Azure
/
ipam
зеркало из https://github.com/Azure/ipam.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Updated some steps and wording in the deployment doc

This commit is contained in:
Matthew Garrett 2023-01-15 23:42:55 -08:00
Родитель 5dc67f6d8f
Коммит 7e181d7242
3 изменённых файлов: 114 добавлений и 23 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
.vscode/settings.json поставляемый
Просмотреть файл

@ -6,5 +6,6 @@
},
"[javascript]": {
"editor.tabSize": 2
}
},
"editor.wordWrap": "off"
}

19
docs/README.md
Просмотреть файл

@ -16,7 +16,7 @@ IPAM was developed to give customers a simple, straightforward way to manage the
| ![IPAM Architecture](./images/ipam_architecture_full.png ':size=70%') | ![IPAM Architecture](./images/ipam_architecture_function.png ':size=70%') |
## IPAM Infrastructure
The IPAM solution is comprised of containers running on Azure App Services. IPAM can also be deployed in an API-only fashion with an Azure Function if no UI is required (e.g. pure IaC model). The containers are built and published to a public Azure Container Registry (ACR), but you may also choose to build your own containers and host them in your own registry. More details on this can be found in the [Contributing](./contributing/README.md) section. All of the supporting infrastructure is deployed and runs within your Azure Tenant, none of the resources are shared with other IPAM users (outside of the public ACR).
The IPAM solution is comprised of containers running on Azure App Services. IPAM can also be deployed in an API-only fashion with an Azure Function if no UI is required (e.g. pure IaC model). The containers are built and published to a public Azure Container Registry (ACR), but you may also choose to build your own containers and host them in a Private Container Registry. More details on this can be found in the [Deployment](./deployment/README.md) section. All of the supporting infrastructure is deployed and runs within your Azure Tenant, none of the resources are shared with other IPAM users (outside of the publicly hosted ACR).
Here is a more specific breakdown of the components used:
@ -31,13 +31,12 @@ Here is a more specific breakdown of the components used:
- Authentication point for the IPAM UI ([auth code](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow) flow)
- **Resource Group**
- House all Azure infrastructure related resources
- **App Service Plan with App Service**
- Run the IPAM Engine & UI containers or...
- **App Service Plan with Function App**
- **App Service Plan with App Service** *(Full Deployment only)*
- Run the IPAM Engine, UI, and Load Balancer containers as a multi-container App Service
- **App Service Plan with Function App** *(Function Deployment only)*
- Run IPAM Engine as an Azure Function
- **Storage Account with Blob Container**
- When deployed as an App Service, this account stores the NGINX related configuration data
- When deployed as an Azure Function, this account stores the Function metadata
- **Storage Account with Blob Container** *(Function Deployment only)*
- This account stores the Function metadata
- **Cosmos DB**
- Backend NoSQL datastore for the IPAM application
- **KeyVault**
@ -50,7 +49,7 @@ Here is a more specific breakdown of the components used:
## How IPAM Works
As mentioned above, the IPAM application is made up of two containers, one that runs the front end user interface, and the other that runs the backend engine. IPAM has been designed as such to accommodate the following use cases...
As mentioned above, the IPAM application is made up of two containers, one that runs the front end user interface, and the other that runs the backend engine. For the *Full* deployment, there is also a Load Balancer container running [NGINX](https://www.nginx.com/) for path-based routing. IPAM has been designed as such to accommodate the following use cases...
- A user interface is not needed or you plan on providing your own user interface (API-only)
- You plan on interfacing with IPAM exclusively via the RESTful API
@ -58,8 +57,8 @@ As mentioned above, the IPAM application is made up of two containers, one that
## User Interface
The front end is written in [React](https://reactjs.org/) and we leverage the [Material UI](https://mui.com/) for the UI components. The UI handles AuthN/AuthZ with AzureAD via [MSAL](https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-overview), and manages token acquisition & refresh for communication to the backend Engine API (on your behalf).
The front end is written in [React](https://reactjs.org/) and leverages the [Material UI](https://mui.com/) for the UI components. The UI handles AuthN/AuthZ with AzureAD via [MSAL](https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-overview), and manages token acquisition & refresh for communication to the backend Engine API (on your behalf).
## Backend Engine
The engine is written in [Python](https://www.python.org/) and we leverage the [FastAPI Framework](https://fastapi.tiangolo.com/) for building the APIs. It handles interfacing with Azure Resource Graph on the user's behalf to gather information about various Azure Networking related resources, and their states.
The engine is written in [Python](https://www.python.org/) and leverages the [FastAPI Framework](https://fastapi.tiangolo.com/) for building the APIs. It handles interfacing with Azure Resource Graph on the user's behalf to gather information about various Azure Networking related resources, and their states.

115
docs/deployment/README.md
Просмотреть файл

@ -125,14 +125,16 @@ You have the ability to pass optional flags to the deployment script:
| `-UIAppName <name>` | Changes the name of the UI app registration |
| `-EngineAppName <name>` | Changes the name of the Engine app registration |
| `-Tags @{<tag> = '<value>'; <tag> = '<value>'}` | Attaches the hashtable as tags on the deployed IPAM resource group |
| `-ResourceNames @{<resource1> = '<name>'; <resource2> = '<name>'}` | Overrides default resource names with custom names **<sup>1</sup>** |
| `-NamePrefix <prefix>` | Replaces the default resource prefix of "ipam" with an alternative prefix **<sup>2</sup>** |
| `-ResourceNames @{<resource1> = '<name>'; <resource2> = '<name>'}` | Overrides default resource names with custom names **<sup>1,2</sup>** |
| `-NamePrefix <prefix>` | Replaces the default resource prefix of "ipam" with an alternative prefix **<sup>3</sup>** |
| `-AsFunction` | Deploys the engine container only to an Azure Function |
| `-PrivateACR` | Deploys a private Azure Container Registry and builds the IPAM containers |
> **NOTE 1:** This must include ALL resource names as shown below. Please review the [Naming Rules And Restrictions For Azure Resources](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules) documentation to ensure your custom names are compliant and unique.
> **NOTE 1:** The required values will vary based on the deployment type.
> **NOTE 2:** Maximum of seven (7) characters. This is because the prefix is used to generate names for several different Azure resource types with varying maximum lengths.
> **NOTE 2:** This must include ALL required resource names as shown below. Please review the [Naming Rules And Restrictions For Azure Resources](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules) documentation to ensure your custom names are compliant and unique.
> **NOTE 3:** Maximum of seven (7) characters. This is because the prefix is used to generate names for several different Azure resource types with varying maximum lengths.
**Customize the name of the App Registrations:**
@ -188,14 +190,56 @@ $ResourceNames = @{
workspaceName = 'myworkspace01'
managedIdentityName = 'mymanagedid01'
resourceGroupName = 'myresourcegroup01'
storageAccountName = 'mystorageaccount01'
}
./deploy.ps1 `
-Location "westus3" `
-ResourceNames $ResourceNames
```
**Override default resource names with custom resource names and deploy as an Azure Function:**
```powershell
$ResourceNames = @{
appServiceName = 'myappservice01'
appServicePlanName = 'myappserviceplan01'
cosmosAccountName = 'mycosmosaccount01'
cosmosContainerName = 'mycontainer01'
cosmosDatabaseName = 'mydatabase01'
keyVaultName = 'mykeyvault01'
workspaceName = 'myworkspace01'
managedIdentityName = 'mymanagedid01'
resourceGroupName = 'myresourcegroup01'
containerRegistryName = 'mycontainerregistry01'
}
./deploy.ps1 `
-Location "westus3" `
-ResourceNames $ResourceNames
```
-PrivateACR
```
**Override default resource names with custom resource names and use a private Container Registry:**
```powershell
$ResourceNames = @{
functionName = 'myfunction01'
appServicePlanName = 'myappserviceplan01'
cosmosAccountName = 'mycosmosaccount01'
cosmosContainerName = 'mycontainer01'
cosmosDatabaseName = 'mydatabase01'
keyVaultName = 'mykeyvault01'
workspaceName = 'myworkspace01'
managedIdentityName = 'mymanagedid01'
resourceGroupName = 'myresourcegroup01'
storageAccountName = 'mystorageaccount01'
}
./deploy.ps1 `
-Location "westus3" `
-ResourceNames $ResourceNames
-AsFunction
```
## App Registration Only Deployment
@ -249,13 +293,15 @@ You have the ability to pass optional flags to the deployment script:
| Parameter | Description |
| :---------------------------------------------- | :------------------------------------------------------------------------ |
| `-Tags @{<tag> = '<value>'; <tag> = '<value>'}` | Attaches the hashtable as tags on the deployed IPAM resource group |
| `-ResourceNames @{<resource1> = '<name>'; <resource2> = '<name>'}` | Overrides default resource names with custom names **<sup>1</sup>** |
| `-NamePrefix <prefix>` | Replaces the default resource prefix of "ipam" with an alternative prefix **<sup>2</sup>** |
| `-ResourceNames @{<resource1> = '<name>'; <resource2> = '<name>'}` | Overrides default resource names with custom names **<sup>1,2</sup>** |
| `-NamePrefix <prefix>` | Replaces the default resource prefix of "ipam" with an alternative prefix **<sup>3</sup>** |
| `-PrivateACR` | Deploys a private Azure Container Registry and builds the IPAM containers |
> **NOTE 1:** This must include ALL resource names as shown below. Please review the [Naming Rules And Restrictions For Azure Resources](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules) documentation to ensure your custom names are compliant and unique.
> **NOTE 1:** The required values will vary based on the deployment type.
> **NOTE 2:** Maximum of seven (7) characters. This is because the prefix is used to generate names for several different Azure resource types with varying maximum lengths.
> **NOTE 2:** This must include ALL required resource names as shown below. Please review the [Naming Rules And Restrictions For Azure Resources](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules) documentation to ensure your custom names are compliant and unique.
> **NOTE 3:** Maximum of seven (7) characters. This is because the prefix is used to generate names for several different Azure resource types with varying maximum lengths.
**Add custom tags to the Azure resources:**
@ -297,7 +343,27 @@ $ResourceNames = @{
workspaceName = 'myworkspace01'
managedIdentityName = 'mymanagedid01'
resourceGroupName = 'myresourcegroup01'
storageAccountName = 'mystorageaccount01'
}
./deploy.ps1 `
-Location "westus3" `
-ParameterFile ./main.parameters.json `
-ResourceNames $ResourceNames
```
**Override default resource names with custom resource names and use a private Container Registry:**
```powershell
$ResourceNames = @{
appServiceName = 'myappservice01'
appServicePlanName = 'myappserviceplan01'
cosmosAccountName = 'mycosmosaccount01'
cosmosContainerName = 'mycontainer01'
cosmosDatabaseName = 'mydatabase01'
keyVaultName = 'mykeyvault01'
workspaceName = 'myworkspace01'
managedIdentityName = 'mymanagedid01'
resourceGroupName = 'myresourcegroup01'
containerRegistryName = 'mycontainerregistry01'
}
@ -305,4 +371,29 @@ $ResourceNames = @{
-Location "westus3" `
-ParameterFile ./main.parameters.json `
-ResourceNames $ResourceNames
```
-PrivateACR
```
**Override default resource names with custom resource names and deploy as an Azure Function:**
```powershell
$ResourceNames = @{
functionName = 'myappservice01'
appServicePlanName = 'myappserviceplan01'
cosmosAccountName = 'mycosmosaccount01'
cosmosContainerName = 'mycontainer01'
cosmosDatabaseName = 'mydatabase01'
keyVaultName = 'mykeyvault01'
workspaceName = 'myworkspace01'
managedIdentityName = 'mymanagedid01'
resourceGroupName = 'myresourcegroup01'
storageAccountName = 'mystorageaccount01'
}
./deploy.ps1 `
-Location "westus3" `
-ParameterFile ./main.parameters.json `
-ResourceNames $ResourceNames
```
> **NOTE:** Use this format when the `-AsFunction` flag was used during the *App Registration Only* step above