Skip to content

Commit

Permalink
ManagedCluster - WebAppRouting - Updates (#4195)
Browse files Browse the repository at this point in the history
* Update main.bicep

Do not attempt to load Private DNS Zone when `enableDnsZoneContributorRoleAssignment` is false.

Added output `managedCluster.properties.ingressProfile.webAppRouting.identity.objectId` so I can add role assignment for private dns zone

* Update module

* Upgraded bicep, re-ran
  • Loading branch information
coolhome authored Dec 7, 2023
1 parent 26b6020 commit c0eac04
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 3 deletions.
1 change: 1 addition & 0 deletions modules/container-service/managed-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2435,6 +2435,7 @@ Specifies whether the webApplicationRoutingEnabled add-on is enabled or not.
| `resourceGroupName` | string | The resource group the managed cluster was deployed into. |
| `resourceId` | string | The resource ID of the managed cluster. |
| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |
| `webAppRoutingIdentityObjectId` | string | The Object ID of Web Application Routing. |

## Cross-referenced modules

Expand Down
5 changes: 4 additions & 1 deletion modules/container-service/managed-cluster/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -712,7 +712,7 @@ resource managedCluster_roleAssignments 'Microsoft.Authorization/roleAssignments
scope: managedCluster
}]

resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' existing = if (dnsZoneResourceId != null && webApplicationRoutingEnabled) {
resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' existing = if (enableDnsZoneContributorRoleAssignment == true && dnsZoneResourceId != null && webApplicationRoutingEnabled) {
name: last(split((!empty(dnsZoneResourceId) ? dnsZoneResourceId : '/dummmyZone'), '/'))!
}

Expand Down Expand Up @@ -762,6 +762,9 @@ output oidcIssuerUrl string = enableOidcIssuerProfile ? managedCluster.propertie
@description('The addonProfiles of the Kubernetes cluster.')
output addonProfiles object = contains(managedCluster.properties, 'addonProfiles') ? managedCluster.properties.addonProfiles : {}

@description('The Object ID of Web Application Routing.')
output webAppRoutingIdentityObjectId string = contains(managedCluster.properties, 'ingressProfile') && contains(managedCluster.properties.ingressProfile, 'webAppRouting') && contains(managedCluster.properties.ingressProfile.webAppRouting, 'identity') && contains(managedCluster.properties.ingressProfile.webAppRouting.identity, 'objectId') ? managedCluster.properties.ingressProfile.webAppRouting.identity.objectId : ''

// =============== //
// Definitions //
// =============== //
Expand Down
11 changes: 9 additions & 2 deletions modules/container-service/managed-cluster/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "609013537229775592"
"templateHash": "1679575632831341410"
},
"name": "Azure Kubernetes Service (AKS) Managed Clusters",
"description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.",
Expand Down Expand Up @@ -1286,7 +1286,7 @@
]
},
"dnsZone": {
"condition": "[and(not(equals(parameters('dnsZoneResourceId'), null())), parameters('webApplicationRoutingEnabled'))]",
"condition": "[and(and(equals(parameters('enableDnsZoneContributorRoleAssignment'), true()), not(equals(parameters('dnsZoneResourceId'), null()))), parameters('webApplicationRoutingEnabled'))]",
"existing": true,
"type": "Microsoft.Network/dnsZones",
"apiVersion": "2018-05-01",
Expand Down Expand Up @@ -2261,6 +2261,13 @@
"description": "The addonProfiles of the Kubernetes cluster."
},
"value": "[if(contains(reference('managedCluster'), 'addonProfiles'), reference('managedCluster').addonProfiles, createObject())]"
},
"webAppRoutingIdentityObjectId": {
"type": "string",
"metadata": {
"description": "The Object ID of Web Application Routing."
},
"value": "[if(and(and(and(contains(reference('managedCluster'), 'ingressProfile'), contains(reference('managedCluster').ingressProfile, 'webAppRouting')), contains(reference('managedCluster').ingressProfile.webAppRouting, 'identity')), contains(reference('managedCluster').ingressProfile.webAppRouting.identity, 'objectId')), reference('managedCluster').ingressProfile.webAppRouting.identity.objectId, '')]"
}
}
}

0 comments on commit c0eac04

Please sign in to comment.