Azure
/
azure-spring-apps-reference-architecture
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
azure-spring-apps-reference.../archive/ARM/deploy.json

1612 строки
75 KiB
JSON
Исходник Обычный вид История

Initial ARM Template
2020-12-11 22:40:26 +03:00
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"tenantId": {
"type": "string",
"metadata": {
"description": "Your tenant ID"
}
},
Rename to spring apps
2023-03-06 06:31:20 +03:00
"springAppsPrincipalObjectId": {
Initial ARM Template
2020-12-11 22:40:26 +03:00
"type": "string",
"metadata": {
Rename to spring apps
2023-03-06 06:31:20 +03:00
"description": "The object ID of the Azure Spring Apps Resource Provider service principal"
Initial ARM Template
2020-12-11 22:40:26 +03:00
}
},
"keyVaultAdminObjectId": {
"type": "string",
"metadata": {
"description": "The object ID of the security principal that will have permissions over the Key Vault instance"
}
},
"vmAdminUsername": {
"type": "string",
"metadata": {
"description": "Administrator name for VMs that are created"
}
},
"vmAdminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the VMs that are created"
}
},
"tags": {
"type": "object",
"metadata": {
"description": "The tags that will be associated to the VM"
},
"defaultValue": {
"environment": "lab"
}
},
Modified - Added role authorizations for route table
2021-03-08 05:04:34 +03:00
"roleGuidVnetName": {
Initial ARM Template
2020-12-11 22:40:26 +03:00
"type": "string",
"metadata": {
Modified - Added role authorizations for route table
2021-03-08 05:04:34 +03:00
"description": "A new GUID used to identify the role assignment for the virtual network"
},
"defaultValue": "[newGuid()]"
},
"roleGuidRuntimeRouteTableName": {
"type": "string",
"metadata": {
"description": "A new GUID used to identify the role assignment for the route table"
},
"defaultValue": "[newGuid()]"
},
"roleGuidAppRouteTableName": {
"type": "string",
"metadata": {
"description": "A new GUID used to identify the role assignment for the route table"
Initial ARM Template
2020-12-11 22:40:26 +03:00
},
"defaultValue": "[newGuid()]"
}
},
"variables": {
Rename to spring apps
2023-03-06 06:31:20 +03:00
"springAppsSkuName": "S0",
"springAppsSkuTier": "Standard",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"vmSku": "Standard_DS2_v2",
"keyVaultSku": "Standard",
"ddosStandardProtection": false,
"logAnalyticsRetention": 30,
"keyPermissions": [
"list",
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
"sign",
"verify",
"get",
"create",
"update",
"import",
"backup",
"restore",
"recover"
],
"secretsPermissions": [
"list",
"get",
"set",
"backup",
"restore",
"recover"
],
"certPermissions": [
"backup",
"create",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"recover",
"restore",
"setissuers",
"update"
],
"location": "[resourceGroup().location]",
"networkApiVersion": "2020-05-01",
"dnsApiVersion": "2018-09-01",
"resourceDeploymentsApiVersion": "2019-10-01",
"laApiVersion": "2015-11-01-preview",
"diagApiVersion": "2017-05-01-preview",
"springApiVersion": "2020-07-01",
"appInsightsApiVersion": "2015-05-01",
"azureRbacApiVersion": "2020-04-01-preview",
"keyVaultApiVersion": "2019-09-01",
"hubVnetName": "vnet-hub",
"spokeVnetName": "vnet-spoke",
"hubCidr": "10.0.0.0/16",
"spokeCidr": "10.1.0.0/16",
"hubGatewaySubnetCidr": "10.0.0.0/24",
"hubFirewallSubnetCidr": "10.0.1.0/24",
"hubBastionSubnetCidr": "10.0.2.0/24",
"hubAppGatewayCidr": "10.0.3.0/24",
"hubSharedServicesCidr": "10.0.4.0/24",
"spokeRuntimeSubnetCidr": "10.1.0.0/24",
"spokeAppSubnetCidr": "10.1.1.0/24",
"spokeSupportSubnetCidr": "10.1.2.0/24",
"spokeDataSubnetCidr": "10.1.3.0/24",
Rename to spring apps
2023-03-06 06:31:20 +03:00
"springAppsServiceCidrs": "10.3.0.0/16,10.4.0.0/16,10.5.0.1/16",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"appGatewaySubnetName": "snet-agw",
"sharedServicesSubnetName": "snet-shared",
"supportSubnetName": "snet-support",
"runtimeSubnetName": "snet-runtime",
"appSubnetName": "snet-app",
"dataSubnetName": "snet-data",
"bastionPublicIpName": "pip-bastion",
"azFirewallPublicIpName": "pip-azfw",
"bastionName": "bstss",
"azureFirewallName": "fwhub",
"hubRouteTable": "rt-hub",
"hubVmName": "vm01",
"hubToSpokePeeringName": "peerhubtospoke",
Modified - Added separate route tables for app and runtime
2021-03-08 04:50:42 +03:00
"spokeRuntimeRouteTable": "rt-spokeruntime",
"spokeAppRouteTable": "rt-spokeapp",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"spokeToHubPeeringName": "peerspoketohub",
"laWorkspaceName": "[concat('la-',uniqueString(subscription().id, resourceGroup().id))]",
"keyVaultName": "[concat('kv-',uniqueString(subscription().id, resourceGroup().id))]",
"mysqlServerName": "[concat('mysql-',uniqueString(resourceGroup().id))]",
"nsgHubShared": "nsg-hubshared",
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"nsgSpokeRuntime": "nsg-spokeruntime",
"nsgSpokeApp": "nsg-spokeapp",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"appInsightsName": "[concat('appi-', uniqueString(subscription().id, resourceGroup().id))]",
Rename to spring apps
2023-03-06 06:31:20 +03:00
"springAppsInstanceName": "[concat('spring-', uniqueString(subscription().id, resourceGroup().id))]",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"ownerDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
"appPrivateDnsZone": "private.azuremicroservices.io",
"keyVaultPrivateDnsZone": "privatelink.vaultcore.azure.net",
"msSqlPrivateDnsZone": "privatelink.mysql.database.azure.com",
"uniqueKvPrivateEndpointName": "[substring(concat(concat('pl-',variables('keyVaultName')),uniqueString(subscription().id, resourceGroup().id)),10)]",
"uniqueKvPlConnName": "[substring(concat(concat('plconn',variables('keyVaultName')),uniqueString(subscription().id, resourceGroup().id)),10)]",
"uniqueSqlPrivateEndpointName": "[substring(concat(concat('pl-',variables('mysqlServerName')),uniqueString(subscription().id, resourceGroup().id)),10)]",
"uniqueSqlPlConnName": "[substring(concat(concat('plconn',variables('mysqlServerName')),uniqueString(subscription().id, resourceGroup().id)),10)]",
"appPrivateZoneLinkName": "[concat(variables('appPrivateDnsZone'), '-link')]",
"keyVaultPrivateZoneLinkName": "[concat(variables('keyVaultPrivateDnsZone'), '-link')]",
"msSqlPrivateZoneLinkName": "[concat(variables('msSqlPrivateDnsZone'), '-link')]",
"deployDnsARecord": "deploy-springDnsRecord",
"deployRouteAssign": "deploy-routeAssign",
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"deployDnsSpokeRouteSettings": "deploy-dnsSettings"
Initial ARM Template
2020-12-11 22:40:26 +03:00
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('nsgHubShared')]",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"properties": {
"securityRules": []
}
},
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('nsgSpokeApp')]",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"properties": {
"securityRules": []
}
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('nsgSpokeRuntime')]",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"properties": {
"securityRules": []
}
},
Initial ARM Template
2020-12-11 22:40:26 +03:00
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('hubVnetName')]",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgHubShared'))]"
],
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('hubCidr')]"
]
},
"subnets": [
{
"name": "GatewaySubnet",
"properties": {
"addressPrefix": "[variables('hubGatewaySubnetCidr')]"
}
},
{
"name": "AzureFirewallSubnet",
"properties": {
"addressPrefix": "[variables('hubFirewallSubnetCidr')]"
}
},
{
"name": "AzureBastionSubnet",
"properties": {
"addressPrefix": "[variables('hubBastionSubnetCidr')]"
}
},
{
"name": "[variables('sharedServicesSubnetName')]",
"properties": {
"addressPrefix": "[variables('hubSharedServicesCidr')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgHubShared'))]"
}
}
},
{
"name": "[variables('appGatewaySubnetName')]",
"properties": {
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"addressPrefix": "[variables('hubAppGatewayCidr')]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
}
}
],
"enableDdosProtection": "[variables('ddosStandardProtection')]"
},
"resources": [
]
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('spokeVnetName')]",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"dependsOn": [
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeApp'))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeRuntime'))]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
],
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('spokeCidr')]"
]
},
"subnets": [
{
"name": "[variables('runtimeSubnetName')]",
"properties": {
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"addressPrefix": "[variables('spokeRuntimeSubnetCidr')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeRuntime'))]"
}
Initial ARM Template
2020-12-11 22:40:26 +03:00
}
},
{
"name": "[variables('appSubnetName')]",
"properties": {
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"addressPrefix": "[variables('spokeAppSubnetCidr')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeApp'))]"
}
Initial ARM Template
2020-12-11 22:40:26 +03:00
}
},
{
"name": "[variables('supportSubnetName')]",
"properties": {
"addressPrefix": "[variables('spokeSupportSubnetCidr')]",
"privateEndpointNetworkPolicies": "Disabled"
}
},
{
"name": "[variables('dataSubnetName')]",
"properties": {
"addressPrefix": "[variables('spokeDataSubnetCidr')]",
"privateEndpointNetworkPolicies": "Disabled"
}
}
],
"enableDdosProtection": "[variables('ddosStandardProtection')]"
},
"resources": [
]
},
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "[variables('azureRbacApiVersion')]",
Modified - Added role authorizations for route table
2021-03-08 05:04:34 +03:00
"name": "[parameters('roleGuidVnetName')]",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"scope": "[concat('Microsoft.Network/virtualNetworks', '/', variables('spokeVnetName'))]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('spokeVnetName'))]"
],
"properties": {
"roleDefinitionId": "[variables('ownerDefinitionId')]",
Rename to spring apps
2023-03-06 06:31:20 +03:00
"principalId": "[parameters('springAppsPrincipalObjectId')]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
}
},
{
"name": "[concat(variables('hubVnetName'),'/',variables('hubToSpokePeeringName'))]",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('hubVnetName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('spokeVnetName'))]",
Modified - Added role authorizations for route table
2021-03-08 05:04:34 +03:00
"[concat('Microsoft.Authorization/roleAssignments/', parameters('roleGuidVnetName'))]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
],
"properties": {
"allowVirtualNetworkAccess": "true",
"allowForwardedTraffic": "true",
"allowGatewayTransit": "false",
"remoteVirtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks',variables('spokeVnetName'))]"
}
}
},
{
"name": "[concat(variables('spokeVnetName'),'/',variables('spokeToHubPeeringName'))]",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('hubVnetName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('spokeVnetName'))]",
Modified - Added role authorizations for route table
2021-03-08 05:04:34 +03:00
"[concat('Microsoft.Authorization/roleAssignments/', parameters('roleGuidVnetName'))]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
],
"properties": {
"allowVirtualNetworkAccess": "true",
"allowForwardedTraffic": "true",
"useRemoteGateways": "false",
"remoteVirtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks',variables('hubVnetName'))]"
}
}
},
{
"name": "[variables('laWorkspaceName')]",
"type": "Microsoft.OperationalInsights/workspaces",
"apiVersion": "[variables('laApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"properties": {
"sku": {
"name": "PerGB2018"
},
"retentionInDays": "[variables('logAnalyticsRetention')]"
}
},
{
"type": "Microsoft.Insights/components",
"name": "[variables('appInsightsName')]",
"apiVersion": "[variables('appInsightsApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"kind": "web",
"properties": {
"Application_Type": "web",
"ApplicationId": "[variables('appInsightsName')]",
"Flow_Type": "Bluefield",
"Request_Source": "rest"
}
},
{
"name": "[variables('keyVaultName')]",
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "[variables('keyVaultApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"properties": {
"accessPolicies": [
{
"objectId": "[parameters('keyVaultAdminObjectId')]",
"tenantId": "[parameters('tenantId')]",
"permissions": {
"keys": "[variables('keyPermissions')]",
"secrets": "[variables('secretsPermissions')]",
"certificates": "[variables('certPermissions')]"
}
}
],
"tenantid": "[parameters('tenantId')]",
"sku": {
"family": "A",
"name": "[variables('keyVaultSku')]"
}
}
},
{
"name": "[variables('mysqlServerName')]",
"type": "Microsoft.DBforMySQL/servers",
"apiVersion": "2017-12-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "GP_Gen5_2",
"tier": "GeneralPurpose",
"capacity": 2,
"size": "51200",
"family": "Gen5"
},
"kind": "",
"properties": {
"createMode": "Default",
"version": "5.7",
"administratorLogin": "[parameters('vmAdminUsername')]",
"administratorLoginPassword": "[parameters('vmAdminPassword')]",
"sslEnforcement": "Disabled",
"storageProfile": {
"storageMB": 51200,
"backupRetentionDays": 7,
"geoRedundantBackup": "Disabled"
}
}
},
{
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "[variables('dnsApiVersion')]",
"name": "[variables('keyVaultPrivateDnsZone')]",
"location": "global"
},
{
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "[variables('dnsApiVersion')]",
"name": "[variables('msSqlPrivateDnsZone')]",
"location": "global"
},
{
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "[variables('dnsApiVersion')]",
"name": "[variables('appPrivateDnsZone')]",
"location": "global"
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "[variables('networkApiVersion')]",
"name": "[variables('uniqueKvPrivateEndpointName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateDnsZones', variables('keyVaultPrivateDnsZone'))]",
"[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]"
],
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('spokeVnetName'), variables('supportSubnetName'))]"
},
"privateLinkServiceConnections": [
{
"name": "[variables('uniqueKvPlConnName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]",
"groupIds": [
"Vault"
]
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "[variables('networkApiVersion')]",
"name": "[concat(variables('uniqueKvPrivateEndpointName'),'/default')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateDnsZones', variables('keyVaultPrivateDnsZone'))]",
"[resourceId('Microsoft.Network/privateEndpoints' , variables('uniqueKvPrivateEndpointName'))]"
],
"properties": {
"privateDnsZoneConfigs": [
{
"name": "config1",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', variables('keyVaultPrivateDnsZone'))]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "[variables('dnsApiVersion')]",
"name": "[concat(variables('keyVaultPrivateDnsZone'), '/', variables('keyVaultPrivateZoneLinkName'))]",
"location": "global",
"dependsOn": [
"[concat('Microsoft.Network/privateEndpoints/',variables('uniqueKvPrivateEndpointName'))]"
],
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('hubVnetName'))]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "[variables('networkApiVersion')]",
"name": "[variables('uniqueSqlPrivateEndpointName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateDnsZones', variables('msSqlPrivateDnsZone'))]",
"[resourceId('Microsoft.DBforMySQL/servers', variables('mysqlServerName'))]"
],
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('spokeVnetName'), variables('dataSubnetName'))]"
},
"privateLinkServiceConnections": [
{
"name": "[variables('uniqueSqlPlConnName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DBforMySQL/servers', variables('mysqlServerName'))]",
"groupIds": [
"mysqlServer"
]
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "[variables('networkApiVersion')]",
"name": "[concat(variables('uniqueSqlPrivateEndpointName'),'/default')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateDnsZones', variables('msSqlPrivateDnsZone'))]",
"[resourceId('Microsoft.Network/privateEndpoints' , variables('uniqueSqlPrivateEndpointName'))]"
],
"properties": {
"privateDnsZoneConfigs": [
{
"name": "config1",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', variables('msSqlPrivateDnsZone'))]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "[variables('dnsApiVersion')]",
"name": "[concat(variables('msSqlPrivateDnsZone'), '/', variables('msSqlPrivateZoneLinkName'))]",
"location": "global",
"dependsOn": [
"[concat('Microsoft.Network/privateEndpoints/',variables('uniqueSqlPrivateEndpointName'))]"
],
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('hubVnetName'))]"
}
}
},
{
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "[variables('dnsApiVersion')]",
"name": "[concat(variables('appPrivateDnsZone'), '/', variables('appPrivateZoneLinkName'))]",
"location": "global",
"dependsOn": [
"[resourceId('Microsoft.Network/privateDnsZones', variables('appPrivateDnsZone') )]",
"[concat('Microsoft.Network/privateDnsZones/',variables('keyVaultPrivateDnsZone'),'/virtualNetworkLinks/',variables('keyVaultPrivateZoneLinkName'))]"
],
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('hubVnetName'))]"
}
}
},
{
"name": "[variables('bastionPublicIpName')]",
"type": "Microsoft.Network/publicIpAddresses",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"properties": {
"publicIpAllocationMethod": "Static"
},
"sku": {
"name": "Standard"
}
},
{
"name": "[variables('azFirewallPublicIpName')]",
"type": "Microsoft.Network/publicIpAddresses",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"properties": {
"publicIpAllocationMethod": "Static"
},
"sku": {
"name": "Standard"
}
},
{
"name": "[variables('azureFirewallName')]",
"type": "Microsoft.Network/azureFirewalls",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIpAddresses/', variables('azFirewallPublicIpName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('spokeVnetName'),'/virtualNetworkPeerings/',variables('spokeToHubPeeringName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('hubVnetName'),'/virtualNetworkPeerings/',variables('hubToSpokePeeringName'))]",
"[concat('Microsoft.Network/privateDnsZones/',variables('keyVaultPrivateDnsZone'),'/virtualNetworkLinks/',variables('keyVaultPrivateZoneLinkName'))]",
"[concat('Microsoft.Network/privateDnsZones/',variables('appPrivateDnsZone'),'/virtualNetworkLinks/',variables('appPrivateZoneLinkName'))]"
],
"zones": [
"1"
],
"properties": {
"networkRuleCollections": [
{
"name": "VmAppAccess",
"properties": {
"priority": 100,
"action": {
"type": "Allow"
},
"rules": [
{
"name": "AllowVMAppAccess",
"description": "Allows VM in hub to call web Spring Apps direct",
"protocols": [
"TCP"
],
"sourceAddresses": [
"[variables('hubSharedServicesCidr')]"
],
"destinationAddresses": [
"[variables('spokeAppSubnetCidr')]"
],
"destinationPorts": [
"80",
"443"
]
}
]
}
},
{
"name": "VmInternetAccess",
"properties": {
"priority": 101,
"action": {
"type": "Allow"
},
"rules": [
{
"name": "AllowVMAppAccess",
"description": "Allows VM access to the web",
"protocols": [
"TCP"
],
"sourceAddresses": [
"[variables('hubSharedServicesCidr')]"
],
"destinationAddresses": [
"*"
],
"destinationPorts": [
"80",
"443"
]
},
{
"name": "AllowKMSActivation",
"description": "Allows VM acess to KMS servers",
"protocols": [
"TCP"
],
"sourceAddresses": [
"[variables('hubSharedServicesCidr')]"
],
"destinationFqdns": [
"kms.core.windows.net"
],
"destinationPorts": [
"1688"
]
}
]
}
},
{
Rename to spring apps
2023-03-06 06:31:20 +03:00
"name": "SpringAppsAccess",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"properties": {
"priority": 102,
"action": {
"type": "Allow"
},
"rules": [
{
"name": "SpringMgmt",
Rename to spring apps
2023-03-06 06:31:20 +03:00
"description": "Allows access to Spring Apps Management plane",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"protocols": [
"TCP"
],
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"destinationAddresses": [
"AzureCloud"
],
"destinationPorts": [
"443"
]
},
{
"name": "KubernetesMgmtTcp",
"description": "Allows underlining Kubernetes cluster management for TCP traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"destinationAddresses": [
"AzureCloud"
],
"destinationPorts": [
"9000"
]
},
{
"name": "KubernetesMgmtUdp",
"description": "Allows underlining Kubernetes cluster management for UDP traffic",
"protocols": [
"UDP"
],
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"destinationAddresses": [
"AzureCloud"
],
"destinationPorts": [
"1194"
]
},
{
"name": "AzureContainerRegistery",
"description": "Allows access to Azure Container Registery",
"protocols": [
"TCP"
],
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"destinationAddresses": [
"AzureContainerRegistry"
],
"destinationPorts": [
"443"
]
},
{
"name": "AzureStorage",
"description": "Allows access to Azure File Storage",
"protocols": [
"TCP"
],
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"destinationAddresses": [
"Storage"
],
"destinationPorts": [
"445"
]
},
{
"name": "NtpQuery",
"description": "Allows access of nodes for NTP to Ubuntu time servers",
"protocols": [
"UDP"
],
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"destinationAddresses": [
"*"
],
"destinationPorts": [
"123"
]
}
]
}
}
],
"applicationRuleCollections": [
{
Rename to spring apps
2023-03-06 06:31:20 +03:00
"name": "AllowSpringAppsWebAccess",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"properties": {
"priority": 100,
"action": {
"type": "Allow"
},
"rules": [
{
"name": "AllowAks",
"description": "Allow access for Azure Kubernetes Service",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"fqdnTags": [
"AzureKubernetesService"
]
},
{
"name": "AllowKubMgmt",
"description": "Allow access for Kubernetes Cluster Management",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"targetFqdns": [
"*.azmk8s.io",
"management.azure.com"
]
},
{
"name": "AllowMCR",
"description": "Allow access to Microsoft Container Registry",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"targetFqdns": [
"mcr.microsoft.com"
]
},
{
"name": "AllowMCRStorage",
"description": "Allow access to Microsoft Container Registry storage backed by CDN",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"targetFqdns": [
"*.cdn.mscr.io",
"*.data.mcr.microsoft.com"
]
},
{
"name": "AllowAzureAd",
"description": "Allow access to Azure AD for authentication",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"targetFqdns": [
"login.microsoftonline.com"
]
},
{
"name": "AllowMSPackRepo",
"description": "Allow access to Microsoft package repository",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"targetFqdns": [
"packages.microsoft.com",
"acs-mirror.azureedge.net"
]
},
{
"name": "AllowGitHub",
"description": "Allow GitHub",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"targetFqdns": [
"github.com"
]
},
{
"name": "AllowDocker",
"description": "Allow Docker",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"targetFqdns": [
"*.docker.io",
"*.docker.com"
]
},
{
"name": "AllowSnapcraft",
"description": "Allow Snapcraft",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"targetFqdns": [
"api.snapcraft.io"
]
},
{
"name": "AllowClamAv",
"description": "Allow ClamAv",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"targetFqdns": [
"database.clamav.net"
]
},
{
"name": "Allow*UbuntuMisc",
"description": "Allow Ubuntu Misc",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"targetFqdns": [
"motd.ubuntu.com"
]
},
{
"name": "MsCrls",
"description": "Allows access to Microsoft CRL distribution points",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Http",
"port": "80"
}
],
"targetFqdns": [
"crl.microsoft.com",
"mscrl.microsoft.com"
]
},
{
"name": "AllowDigiCerty",
"description": "Allows access to Microsoft CRL distribution points",
"sourceAddresses": [
"[variables('spokeRuntimeSubnetCidr')]",
"[variables('spokeAppSubnetCidr')]"
],
"protocols": [
{
"protocolType": "Http",
"port": "80"
}
],
"targetFqdns": [
"crl3.digicert.com",
"crl4.digicert.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('hubVnetName'), 'AzureFirewallSubnet')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIpAddresses', variables('azFirewallPublicIpName'))]"
}
}
}
],
"threatIntelMode": "Alert",
"sku": {
"name": "AZFW_VNet",
"tier": "Standard"
},
"additionalProperties": {
"Network.DNS.EnableProxy": "true"
}
}
},
{
"name": "[concat(variables('azureFirewallName'),'/microsoft.insights/diag')]",
"type": "Microsoft.Network/azureFirewalls/providers/diagnosticSettings",
"apiVersion": "[variables('diagApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[concat('Microsoft.Network/azureFirewalls/',variables('azureFirewallName'))]",
"[concat('Microsoft.OperationalInsights/workspaces/', variables('laWorkspaceName'))]"
],
"properties": {
"name": "SendToWorkspace",
"workspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces',variables('laWorkspaceName'))]",
"logs": [
{
"category": "AzureFirewallApplicationRule",
"enabled": true
},
{
"category": "AzureFirewallNetworkRule",
"enabled": true
},
{
"category": "AzureFirewallDnsProxy",
"enabled": true
}
],
"metrics": [
{
"category": "AllMetrics",
"enabled": true
}
]
},
"resources": [
]
},
{
Modified - Added separate route tables for app and runtime
2021-03-08 04:50:42 +03:00
"name": "[variables('spokeRuntimeRouteTable')]",
"type": "Microsoft.Network/routeTables",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[concat('Microsoft.Network/azureFirewalls/',variables('azureFirewallName'))]"
],
"properties": {
"routes": [
{
"name": "udr-default",
"properties": {
"addressPrefix": "0.0.0.0/0",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "[reference(variables('azureFirewallName')).ipConfigurations[0].properties.privateIPAddress]"
}
}
],
"disableBgpRoutePropagation": "False"
},
"resources": [
]
},
{
"name": "[variables('spokeAppRouteTable')]",
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"type": "Microsoft.Network/routeTables",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[concat('Microsoft.Network/azureFirewalls/',variables('azureFirewallName'))]"
],
"properties": {
"routes": [
{
"name": "udr-default",
"properties": {
"addressPrefix": "0.0.0.0/0",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "[reference(variables('azureFirewallName')).ipConfigurations[0].properties.privateIPAddress]"
}
}
],
"disableBgpRoutePropagation": "False"
},
"resources": [
]
},
{
"name": "[variables('deployDnsSpokeRouteSettings')]",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"type": "Microsoft.Resources/deployments",
"apiVersion": "[variables('resourceDeploymentsApiVersion')]",
"dependsOn": [
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"[concat('Microsoft.Network/azureFirewalls/',variables('azureFirewallName'))]",
Modified - Added separate route tables for app and runtime
2021-03-08 04:50:42 +03:00
"[concat('Microsoft.Network/routeTables/',variables('spokeRuntimeRouteTable'))]",
"[concat('Microsoft.Network/routeTables/',variables('spokeAppRouteTable'))]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('spokeVnetName')]",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('spokeCidr')]"
]
},
"subnets": [
{
"name": "[variables('runtimeSubnetName')]",
"properties": {
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"addressPrefix": "[variables('spokeRuntimeSubnetCidr')]",
"routeTable": {
Modified - Added separate route tables for app and runtime
2021-03-08 04:50:42 +03:00
"id": "[resourceId('Microsoft.Network/routeTables',variables('spokeRuntimeRouteTable'))]"
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
},
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeRuntime'))]"
}
Initial ARM Template
2020-12-11 22:40:26 +03:00
}
},
{
"name": "[variables('appSubnetName')]",
"properties": {
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"addressPrefix": "[variables('spokeAppSubnetCidr')]",
"routeTable": {
Modified - Added separate route tables for app and runtime
2021-03-08 04:50:42 +03:00
"id": "[resourceId('Microsoft.Network/routeTables',variables('spokeAppRouteTable'))]"
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
},
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgSpokeApp'))]"
}
Initial ARM Template
2020-12-11 22:40:26 +03:00
}
},
{
"name": "[variables('supportSubnetName')]",
"properties": {
"addressPrefix": "[variables('spokeSupportSubnetCidr')]",
"privateEndpointNetworkPolicies": "Disabled"
}
},
{
"name": "[variables('dataSubnetName')]",
"properties": {
"addressPrefix": "[variables('spokeDataSubnetCidr')]",
"privateEndpointNetworkPolicies": "Disabled"
}
}
],
"enableDdosProtection": "[variables('ddosStandardProtection')]",
"dhcpOptions": {
"dnsServers": [
"[reference(variables('azureFirewallName')).ipConfigurations[0].properties.privateIPAddress]"
]
}
},
"resources": [
]
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('hubVnetName')]",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('hubCidr')]"
]
},
"subnets": [
{
"name": "GatewaySubnet",
"properties": {
"addressPrefix": "[variables('hubGatewaySubnetCidr')]"
}
},
{
"name": "AzureFirewallSubnet",
"properties": {
"addressPrefix": "[variables('hubFirewallSubnetCidr')]"
}
},
{
"name": "AzureBastionSubnet",
"properties": {
"addressPrefix": "[variables('hubBastionSubnetCidr')]"
}
},
{
"name": "[variables('sharedServicesSubnetName')]",
"properties": {
"addressPrefix": "[variables('hubSharedServicesCidr')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgHubShared'))]"
}
}
},
{
"name": "[variables('appGatewaySubnetName')]",
"properties": {
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"addressPrefix": "[variables('hubAppGatewayCidr')]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
}
}
],
"enableDdosProtection": "[variables('ddosStandardProtection')]",
"dhcpOptions": {
"dnsServers": [
"[reference(variables('azureFirewallName')).ipConfigurations[0].properties.privateIPAddress]"
]
}
},
"resources": [
]
}
]
}
}
},
Modified - Added role authorizations for route table
2021-03-08 05:04:34 +03:00
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "[variables('azureRbacApiVersion')]",
"name": "[parameters('roleGuidAppRouteTableName')]",
"scope": "[concat('Microsoft.Network/routeTables', '/', variables('spokeAppRouteTable'))]",
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('spokeAppRouteTable'))]"
],
"properties": {
"roleDefinitionId": "[variables('ownerDefinitionId')]",
Rename to spring apps
2023-03-06 06:31:20 +03:00
"principalId": "[parameters('springAppsPrincipalObjectId')]"
Modified - Added role authorizations for route table
2021-03-08 05:04:34 +03:00
}
},
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "[variables('azureRbacApiVersion')]",
"name": "[parameters('roleGuidRuntimeRouteTableName')]",
"scope": "[concat('Microsoft.Network/routeTables', '/', variables('spokeRuntimeRouteTable'))]",
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('spokeRuntimeRouteTable'))]"
],
"properties": {
"roleDefinitionId": "[variables('ownerDefinitionId')]",
Rename to spring apps
2023-03-06 06:31:20 +03:00
"principalId": "[parameters('springAppsPrincipalObjectId')]"
Modified - Added role authorizations for route table
2021-03-08 05:04:34 +03:00
}
},
Initial ARM Template
2020-12-11 22:40:26 +03:00
{
"apiVersion": "[variables('springApiVersion')]",
Rename to spring apps
2023-03-06 06:31:20 +03:00
"name": "[variables('springAppsInstanceName')]",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[resourceId('Microsoft.OperationalInsights/workspaces', variables('laWorkspaceName'))]",
"[resourceId('Microsoft.Insights/components', variables('appInsightsName'))]",
"[resourceId('Microsoft.Network/azureFirewalls', variables('azureFirewallName'))]",
Modified - Added role authorizations for route table
2021-03-08 05:04:34 +03:00
"[concat('Microsoft.Resources/deployments/', variables('deployDnsSpokeRouteSettings'))]",
"[concat('Microsoft.Authorization/roleAssignments/', parameters('roleGuidAppRouteTableName'))]",
"[concat('Microsoft.Authorization/roleAssignments/', parameters('roleGuidRuntimeRouteTableName'))]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
],
"type": "Microsoft.AppPlatform/Spring",
"sku": {
Rename to spring apps
2023-03-06 06:31:20 +03:00
"name": "[variables('springAppsSkuName')]",
"tier": "[variables('springAppsSkuTier')]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
},
"properties": {
"networkProfile": {
Rename to spring apps
2023-03-06 06:31:20 +03:00
"serviceCidr": "[variables('springAppsServiceCidrs')]",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"serviceRuntimeSubnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('spokeVnetName'), variables('runtimeSubnetName'))]",
"appSubnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('spokeVnetName'), variables('appSubnetName'))]"
}
}
},
{
"apiVersion": "[variables('springApiVersion')]",
Rename to spring apps
2023-03-06 06:31:20 +03:00
"name": "[concat(variables('springAppsInstanceName'), '/default')]",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"type": "Microsoft.AppPlatform/Spring/monitoringSettings",
"properties": {
"traceEnabled": true,
"appInsightsInstrumentationKey": "[reference(resourceId('Microsoft.Insights/components', variables('appInsightsName')), variables('appInsightsApiVersion')).InstrumentationKey]"
},
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', variables('hubVnetName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', variables('spokeVnetName'))]",
Rename to spring apps
2023-03-06 06:31:20 +03:00
"[resourceId('Microsoft.AppPlatform/Spring', variables('springAppsInstanceName'))]",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"[resourceId('Microsoft.Insights/components', variables('appInsightsName'))]"
]
},
{
"type": "Microsoft.AppPlatform/Spring/providers/diagnosticSettings",
Rename to spring apps
2023-03-06 06:31:20 +03:00
"name": "[concat(variables('springAppsInstanceName'), '/Microsoft.Insights/monitoring')]",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"dependsOn": [
Rename to spring apps
2023-03-06 06:31:20 +03:00
"[resourceId('Microsoft.AppPlatform/Spring', variables('springAppsInstanceName'))]",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"[resourceId('Microsoft.OperationalInsights/workspaces', variables('laWorkspaceName'))]"
],
"apiVersion": "[variables('diagApiVersion')]",
"properties": {
"name": "monitoring",
"workspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('laWorkspaceName'))]",
"logs": [
{
"category": "ApplicationConsole",
"enabled": true,
"retentionPolicy": {
"days": 30,
"enabled": false
}
}
]
}
},
{
"name": "[variables('hubRouteTable')]",
"type": "Microsoft.Network/routeTables",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[concat('Microsoft.Network/azureFirewalls/',variables('azureFirewallName'))]"
],
"properties": {
"routes": [
{
"name": "udr-default",
"properties": {
"addressPrefix": "0.0.0.0/0",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "[reference(variables('azureFirewallName')).ipConfigurations[0].properties.privateIPAddress]"
}
}
],
"disableBgpRoutePropagation": "False"
},
"resources": [
]
},
{
"name": "[variables('deployRouteAssign')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "[variables('resourceDeploymentsApiVersion')]",
"dependsOn": [
Rename to spring apps
2023-03-06 06:31:20 +03:00
"[concat('Microsoft.AppPlatform/Spring/', variables('springAppsInstanceName'))]",
Initial ARM Template
2020-12-11 22:40:26 +03:00
"[concat('Microsoft.Network/routeTables/', variables('hubRouteTable'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "[concat(variables('hubVnetName'),'/',variables('sharedServicesSubnetName'))]",
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "[variables('networkApiVersion')]",
"properties": {
"addressPrefix": "[variables('hubSharedServicesCidr')]",
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables',variables('hubRouteTable'))]"
},
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgHubShared'))]"
}
}
}
]
}
}
},
{
"name": "[variables('hubVmName')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "[variables('resourceDeploymentsApiVersion')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('hubVnetName'))]",
"[concat('Microsoft.Network/azureFirewalls/', variables('azureFirewallName'))]",
"[concat('Microsoft.OperationalInsights/workspaces/', variables('laWorkspaceName'))]",
"[concat('Microsoft.Resources/deployments/', variables('deployRouteAssign'))]"
],
"properties": {
"mode": "Incremental",
"parameters": {
"tagValues": {
"value": "[parameters('tags')]"
},
"vmName": {
"value": "[variables('hubVmName')]"
},
"vnetName": {
"value": "[variables('hubVnetName')]"
},
"subnetName": {
"value": "[variables('sharedServicesSubnetName')]"
},
"virtualMachineSize": {
"value": "[variables('vmSku')]"
},
"adminUserName": {
"value": "[parameters('vmAdminUsername')]"
},
"adminPassword": {
"value": "[parameters('vmAdminPassword')]"
},
"myWorkspaceId": {
"value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces',variables('laWorkspaceName')), '2015-03-20').customerId]"
},
"myWorkspaceKey": {
"value": "[listKeys(resourceId('Microsoft.OperationalInsights/workspaces',variables('laWorkspaceName')), '2015-03-20').primarySharedKey]"
}
},
Updating Template
2020-12-17 00:55:40 +03:00
"templateLink": {
Merge branch 'terraform-changes' into main Removed stale commit from local branch to match last main commit.
2020-12-18 22:51:56 +03:00
Updating ARM VM Jump VM image to 2019 and deploying Spring Cloud Dependancy tools via VM EXT
2021-02-10 18:19:34 +03:00
"uri": "https://raw.githubusercontent.com/Azure/azure-spring-cloud-reference-architecture/main/ARM/resources/deploy-vm-2019.json",
Merge branch 'terraform-changes' into main Removed stale commit from local branch to match last main commit.
2020-12-18 22:51:56 +03:00
Updating Template
2020-12-17 00:55:40 +03:00
"contentVersion": "1.0.0.0"
}
Initial ARM Template
2020-12-11 22:40:26 +03:00
}
},
{
"name": "[variables('bastionName')]",
"type": "Microsoft.Network/bastionHosts",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIpAddresses/',variables('bastionPublicIpName'))]",
"[concat('Microsoft.Network/virtualNetworks/',variables('hubVnetName'))]",
"[concat('Microsoft.Resources/deployments/',variables('hubVmName'))]"
],
"tags": "[parameters('tags')]",
"properties": {
"ipConfigurations": [
{
"name": "bastionConfig",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('hubVnetName'), 'AzureBastionSubnet')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIpAddresses', variables('bastionPublicIpName'))]"
},
"privateIPAllocationMethod": "Dynamic"
}
}
]
}
},
{
"name": "[variables('deployDnsARecord')]",
"apiVersion": "[variables('resourceDeploymentsApiVersion')]",
"type": "Microsoft.Resources/deployments",
"dependsOn": [
Modified - Added NSGs for runtime/app and support for BYO route table
2021-03-08 04:36:22 +03:00
"[concat('Microsoft.Resources/deployments/', variables('deployDnsSpokeRouteSettings'))]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
],
"properties": {
"mode": "Incremental",
"expressionEvaluationOptions": {
"scope": "inner"
},
"parameters": {
"networkApiVersion": {
"value": "[variables('networkApiVersion')]"
},
"dnsApiVersion": {
"value": "[variables('dnsApiVersion')]"
},
"springInstanceRg": {
Rename to spring apps
2023-03-06 06:31:20 +03:00
"value": "[reference(variables('springAppsInstanceName')).networkProfile.serviceRuntimeNetworkResourceGroup]"
Initial ARM Template
2020-12-11 22:40:26 +03:00
},
"appPrivateDnsZone": {
"value": "[variables('appPrivateDnsZone')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"networkApiVersion": {
"type": "string"
},
"dnsApiVersion": {
"type": "string"
},
"springInstanceRg": {
"type": "string"
},
"appPrivateDnsZone": {
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.Network/privateDnsZones/A",
"apiVersion": "[parameters('dnsApiVersion')]",
"name": "[concat(parameters('appPrivateDnsZone'), '/*')]",
"location": "global",
"properties": {
"ttl": 3600,
"aRecords": [
{
"ipv4Address": "[reference(resourceId(parameters('springInstanceRg'),'Microsoft.Network/loadBalancers','kubernetes-internal'), parameters('networkApiVersion')).frontendIPConfigurations[0].properties.privateIpAddress]"
}
]
}
}
]
}
}
}
],
"outputs": {
}
}