Azure
/
Enterprise-Scale
зеркало из https://github.com/Azure/Enterprise-Scale.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Multiregion bugfix (#1692)

This commit is contained in:
brsteph 2024-07-01 05:11:43 -04:00 коммит произвёл GitHub
Родитель 819c3532f9
Коммит f775451a79
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
3 изменённых файлов: 22 добавлений и 17 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

22
eslzArm/eslzArm.json
Просмотреть файл

@ -1892,6 +1892,7 @@
"ddosName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-ddos-', parameters('connectivityLocation'))]",
"azFwPolicyName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-azfwpolicy-', parameters('connectivityLocation'))]",
"azFwName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-fw-', parameters('connectivityLocation'))]",
"azFwNameSecondary": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-fw-', parameters('connectivityLocationSecondary'))]",
"azErGwIpName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-erpip-', parameters('connectivityLocation'))]",
"hubName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-hub-', parameters('connectivityLocation'))]",
"hubNameSecondary": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-hub-', parameters('connectivityLocationSecondary'))]",
@ -1918,6 +1919,7 @@
"vWanHubResourceIdSecondary": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRg, '/providers/Microsoft.Network/virtualHubs/', variables('platformResourceNames').hubNameSecondary)]",
"privateDnsRgResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').privateDnsRg)]",
"azFirewallResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRg, '/providers/Microsoft.Network/azureFirewalls/', variables('platformResourceNames').azFwName)]",
"azFirewallResourceIdSecondary": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRgSecondary, '/providers/Microsoft.Network/azureFirewalls/', variables('platformResourceNames').azFwNameSecondary)]",
"userAssignedIdentityResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedMgmtSub'), '/resourceGroups/', variables('platformRgNames').mgmtRg, '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', variables('platformResourceNames').userAssignedIdentity)]"
},
// Declaring deterministic resourceId's for ES Lite platform resources (as they will be consolidated into a single platform subscription)
@ -4700,7 +4702,7 @@
},
{
// Creating the virtual network hub (hub and spoke)
"condition": "[and(not(empty(parameters('connectivitySubscriptionId'))),equals(parameters('enableHub'), 'vhub'))]",
"condition": "[and(not(empty(parameters('connectivitySubscriptionId'))), equals(parameters('enableHub'), 'vhub'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-10-01",
"scope": "[variables('scopes').connectivityManagementGroup]",
@ -4951,7 +4953,7 @@
"value": "[parameters('vWANHubCapacity')]"
},
"enableHubSecondary": {
"value": "[parameters('enableHubSecondary')]"
"value": "[parameters('enableSecondaryRegion')]"
},
"enableAzFwSecondary": {
"value": "[parameters('enableAzFwSecondary')]"
@ -5078,7 +5080,7 @@
"value": "[parameters('enablePrivateDnsZonesSecondary')]"
},
"enableHubSecondary": {
"value": "[parameters('enableHubSecondary')]"
"value": "[parameters('enableSecondaryRegion')]"
}
}
}
@ -5168,7 +5170,7 @@
*/
{
// Creating the virtual network hub (hub and spoke) in a secondary region
"condition": "[and(not(empty(parameters('connectivitySubscriptionId'))),equals(parameters('enableHubSecondary'), 'vhub'))]",
"condition": "[and(not(empty(parameters('connectivitySubscriptionId'))), equals(parameters('enableSecondaryRegion'), 'Yes'), equals(parameters('enableHubSecondary'), 'vhub'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-10-01",
"scope": "[variables('scopes').connectivityManagementGroup]",
@ -5264,7 +5266,7 @@
},
{
// Creating the virtual network hub (with NVA) in a secondary region
"condition": "[and(not(empty(parameters('connectivitySubscriptionId'))),equals(parameters('enableHubSecondary'), 'nva'))]",
"condition": "[and(not(empty(parameters('connectivitySubscriptionId'))),equals(parameters('enableSecondaryRegion'), 'Yes'), equals(parameters('enableHubSecondary'), 'nva'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-10-01",
"scope": "[variables('scopes').connectivityManagementGroup]",
@ -5342,7 +5344,7 @@
},
{
// Peering the primary hub and the secondary hub (when nva or vhub is selected)
"condition": "[and(not(empty(parameters('connectivitySubscriptionId'))), or(equals(parameters('enableHub'), 'nva'), equals(parameters('enableHub'), 'vhub')), or(equals(parameters('enableHubSecondary'), 'nva'), equals(parameters('enableHubSecondary'), 'vhub')))]",
"condition": "[and(not(empty(parameters('connectivitySubscriptionId'))), or(equals(parameters('enableHub'), 'nva'), equals(parameters('enableHub'), 'vhub')), or(equals(parameters('enableHubSecondary'), 'nva'), equals(parameters('enableHubSecondary'), 'vhub')), equals(parameters('enableSecondaryRegion'), 'Yes'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "[variables('deploymentNames').hubPeeringDeploymentName]",
@ -7087,7 +7089,7 @@
},
{
// Peer vnet in identity subscription to connectivity hub in a secondary region if vhub or nva condition is true
"condition": "[and(or(equals(parameters('enableHubSecondary'), 'nva'), equals(parameters('enableHubSecondary'), 'vhub')), not(empty(parameters('identityAddressPrefix'))))]",
"condition": "[and(or(equals(parameters('enableHubSecondary'), 'nva'), equals(parameters('enableHub'), 'vhub')), not(empty(parameters('identityAddressPrefixSecondary'))))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "[variables('deploymentNames').identityPeering2DeploymentName]",
@ -8240,7 +8242,7 @@
*/
{
// Configuring and deploying the connectivity hub (hub and spoke) in a secondary region
"condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))),equals(parameters('enableHubSecondary'), 'vhub'))]",
"condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), equals(parameters('enableSecondaryRegion'), 'Yes'), equals(parameters('enableHubSecondary'), 'vhub'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-05-01",
"scope": "[variables('scopes').platformManagementGroup]",
@ -8337,7 +8339,7 @@
*/
{
// Configuring and deploying the connectivity hub (NVA) in a secondary region
"condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))),equals(parameters('enableHubSecondary'), 'nva'))]",
"condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), equals(parameters('enableSecondaryRegion'), 'Yes'), equals(parameters('enableHubSecondary'), 'nva'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-05-01",
"scope": "[variables('scopes').platformManagementGroup]",
@ -8416,7 +8418,7 @@
*/
{
// Peering the primary hub and the secondary hub (when nva or vhub is selected)
"condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), or(equals(parameters('enableHub'), 'nva'), equals(parameters('enableHub'), 'vhub')), or(equals(parameters('enableHubSecondary'), 'nva'), equals(parameters('enableHubSecondary'), 'vhub')))]",
"condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), or(equals(parameters('enableHub'), 'nva'), equals(parameters('enableHub'), 'vhub')), or(equals(parameters('enableHubSecondary'), 'nva'), equals(parameters('enableHubSecondary'), 'vhub')), equals(parameters('enableSecondaryRegion'), 'Yes'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "[variables('esLitedeploymentNames').hubPeeringDeploymentName]",

9
eslzArm/subscriptionTemplates/hubspoke-connectivity.json
Просмотреть файл

@ -177,6 +177,7 @@
"azErGwIpName": "[concat(variables('erGwName'), '-pip')]",
"azVpnGwPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azVpnGwIpName'))]",
"azVpnGwAAPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azVpnGwAAIpName'))]",
"azVpnPIPZones": "[split('1,2,3', ',')]",
"azFwIpName": "[concat(variables('azFwName'), '-pip')]",
"azFwMgmtIpName": "[concat(variables('azFwName'), '-mgmtpip')]",
"azErGwSubnetId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'),'/providers/Microsoft.Network/virtualNetworks/', variables('hubname'), '/subnets/GatewaySubnet')]",
@ -298,10 +299,11 @@
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"apiVersion": "2023-11-01",
"type": "Microsoft.Network/publicIpAddresses",
"location": "[parameters('location')]",
"name": "[variables('azVpnGwIpName')]",
"zones": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), variables('azVpnPIPZones'), json('null'))]",
"sku": {
"name": "Standard"
},
@ -311,10 +313,11 @@
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"apiVersion": "2023-11-01",
"type": "Microsoft.Network/publicIpAddresses",
"location": "[parameters('location')]",
"name": "[variables('azVpnGwAAIpName')]",
"zones": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), variables('azVpnPIPZones'), json('null'))]",
"sku": {
"name": "Standard"
},
@ -324,7 +327,7 @@
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'No'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"apiVersion": "2023-11-01",
"name": "[variables('vpngwname')]",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "[parameters('location')]",

8
eslzArm/subscriptionTemplates/vwan-connectivity.json
Просмотреть файл

@ -157,7 +157,7 @@
"enableHubSecondary": {
"type": "string",
"allowedValues": [
"vwan",
"Yes",
"No"
],
"defaultValue": "No"
@ -477,7 +477,7 @@
},
//Begin Secondary vhub Deployment
{
"condition": "[and(equals(parameters('enableHubSecondary'), 'vwan'), not(empty(parameters('addressPrefixSecondary'))))]",
"condition": "[and(equals(parameters('enableHubSecondary'), 'Yes'), not(empty(parameters('addressPrefixSecondary'))))]",
"type": "Microsoft.Network/virtualHubs",
"apiVersion": "2023-04-01",
"location": "[parameters('locationSecondary')]",
@ -498,7 +498,7 @@
}
},
{
"condition": "[and(equals(parameters('enableHubSecondary'), 'vwan'), equals(parameters('enableVpnGwSecondary'), 'Yes'))]",
"condition": "[and(equals(parameters('enableHubSecondary'), 'Yes'), equals(parameters('enableVpnGwSecondary'), 'Yes'))]",
"type": "Microsoft.Network/vpnGateways",
"apiVersion": "2020-05-01",
"location": "[parameters('locationSecondary')]",
@ -517,7 +517,7 @@
}
},
{
"condition": "[and(equals(parameters('enableHubSecondary'), 'vwan'), equals(parameters('enableErGwSecondary'), 'Yes'))]",
"condition": "[and(equals(parameters('enableHubSecondary'), 'Yes'), equals(parameters('enableErGwSecondary'), 'Yes'))]",
"type": "Microsoft.Network/expressRouteGateways",
"apiVersion": "2020-05-01",
"location": "[parameters('locationSecondary')]",