Updated Instructions for GitOps

IaC/bicep/rg-spoke/acr.bicep

@@ -9,46 +9,61 @@ param resourceGroupName string = 'rg-bu0001a0008'
 
 @allowed([
   'australiaeast'
+  'australiasoutheast'
   'canadacentral'
+  'canadaeast'
   'centralus'
+  'eastasia'
   'eastus'
   'eastus2'
-  'westus2'
   'francecentral'
+  'francesouth'
+  'germanynorth'
   'germanywestcentral'
+  'japanwest'
+  'northcentralus'
   'northeurope'
   'southafricanorth'
+  'southafricawest'
   'southcentralus'
-  'uksouth'
-  'westeurope'
-  'japaneast'
   'southeastasia'
+  'uksouth'
+  'ukwest'
+  'westcentralus'
+  'westeurope'
+  'westus'
+  'westus2'
+
 ])
 @description('AKS Service, Node Pool, and supporting services (KeyVault, App Gateway, etc) region. This needs to be the same region as the vnet provided in these parameters.')
 param location string = 'eastus2'
 
 @allowed([
+  'australiaeast'
   'australiasoutheast'
+  'canadacentral'
   'canadaeast'
-  'eastus2'
-  'westus'
   'centralus'
-  'westcentralus'
-  'francesouth'
-  'germanynorth'
-  'westeurope'
-  'ukwest'
-  'northeurope'
-  'japanwest'
-  'southafricawest'
-  'northcentralus'
   'eastasia'
   'eastus'
-  'westus2'
+  'eastus2'
   'francecentral'
-  'uksouth'
-  'japaneast'
+  'francesouth'
+  'germanynorth'
+  'germanywestcentral'
+  'japanwest'
+  'northcentralus'
+  'northeurope'
+  'southafricanorth'
+  'southafricawest'
+  'southcentralus'
   'southeastasia'
+  'uksouth'
+  'ukwest'
+  'westcentralus'
+  'westeurope'
+  'westus'
+  'westus2'
 ])
 @description('For Azure resources that support native geo-redunancy, provide the location the redundant service will have its secondary. Should be different than the location parameter and ideally should be a paired region - https://docs.microsoft.com/azure/best-practices-availability-paired-regions. This region does not need to support availability zones.')
 param geoRedundancyLocation string = 'centralus'

README.md

@@ -3,6 +3,7 @@
     - [Deploy AKS using GitHub Actions and Bicep](#deploy-aks-using-github-actions-and-bicep)
     - [Deploy AKS using GitHub Actions and Terraform](#deploy-aks-using-github-actions-and-terraform)
   - [Shared-Services](#shared-services)
+    - [Deploy the Shared Services within the cluster](#deploy-the-shared-services-within-the-cluster)
   - [Application Deployment](#application-deployment)
     - [Deploy the sample application using GitHub Actions](#deploy-the-sample-application-using-github-actions)
   - [Lifecycle-Management](#lifecycle-management)
@@ -57,6 +58,9 @@ Note: as this reference implementation and reference architecture launch, conten
 
 ![Shared-Services Deployment](./docs/.attachments/shared-services.jpg)
 
+### Deploy the Shared Services within the cluster
+Under the **shared-services** folder you will find the instructions and the code to deploy the same shared services included in the [AKS Baseline Reference Implementation](https://github.com/mspnp/aks-baseline). The steps to deploy them through GitOps using flux can be found [here](https://github.com/Azure/aks-baseline-automation/tree/main/IaC/terraform).
+
 ## Application Deployment
 This section demonstrates the deployment of an application composed of multiple services by leveraging two options:
  * A CI/CD pipeline built using Kubernetes GitHub Actions.

shared-services/README.md

@@ -25,7 +25,7 @@ The first three namespaces are workload agnostic and tend to all cluster-wide co
 The **cluster** directory contains the configuration that applies to entire cluster (such as ClusterRole, ClusterRoleBinding), rather than to individual namespaces.
 
 ### Traefik
-The following files need to be renamed and customized after the cluster deployment in order for the Ingres Controller to be successfully deployed:
+The following files need to be renamed and customized for flux to deploy the Traefik Ingress Controller:
 * azureidentity.yaml.template needs to be renamed to azureidentity.yaml and the following parameters set in this file based on your specific environment:
   *  ${TRAEFIK_USER_ASSIGNED_IDENTITY_RESOURCE_ID}
   *  ${TRAEFIK_USER_ASSIGNED_IDENTITY_CLIENT_ID}
@@ -35,6 +35,7 @@ The following files need to be renamed and customized after the cluster deployme
 * traefik.yaml.template needs to be renamed to traefik.yaml the following parameters set:
   * ${ACR_NAME_AKS_BASELINE}
 
+Note that most of the parameters requested above will only be available to you after the deployment of your cluster.
 ### Kured
 
 Kured is included as a solution to handle occasional required reboots from daily OS patching. This open-source software component is only needed if you require a managed rebooting solution between weekly [node image upgrades](https://docs.microsoft.com/azure/aks/node-image-upgrade). Building a process around deploying node image upgrades [every week](https://github.com/Azure/AKS/releases) satisfies most organizational weekly patching cadence requirements. Combined with most security patches on Linux not requiring reboots often, this leaves your cluster in a well supported state. If weekly node image upgrades satisfies your business requirements, then remove Kured from this solution by deleting [`kured.yaml`](./cluster-baseline-settings/kured.yaml). If however weekly patching using node image upgrades is not sufficient and you need to respond to daily security updates that mandate a reboot ASAP, then using a solution like Kured will help you achieve that objective. **Kured is not supported by Microsoft Support.**
@@ -45,4 +46,4 @@ Typically, your bootstrapping repository wouldn't be a public facing repository
 
 To configure the setting for the GitHub repo that you want flux to pull from, update the parameter file for your cluster:
 * If you are using terraform modify the [`flux.yaml`](../../IaC/terraform/configuration/workloads/flux.tfvars) file.
-* If you are using bicep modify the [`cluster.parameters.json`](../../IaC/bicep/rg-spoke/cluster.parameters.json) file as follow:
+* If you are using bicep modify the [`cluster.parameters.json`](../../IaC/bicep/rg-spoke/cluster.parameters.json) file.