Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP - Updating AKS Cluster and dependent resources definitions #6821

Closed
wants to merge 1 commit into from
Closed

WIP - Updating AKS Cluster and dependent resources definitions #6821

wants to merge 1 commit into from

Conversation

ytimocin
Copy link
Contributor

@ytimocin ytimocin commented Nov 21, 2023
edited
Loading

Description

Initial work on updating the definitions in the test/infra/azure folder that defines an AKS Cluster (that we use for long-haul testing) and all the dependents.

As of 24 Nov 2023, after the initial creation of resources here are the policies that fail:

  1. endpoint protection solution should be installed on virtual machine scale sets => https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyComplianceDetail.ReactView/assignmentId/%2Fproviders%2Fmicrosoft.management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2Fmicrosoft.authorization%2Fpolicyassignments%2Fasb-audit2-initiative-v1/initiativeId/%2Fproviders%2FMicrosoft.Management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2FMicrosoft.Authorization%2FpolicySetDefinitions%2F4df59e9ddb1bfd29/policyDefinitionReferenceId/13846729305249179065/policyDefinitionId/%2Fproviders%2Fmicrosoft.management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2Fmicrosoft.authorization%2Fpolicydefinitions%2Fd6bd79706f147506/scopes~/%5B%22%2Fsubscriptions%2F66d1209e-1382-45d3-99bb-650e6bf63fc0%2FresourceGroups%2FMC_ytimocin-test-aks-rg_4wakkwmtizec2-aks_westus3%22%5D/isRegulatoryCompliance~/false
  2. endpoint protection solution should be installed on virtual machine scale sets => https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyComplianceDetail.ReactView/assignmentId/%2Fproviders%2Fmicrosoft.management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2Fmicrosoft.authorization%2Fpolicyassignments%2Fasb-audit2-initiative-v1/initiativeId/%2Fproviders%2FMicrosoft.Management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2FMicrosoft.Authorization%2FpolicySetDefinitions%2F4df59e9ddb1bfd29/policyDefinitionReferenceId/13846729305249179065/policyDefinitionId/%2Fproviders%2Fmicrosoft.management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2Fmicrosoft.authorization%2Fpolicydefinitions%2Fd6bd79706f147506/scopes~/%5B%22%2Fsubscriptions%2F66d1209e-1382-45d3-99bb-650e6bf63fc0%2FresourceGroups%2FMC_ytimocin-test-aks-rg_4wakkwmtizec2-aks_westus3%22%5D/isRegulatoryCompliance~/false
  3. log analytics agent should be installed on your virtual machine scale sets for azure security center monitoring => https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyComplianceDetail.ReactView/assignmentId/%2Fproviders%2Fmicrosoft.management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2Fmicrosoft.authorization%2Fpolicyassignments%2Fasb-audit2-initiative-v1/initiativeId/%2Fproviders%2FMicrosoft.Management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2FMicrosoft.Authorization%2FpolicySetDefinitions%2F4df59e9ddb1bfd29/policyDefinitionReferenceId/7507843044034395825/policyDefinitionId/%2Fproviders%2Fmicrosoft.management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2Fmicrosoft.authorization%2Fpolicydefinitions%2F162a011ddca389e9/scopes~/%5B%22%2Fsubscriptions%2F66d1209e-1382-45d3-99bb-650e6bf63fc0%2FresourceGroups%2FMC_ytimocin-test-aks-rg_4wakkwmtizec2-aks_westus3%22%5D/isRegulatoryCompliance~/false
  4. Others: https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/InitiativeComplianceDetail.ReactView/assignmentId/%2Fproviders%2Fmicrosoft.management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2Fmicrosoft.authorization%2Fpolicyassignments%2Fasb-audit3-initiative-v1/initiativeId/%2Fproviders%2Fmicrosoft.management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2Fmicrosoft.authorization%2Fpolicysetdefinitions%2F47d8e1d3106c85a1/scopes~/%5B%22%2Fsubscriptions%2F66d1209e-1382-45d3-99bb-650e6bf63fc0%2FresourceGroups%2FMC_ytimocin-test-aks-rg_4wakkwmtizec2-aks_westus3%22%5D/isRegulatoryCompliance~/0/showGroups~/null
  5. Others: https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/InitiativeComplianceDetail.ReactView/assignmentId/%2Fproviders%2Fmicrosoft.management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2Fmicrosoft.authorization%2Fpolicyassignments%2Fasb-audit1-initiative-v1/initiativeId/%2Fproviders%2Fmicrosoft.management%2Fmanagementgroups%2F48fed3a1-0814-4847-88ce-b766155f2792%2Fproviders%2Fmicrosoft.authorization%2Fpolicysetdefinitions%2F160bc010a809a54c/scopes~/%5B%22%2Fsubscriptions%2F66d1209e-1382-45d3-99bb-650e6bf63fc0%2FresourceGroups%2Fytimocin-test-aks-rg%22%5D/isRegulatoryCompliance~/0/showGroups~/null

Type of change

Auto-generated summary

🤖[deprecated] Generated by Copilot at 7c0f3aa

Summary

🌐🌟🐛

This pull request enhances the Azure test infrastructure by adding private cluster support and arc node pool creation for the AKS cluster. It also fixes some errors and improves the readability and consistency of the main.bicep and akscluster.bicep templates and the README.md file.

We're building up the akscluster module, me hearties
Adding features and fixing errors as we go
We'll make a private cluster and an arc node pool
And update the README so everyone will know

Walkthrough

  • Add parameters and properties to enable private cluster support for AKS cluster (link, link, link, link, link, link)
  • Add parameters and properties to enable arc node pool for AKS cluster (link, link)
  • Update kubernetesVersion parameter to use latest version (link)
  • Remove unused and unsupported parameters and properties for diagnostic settings (link)
  • Add enableRBAC property and remove duplicate property for aksCluster resource (link, link)
  • Update parameter descriptions and variable names for clarity and consistency (link, link)
  • Add spaces and blank lines to improve readability and follow bicep style guide (link, link, link, link, link, link, link, link, link, link)
  • Update README.md to reflect changes and fix links (link, link, link, link, link)

@ytimocin ytimocin requested review from a team as code owners November 21, 2023 04:56
@ytimocin ytimocin force-pushed the ytimocin/updateAksCluster branch 5 times, most recently from 047baad to 0499723 Compare November 25, 2023 01:08
@ytimocin ytimocin force-pushed the ytimocin/updateAksCluster branch from 0499723 to 357bc31 Compare November 30, 2023 22:21
@ytimocin ytimocin marked this pull request as draft December 11, 2023 22:28
@ytimocin ytimocin closed this Feb 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Proposal] Improve functional test reliability
1 participant
@ytimocin