                "branch": "main"
+              },
+              "sshKnownHosts": "",
+              "syncIntervalInSeconds": 300,
+              "timeoutInSeconds": 180,
+              "url": "https://github.com/mspnp/aks-baseline"
+            },
+            "namespace": "flux-system"
+          },
+          {
+            "gitRepository": {
+              "repositoryRef": {
+                "branch": "main"
+              },
+              "sshKnownHosts": "",
+              "syncIntervalInSeconds": 300,
+              "timeoutInSeconds": 180,
+              "url": "https://github.com/Azure/gitops-flux2-kustomize-helm-mt"
+            },
+            "kustomizations": {
+              "apps": {
+                "dependsOn": [
+                  "infra"
+                ],
+                "path": "./apps/staging",
+                "prune": true,
+                "retryIntervalInSeconds": 120,
+                "syncIntervalInSeconds": 600,
+                "timeoutInSeconds": 600
+              },
+              "infra": {
+                "dependsOn": [],
+                "path": "./infrastructure",
+                "prune": true,
+                "syncIntervalInSeconds": 600,
+                "timeoutInSeconds": 600,
+                "validation": "none"
+              }
+            },
+            "namespace": "flux-system-helm"
+          }
+        ],
+        "configurationSettings": {
+          "helm-controller.enabled": "true",
+          "image-automation-controller.enabled": "false",
+          "image-reflector-controller.enabled": "false",
+          "kustomize-controller.enabled": "true",
+          "notification-controller.enabled": "true",
+          "source-controller.enabled": "true"
+        }
+      }
+    },
     "lock": {
       "value": "CanNotDelete"
     },

@@ -59,5 +59,20 @@ module testDeployment '../../deploy.bicep' = {
     releaseNamespace: 'flux-system'
     releaseTrain: 'Stable'
     version: '0.5.2'
+    fluxConfigurations: [
+      {
+        namespace: 'flux-system'
+        scope: 'cluster'
+        gitRepository: {
+          repositoryRef: {
+            branch: 'main'
+          }
+          sshKnownHosts: ''
+          syncIntervalInSeconds: 300
+          timeoutInSeconds: 180
+          url: 'https://github.com/mspnp/aks-baseline'
+        }
+      }
+    ]
   }
 }
@@ -11,6 +11,7 @@ param clusterName string
 param location string = resourceGroup().location
 
 @description('Optional. Configuration settings that are sensitive, as name-value pairs for configuring this extension.')
+@secure()
 param configurationProtectedSettings object = {}
 
 @description('Optional. Configuration settings, as name-value pairs for configuring this extension.')
@@ -31,6 +32,9 @@ param targetNamespace string = ''
 @description('Optional. Version of the extension for this extension, if it is "pinned" to a specific version.')
 param version string = ''
 
+@description('Optional. A list of flux configuraitons.')
+param fluxConfigurations array = []
+
 resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
   name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
   properties: {
@@ -68,6 +72,26 @@ resource extension 'Microsoft.KubernetesConfiguration/extensions@2022-03-01' = {
   }
 }
 
+module fluxConfiguration '../../Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep' = [for (fluxConfiguration, index) in fluxConfigurations: {
+  name: '${uniqueString(deployment().name, location)}-ManagedCluster-FluxConfiguration${index}'
+  params: {
+    enableDefaultTelemetry: enableDefaultTelemetry
+    clusterName: managedCluster.name
+    scope: fluxConfiguration.scope
+    namespace: fluxConfiguration.namespace
+    sourceKind: contains(fluxConfiguration, 'gitRepository') ? 'GitRepository' : 'Bucket'
+    name: contains(fluxConfiguration, 'name') ? fluxConfiguration.name : toLower('${managedCluster.name}-fluxconfiguration${index}')
+    bucket: contains(fluxConfiguration, 'bucket') ? fluxConfiguration.bucket : {}
+    configurationProtectedSettings: contains(fluxConfiguration, 'configurationProtectedSettings') ? fluxConfiguration.configurationProtectedSettings : {}
+    gitRepository: contains(fluxConfiguration, 'gitRepository') ? fluxConfiguration.gitRepository : {}
+    kustomizations: contains(fluxConfiguration, 'kustomizations') ? fluxConfiguration.kustomizations : {}
+    suspend: contains(fluxConfiguration, 'suspend') ? fluxConfiguration.suspend : false
+  }
+  dependsOn: [
+    extension
+  ]
+}]
+
 @description('The name of the extension.')
 output name string = extension.name