5888a7db86
|
||
|---|---|---|
| .devcontainer | ||
| .github | ||
| bicep | ||
| charts | ||
| docs | ||
| scripts | ||
| software | ||
| stamp | ||
| .editorconfig | ||
| .eslintrc.js | ||
| .gitattributes | ||
| .gitignore | ||
| .prettierignore | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| README.md | ||
| SECURITY.md | ||
| SUPPORT.md | ||
| azure.yaml | ||
| bicepconfig.json | ||
| package-lock.json | ||
| package.json | ||
| parameters.json | ||
| ps-rule.yaml | ||
README.md
OSDU Bicep
This project is used to host Bicep infrastructure that can be used in deploying OSDU on Azure.
Project Principals
The guiding principal we have with this project is to focus on the the downstream use of the project (see releases) The goal is to work on infrastructure in a manner that other components can consume infrastructure as code. As such, these are our specific practices.
- Deploy all components through a single, modular, idempotent bicep template Converge on a single bicep template, which can easily be consumed
- Provide best-practice defaults, then use parameters for flagging on additional options.
- Minimize "manual" steps for ease of automation
- Maintain quality through validation & CI/CD pipelines
Modules
Below is a table containing all published modules. Each version badge shows the latest version of the corresponding module.
| Module | Version | Docs |
|---|---|---|
public/app-configuration |
 |
🦾 Code | 📃 Readme |
public/azure-keyvault |
 |
🦾 Code | 📃 Readme |
public/container-registry |
 |
🦾 Code | 📃 Readme |
public/cosmos-db |
 |
🦾 Code | 📃 Readme |
public/log-analytics |
|
🦾 Code | 📃 Readme |
public/private-endpoint |
|
🦾 Code | 📃 Readme |
public/service-bus |
 |
🦾 Code | 📃 Readme |
public/storage-account |
 |
🦾 Code | 📃 Readme |
public/user-managed-identity |
 |
🦾 Code | 📃 Readme |
public/virtual-network |
 |
🦾 Code | 📃 Readme |
Solution
This is a sample module showing the usage of the modules and how a solution can be configured.
Features
Register the AzureServiceMeshPreview feature flag by using the az feature register command:
az feature register --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview"
It takes a few minutes for the feature to register. Verify the registration status by using the az feature show command:
az feature show --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview"
When the status reflects Registered, refresh the registration of the Microsoft.ContainerService resource provider by using the az provider register command:
az provider register --namespace Microsoft.ContainerService
Setup
Login
Log into the Azure CLI from a command line and set the subscription.
az login
azd auth login # (Optional) --use-device-code
az account set --subscription <your_subscription_id>
Environment Variables
An environment must be created using the following environment variables.
| Variable | Purpose |
|---|---|
| AZURE_SUBSCRIPTION_ID | The Azure Subscription (GUID) |
| AZURE_LOCATION | The Azure Region |
| AZURE_CLIENT_ID | Azure AD Application Client Id (GUID) |
| ENABLE_PRIVATE_ACCESS | Feature Flag - Private Access |
APP_NAME= # <-- <your_ad_application_name>
AZURE_LOCATION=eastus
azd init -e dev
azd env set AZURE_SUBSCRIPTION_ID $(az account show --query id -otsv)
azd env set AZURE_LOCATION $AZURE_LOCATION
azd env set AZURE_CLIENT_ID $(az ad app list --display-name $APP_NAME --query "[].appId" -otsv)
# Solution Uses Resource Group Scoped deployments
azd config set alpha.resourceGroupDeployments on # Enable Alpha Feature
# Feature Switches
azd env set ENABLE_BASTION false # Enable Bastion Host (Beta)
azd env set ENABLE_VPN_GATEWAY false # Enable Site to Site VPN (Alpha)
azd env set VPN_SHARED_KEY <your_shared_key> # if ENABLE_VPN_GATEWAY then Shared Secret
azd env set REMOTE_VPN_PREFIX # if ENABLE_VPN_GATEWAY then Remote IP CIDR
azd env set ENABLE_PRIVATE_LINK false # Enable Private Link Services (Alpha)
Workspace
The workspace is brought online using the azure developer cli
| Action | Command |
|---|---|
| Start | azd up |
| Stop | azd down --purge --force |
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Trademarks
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.