AKS Private cluster with Bicep

Niren Adhikary (NAD) 146 Reputation points
2022-06-30T19:52:06.363+00:00

Hello,

I have been trying to deploy aks private cluster using bicep template.

The configuration should include Azure CNI (Networking) with specific vnet/snet and Integration with ACR and Log analytics.

After searching for bicep sample template available on the internet all of these do not work .

////

param general object = {
location: resourceGroup().location
tags: {
LastUpdate: utcNow()
}
}
@description('Properties of the cluster.')
param aksPrivateCluster object = {}

//param loganalyticsWorkspace string/
resource rsrc_aks_private_cluster 'Microsoft.ContainerService/managedClusters@2022-04-02-preview' = {
name: aksPrivateCluster.name
location: general.location
tags: general.tags
sku: {
name: 'Basic'
tier: 'Paid'
}
identity: {
type: 'None'
}
properties: {
kubernetesVersion: '1.22.6'
dnsPrefix: '${aksPrivateCluster.name}-dns'
agentPoolProfiles: [
{
name: 'agentpool'
count: 7
vmSize: 'Standard_D4s_v3'
osDiskSizeGB: 128
osDiskType: 'Managed'
kubeletDiskType: 'OS'
// vnetSubnetID: resourceId('Microsoft.Network/virtualNetworks/subnets', 'clustervirtualNetwork', 'aks')

    maxPods: 110  
    type: 'VirtualMachineScaleSets'  
    availabilityZones: [  
      '1'  
      '2'  
      '3'  
    ]  
    maxCount: 10  
    minCount: 7  
    enableAutoScaling: true  
    powerState: {  
      code: 'Running'  
    }  
    orchestratorVersion: '1.22.6'  
    currentOrchestratorVersion: '1.22.6'  
    enableNodePublicIP: false  
    enableCustomCATrust: false  
  
    mode: 'System'  
    osType: 'Linux'  
    osSKU: 'Ubuntu'  
    enableFIPS: false  
  }  
]  
  
servicePrincipalProfile: {  
  clientId: 'msi'  
}  
addonProfiles: {  
  azureKeyvaultSecretsProvider: {  
    enabled: false  
  }  
  azurepolicy: {  
    enabled: false  
  }  
  httpApplicationRouting: {  
    enabled: false  
  }  
   
  }   
}  

}

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,781 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. shiva patpi 12,961 Reputation points Microsoft Employee
    2022-07-02T00:16:21.66+00:00

    Hello @Niren Adhikary (NAD) ,
    I was going through one of the below article where it has all the required configuration to create Private AKS cluster with Azure CNI integrated with LogAnalytics & ACR - can you please extract bits and pieces of that code ?
    https://github.com/Welasco/Bicep

    (I would suggest , take one step at a time while extracting from the above article and test it)

    For example , I was able to create cluster with Private AKS , Azure CNI , 1 Agent Pool , Log AnalyticsWorkSpace ; (BICEP template:)
    In the same way , in the above article there is an option to Integrate to ACR and also VNET/Subnet. Please give a try and let us know if you need additional help !

    //Below are the configurations:
    //Private AKS , Azure CNI , 1 Agent Pool , Log AnalyticsWorkSpace
    param location string
    param clusterName string

    param nodeCount int = 3
    param vmSize string = 'standard_d2s_v3'

    resource aks 'Microsoft.ContainerService/managedClusters@2021-05-01' = {
    name: clusterName
    location: location
    identity: {
    type: 'SystemAssigned'
    }
    sku: {
    name: 'Basic'
    tier: 'Paid'
    }
    properties: {
    dnsPrefix: clusterName
    enableRBAC: true

    agentPoolProfiles: [  
      {  
        name: 'nodepool1'  
        count: nodeCount  
        vmSize: vmSize  
        mode: 'System'  
      }  
    ]  
    networkProfile: {  
      loadBalancerSku: 'standard'  
      networkPlugin: 'azure'  
      dockerBridgeCidr: '172.17.0.1/16'  
      dnsServiceIP: '10.0.0.10'  
      serviceCidr: '10.0.0.0/16'  
      networkPolicy: 'azure'  
    }  
    apiServerAccessProfile: {  
      enablePrivateCluster: true  
    }  
    servicePrincipalProfile:{  
      clientId: 'msi'  
    }  
    addonProfiles:{  
      azureKeyvaultSecretsProvider:{  
        enabled: false  
      }  
      azurepolicy:{  
        enabled:false  
      }  
      httpApplicationRouting:{  
        enabled:false  
      }  
      omsagent: {  
        config: {  
          logAnalyticsWorkspaceResourceID: '/subscriptions/subid/resourceGroups/foraksws/providers/Microsoft.OperationalInsights/workspaces/foraksws'  
        }  
        enabled: true  
      }  
    }  
    

    }

    }

    1 person found this answer helpful.
    0 comments No comments