Skip to content

Commit 01386f7

Browse files
author
cloudmelon
committed
add bdc private cluster sample
1 parent 99b7c82 commit 01386f7

6 files changed

Lines changed: 570 additions & 0 deletions

File tree

samples/features/sql-big-data-cluster/private-bdc/ARMtemplates/parameters.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
{
2+
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
3+
"contentVersion": "1.0.0.0",
4+
"parameters": {
5+
"routeTables_bdcaks_rt_name": {
6+
"value": null
7+
},
8+
"virtualNetworks_bdc_vnet_name": {
9+
"value": null
10+
},
11+
"azureFirewalls_bdcaksazfw_name": {
12+
"value": null
13+
},
14+
"publicIPAddresses_bdcaksazfw_ip_name": {
15+
"value": null
16+
},
17+
"managedClusters_bdcaksprivatecluster_name": {
18+
"value": null
19+
}
20+
}
21+
}

samples/features/sql-big-data-cluster/private-bdc/ARMtemplates/template.json

Lines changed: 367 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,367 @@
1+
{
2+
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3+
"contentVersion": "1.0.0.0",
4+
"parameters": {
5+
"routeTables_bdcaks_rt_name": {
6+
"defaultValue": "bdcaks-rt",
7+
"type": "String"
8+
},
9+
"virtualNetworks_bdc_vnet_name": {
10+
"defaultValue": "bdc-vnet",
11+
"type": "String"
12+
},
13+
"azureFirewalls_bdcaksazfw_name": {
14+
"defaultValue": "bdcaksazfw",
15+
"type": "String"
16+
},
17+
"publicIPAddresses_bdcaksazfw_ip_name": {
18+
"defaultValue": "bdcaksazfw-ip",
19+
"type": "String"
20+
},
21+
"managedClusters_bdcaksprivatecluster_name": {
22+
"defaultValue": "bdcaksprivatecluster",
23+
"type": "String"
24+
}
25+
},
26+
"variables": {},
27+
"resources": [
28+
{
29+
"type": "Microsoft.Network/publicIPAddresses",
30+
"apiVersion": "2020-05-01",
31+
"name": "[parameters('publicIPAddresses_bdcaksazfw_ip_name')]",
32+
"location": "northeurope",
33+
"sku": {
34+
"name": "Standard"
35+
},
36+
"properties": {
37+
"ipAddress": "51.104.159.190",
38+
"publicIPAddressVersion": "IPv4",
39+
"publicIPAllocationMethod": "Static",
40+
"idleTimeoutInMinutes": 4,
41+
"ipTags": []
42+
}
43+
},
44+
{
45+
"type": "Microsoft.Network/routeTables",
46+
"apiVersion": "2020-05-01",
47+
"name": "[parameters('routeTables_bdcaks_rt_name')]",
48+
"location": "northeurope",
49+
"properties": {
50+
"disableBgpRoutePropagation": false,
51+
"routes": [
52+
{
53+
"name": "bdcaksrouteinet",
54+
"properties": {
55+
"addressPrefix": "51.104.159.190/32",
56+
"nextHopType": "Internet"
57+
}
58+
},
59+
{
60+
"name": "bdcaksroute",
61+
"properties": {
62+
"addressPrefix": "0.0.0.0/0",
63+
"nextHopType": "VirtualAppliance",
64+
"nextHopIpAddress": "10.2.0.4"
65+
}
66+
}
67+
]
68+
}
69+
},
70+
{
71+
"type": "Microsoft.ContainerService/managedClusters",
72+
"apiVersion": "2020-06-01",
73+
"name": "[parameters('managedClusters_bdcaksprivatecluster_name')]",
74+
"location": "northeurope",
75+
"dependsOn": [
76+
"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_bdc_vnet_name'), 'aks-subnet')]"
77+
],
78+
"sku": {
79+
"name": "Basic",
80+
"tier": "Free"
81+
},
82+
"properties": {
83+
"kubernetesVersion": "1.16.13",
84+
"dnsPrefix": "bdcakspriv-private-bdc-rg-a00fa0",
85+
"agentPoolProfiles": [
86+
{
87+
"name": "nodepool1",
88+
"count": 2,
89+
"vmSize": "Standard_D13_v2",
90+
"osDiskSizeGB": 128,
91+
"vnetSubnetID": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_bdc_vnet_name'), 'aks-subnet')]",
92+
"maxPods": 30,
93+
"type": "VirtualMachineScaleSets",
94+
"orchestratorVersion": "1.16.13",
95+
"enableNodePublicIP": false,
96+
"nodeLabels": {},
97+
"mode": "System",
98+
"osType": "Linux",
99+
"nodeImageVersion": "AKSUbuntu-1604-2020.07.16"
100+
}
101+
],
102+
"linuxProfile": {
103+
"adminUsername": "azureuser",
104+
"ssh": {
105+
"publicKeys": [
106+
{
107+
"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+2Ev5GnLtDTsb/xnYFVFqyJejTQy+tH9Z5jhh4h+h1zDLZESubjzKkSIcBaUq1BDypC2HWY3GojxOW8QSKtlxdZNMBoX2/POsc+XeU/iPPYi243wMCBKOyIS5iLrT+86sDCDSVScmaFiA7fGSQOp3ghYY+517s1yWFWdbbChVP0OWjPDa8CeiMPDJFraT5stcFuEJ/ef1qidz48bvJJJKiKQ+7VS4VjqKFsM+n7uvKC0V5hZZ6WH7Ld5q1zR4OImySiYHRzNob6Q9f14MOTCu+JLbdONZLRAR83daw30fCL2V8NGqSVFAA/oRwarZpCZvrNJSCUUc6esDax36pEjx"
108+
}
109+
]
110+
}
111+
},
112+
"windowsProfile": {
113+
"adminUsername": "azureuser"
114+
},
115+
"servicePrincipalProfile": {
116+
"clientId": "17915f2a-09da-4729-8f62-c7121f28a4f2"
117+
},
118+
"addonProfiles": {
119+
"KubeDashboard": {
120+
"enabled": true
121+
}
122+
},
123+
"nodeResourceGroup": "[concat('MC_private-bdc-rg_', parameters('managedClusters_bdcaksprivatecluster_name'), '_northeurope')]",
124+
"enableRBAC": true,
125+
"networkProfile": {
126+
"networkPlugin": "azure",
127+
"loadBalancerSku": "Standard",
128+
"serviceCidr": "10.3.0.0/24",
129+
"dnsServiceIP": "10.3.0.10",
130+
"dockerBridgeCidr": "172.17.0.1/16",
131+
"outboundType": "userDefinedRouting"
132+
},
133+
"apiServerAccessProfile": {
134+
"enablePrivateCluster": true
135+
}
136+
}
137+
},
138+
{
139+
"type": "Microsoft.Network/routeTables/routes",
140+
"apiVersion": "2020-05-01",
141+
"name": "[concat(parameters('routeTables_bdcaks_rt_name'), '/bdcaksroute')]",
142+
"dependsOn": [
143+
"[resourceId('Microsoft.Network/routeTables', parameters('routeTables_bdcaks_rt_name'))]"
144+
],
145+
"properties": {
146+
"addressPrefix": "0.0.0.0/0",
147+
"nextHopType": "VirtualAppliance",
148+
"nextHopIpAddress": "10.2.0.4"
149+
}
150+
},
151+
{
152+
"type": "Microsoft.Network/routeTables/routes",
153+
"apiVersion": "2020-05-01",
154+
"name": "[concat(parameters('routeTables_bdcaks_rt_name'), '/bdcaksrouteinet')]",
155+
"dependsOn": [
156+
"[resourceId('Microsoft.Network/routeTables', parameters('routeTables_bdcaks_rt_name'))]"
157+
],
158+
"properties": {
159+
"addressPrefix": "51.104.159.190/32",
160+
"nextHopType": "Internet"
161+
}
162+
},
163+
{
164+
"type": "Microsoft.Network/virtualNetworks",
165+
"apiVersion": "2020-05-01",
166+
"name": "[parameters('virtualNetworks_bdc_vnet_name')]",
167+
"location": "northeurope",
168+
"dependsOn": [
169+
"[resourceId('Microsoft.Network/routeTables', parameters('routeTables_bdcaks_rt_name'))]"
170+
],
171+
"properties": {
172+
"addressSpace": {
173+
"addressPrefixes": [
174+
"10.0.0.0/8"
175+
]
176+
},
177+
"dhcpOptions": {
178+
"dnsServers": []
179+
},
180+
"subnets": [
181+
{
182+
"name": "AzureFirewallSubnet",
183+
"properties": {
184+
"addressPrefix": "10.2.0.0/24",
185+
"delegations": [],
186+
"privateEndpointNetworkPolicies": "Enabled",
187+
"privateLinkServiceNetworkPolicies": "Enabled"
188+
}
189+
},
190+
{
191+
"name": "aks-subnet",
192+
"properties": {
193+
"addressPrefix": "10.1.0.0/16",
194+
"routeTable": {
195+
"id": "[resourceId('Microsoft.Network/routeTables', parameters('routeTables_bdcaks_rt_name'))]"
196+
},
197+
"delegations": [],
198+
"privateEndpointNetworkPolicies": "Disabled",
199+
"privateLinkServiceNetworkPolicies": "Enabled"
200+
}
201+
}
202+
],
203+
"virtualNetworkPeerings": [],
204+
"enableDdosProtection": false,
205+
"enableVmProtection": false
206+
}
207+
},
208+
{
209+
"type": "Microsoft.Network/virtualNetworks/subnets",
210+
"apiVersion": "2020-05-01",
211+
"name": "[concat(parameters('virtualNetworks_bdc_vnet_name'), '/AzureFirewallSubnet')]",
212+
"dependsOn": [
213+
"[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworks_bdc_vnet_name'))]"
214+
],
215+
"properties": {
216+
"addressPrefix": "10.2.0.0/24",
217+
"delegations": [],
218+
"privateEndpointNetworkPolicies": "Enabled",
219+
"privateLinkServiceNetworkPolicies": "Enabled"
220+
}
221+
},
222+
{
223+
"type": "Microsoft.ContainerService/managedClusters/agentPools",
224+
"apiVersion": "2020-06-01",
225+
"name": "[concat(parameters('managedClusters_bdcaksprivatecluster_name'), '/nodepool1')]",
226+
"dependsOn": [
227+
"[resourceId('Microsoft.ContainerService/managedClusters', parameters('managedClusters_bdcaksprivatecluster_name'))]",
228+
"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_bdc_vnet_name'), 'aks-subnet')]"
229+
],
230+
"properties": {
231+
"count": 2,
232+
"vmSize": "Standard_D13_v2",
233+
"osDiskSizeGB": 128,
234+
"vnetSubnetID": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_bdc_vnet_name'), 'aks-subnet')]",
235+
"maxPods": 30,
236+
"type": "VirtualMachineScaleSets",
237+
"orchestratorVersion": "1.16.13",
238+
"enableNodePublicIP": false,
239+
"nodeLabels": {},
240+
"mode": "System",
241+
"osType": "Linux",
242+
"nodeImageVersion": "AKSUbuntu-1604-2020.07.16"
243+
}
244+
},
245+
{
246+
"type": "Microsoft.Network/azureFirewalls",
247+
"apiVersion": "2020-05-01",
248+
"name": "[parameters('azureFirewalls_bdcaksazfw_name')]",
249+
"location": "northeurope",
250+
"dependsOn": [
251+
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPAddresses_bdcaksazfw_ip_name'))]",
252+
"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_bdc_vnet_name'), 'AzureFirewallSubnet')]"
253+
],
254+
"properties": {
255+
"sku": {
256+
"name": "AZFW_VNet",
257+
"tier": "Standard"
258+
},
259+
"threatIntelMode": "Alert",
260+
"additionalProperties": {
261+
"Network.DNS.EnableProxy": "True",
262+
"Network.DNS.RequireProxyForNetworkRules": "True"
263+
},
264+
"ipConfigurations": [
265+
{
266+
"name": "[concat(parameters('azureFirewalls_bdcaksazfw_name'), '-config')]",
267+
"properties": {
268+
"publicIPAddress": {
269+
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPAddresses_bdcaksazfw_ip_name'))]"
270+
},
271+
"subnet": {
272+
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_bdc_vnet_name'), 'AzureFirewallSubnet')]"
273+
}
274+
}
275+
}
276+
],
277+
"networkRuleCollections": [
278+
{
279+
"name": "aksfwnr",
280+
"properties": {
281+
"priority": 100,
282+
"action": {
283+
"type": "Allow"
284+
},
285+
"rules": [
286+
{
287+
"name": "apiudp",
288+
"protocols": [
289+
"UDP"
290+
],
291+
"sourceAddresses": [
292+
"*"
293+
],
294+
"destinationAddresses": [
295+
"AzureCloud.northeurope"
296+
],
297+
"sourceIpGroups": [],
298+
"destinationIpGroups": [],
299+
"destinationFqdns": [],
300+
"destinationPorts": [
301+
"1194"
302+
]
303+
},
304+
{
305+
"name": "apitcp",
306+
"protocols": [
307+
"TCP"
308+
],
309+
"sourceAddresses": [
310+
"*"
311+
],
312+
"destinationAddresses": [
313+
"AzureCloud.northeurope"
314+
],
315+
"sourceIpGroups": [],
316+
"destinationIpGroups": [],
317+
"destinationFqdns": [],
318+
"destinationPorts": [
319+
"9000"
320+
]
321+
},
322+
{
323+
"name": "time",
324+
"protocols": [
325+
"UDP"
326+
],
327+
"sourceAddresses": [
328+
"*"
329+
],
330+
"destinationAddresses": [],
331+
"sourceIpGroups": [],
332+
"destinationIpGroups": [],
333+
"destinationFqdns": [
334+
"ntp.ubuntu.com"
335+
],
336+
"destinationPorts": [
337+
"123"
338+
]
339+
}
340+
]
341+
}
342+
}
343+
],
344+
"applicationRuleCollections": [],
345+
"natRuleCollections": []
346+
}
347+
},
348+
{
349+
"type": "Microsoft.Network/virtualNetworks/subnets",
350+
"apiVersion": "2020-05-01",
351+
"name": "[concat(parameters('virtualNetworks_bdc_vnet_name'), '/aks-subnet')]",
352+
"dependsOn": [
353+
"[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworks_bdc_vnet_name'))]",
354+
"[resourceId('Microsoft.Network/routeTables', parameters('routeTables_bdcaks_rt_name'))]"
355+
],
356+
"properties": {
357+
"addressPrefix": "10.1.0.0/16",
358+
"routeTable": {
359+
"id": "[resourceId('Microsoft.Network/routeTables', parameters('routeTables_bdcaks_rt_name'))]"
360+
},
361+
"delegations": [],
362+
"privateEndpointNetworkPolicies": "Disabled",
363+
"privateLinkServiceNetworkPolicies": "Enabled"
364+
}
365+
}
366+
]
367+
}

samples/features/sql-big-data-cluster/private-bdc/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
# Deploy BDC in private AKS cluster with User-defined Route (UDR)
2+

0 commit comments

Comments
 (0)