AKS Private cluster with Bicep

Question

Hello,

I have been trying to deploy aks private cluster using bicep template.

The configuration should include Azure CNI (Networking) with specific vnet/snet and Integration with ACR and Log analytics.

After searching for bicep sample template available on the internet all of these do not work .

////

param general object = {
location: resourceGroup().location
tags: {
LastUpdate: utcNow()
}
}
@description('Properties of the cluster.')
param aksPrivateCluster object = {}

//param loganalyticsWorkspace string/
resource rsrc_aks_private_cluster 'Microsoft.ContainerService/managedClusters@2022-04-02-preview' = {
name: aksPrivateCluster.name
location: general.location
tags: general.tags
sku: {
name: 'Basic'
tier: 'Paid'
}
identity: {
type: 'None'
}
properties: {
kubernetesVersion: '1.22.6'
dnsPrefix: '${aksPrivateCluster.name}-dns'
agentPoolProfiles: [
{
name: 'agentpool'
count: 7
vmSize: 'Standard_D4s_v3'
osDiskSizeGB: 128
osDiskType: 'Managed'
kubeletDiskType: 'OS'
// vnetSubnetID: resourceId('Microsoft.Network/virtualNetworks/subnets', 'clustervirtualNetwork', 'aks')

    maxPods: 110  
    type: 'VirtualMachineScaleSets'  
    availabilityZones: [  
      '1'  
      '2'  
      '3'  
    ]  
    maxCount: 10  
    minCount: 7  
    enableAutoScaling: true  
    powerState: {  
      code: 'Running'  
    }  
    orchestratorVersion: '1.22.6'  
    currentOrchestratorVersion: '1.22.6'  
    enableNodePublicIP: false  
    enableCustomCATrust: false  
  
    mode: 'System'  
    osType: 'Linux'  
    osSKU: 'Ubuntu'  
    enableFIPS: false  
  }  
]  
  
servicePrincipalProfile: {  
  clientId: 'msi'  
}  
addonProfiles: {  
  azureKeyvaultSecretsProvider: {  
    enabled: false  
  }  
  azurepolicy: {  
    enabled: false  
  }  
  httpApplicationRouting: {  
    enabled: false  
  }  
   
  }   
}

}

Answer

Hello @Niren Adhikary (NAD) ,
I was going through one of the below article where it has all the required configuration to create Private AKS cluster with Azure CNI integrated with LogAnalytics & ACR - can you please extract bits and pieces of that code ?
https://github.com/Welasco/Bicep

(I would suggest , take one step at a time while extracting from the above article and test it)

For example , I was able to create cluster with Private AKS , Azure CNI , 1 Agent Pool , Log AnalyticsWorkSpace ; (BICEP template:)
In the same way , in the above article there is an option to Integrate to ACR and also VNET/Subnet. Please give a try and let us know if you need additional help !

//Below are the configurations:
//Private AKS , Azure CNI , 1 Agent Pool , Log AnalyticsWorkSpace
param location string
param clusterName string

param nodeCount int = 3
param vmSize string = 'standard_d2s_v3'

resource aks 'Microsoft.ContainerService/managedClusters@2021-05-01' = {
name: clusterName
location: location
identity: {
type: 'SystemAssigned'
}
sku: {
name: 'Basic'
tier: 'Paid'
}
properties: {
dnsPrefix: clusterName
enableRBAC: true

agentPoolProfiles: [  
  {  
    name: 'nodepool1'  
    count: nodeCount  
    vmSize: vmSize  
    mode: 'System'  
  }  
]  
networkProfile: {  
  loadBalancerSku: 'standard'  
  networkPlugin: 'azure'  
  dockerBridgeCidr: '172.17.0.1/16'  
  dnsServiceIP: '10.0.0.10'  
  serviceCidr: '10.0.0.0/16'  
  networkPolicy: 'azure'  
}  
apiServerAccessProfile: {  
  enablePrivateCluster: true  
}  
servicePrincipalProfile:{  
  clientId: 'msi'  
}  
addonProfiles:{  
  azureKeyvaultSecretsProvider:{  
    enabled: false  
  }  
  azurepolicy:{  
    enabled:false  
  }  
  httpApplicationRouting:{  
    enabled:false  
  }  
  omsagent: {  
    config: {  
      logAnalyticsWorkspaceResourceID: '/subscriptions/subid/resourceGroups/foraksws/providers/Microsoft.OperationalInsights/workspaces/foraksws'  
    }  
    enabled: true  
  }  
}

}

Share via

AKS Private cluster with Bicep

1 answer

Your answer