Skip to content

Commit

Permalink
Add support for creating custom static routes (#726)
Browse files Browse the repository at this point in the history
* Automated update for ARM templates

* Add support for specifying custom static routes
Some automatic Bicep linting

* Update deploy.bicep

---------

Co-authored-by: SvenAelterman <[email protected]>
Co-authored-by: Dany Contreras <[email protected]>
  • Loading branch information
3 people authored Dec 19, 2024
1 parent 3a3c577 commit 69403f3
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 14 deletions.
47 changes: 34 additions & 13 deletions workload/bicep/deploy-baseline.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,10 @@ param deploymentEnvironment string = 'Dev'
param diskEncryptionKeyExpirationInDays int = 60

@sys.description('Required. Location where to deploy compute services.')
param avdSessionHostLocation string
param avdSessionHostLocation string

@sys.description('Required. Location where to deploy AVD management plane.')
param avdManagementPlaneLocation string
param avdManagementPlaneLocation string

@sys.description('AVD workload subscription ID, multiple subscriptions scenario. (Default: "")')
param avdWorkloadSubsId string = ''
Expand Down Expand Up @@ -107,7 +107,7 @@ param hostPoolPublicNetworkAccess string = 'Enabled'
])
@sys.description('Default to Enabled. Enables or Disables public network access on the workspace.')
param workspacePublicNetworkAccess string = 'Enabled'

@allowed([
'Automatic'
'Direct'
Expand Down Expand Up @@ -511,6 +511,9 @@ param enableKvPurgeProtection bool = true
@sys.description('Deploys anti malware extension on session hosts. (Default: true)')
param deployAntiMalwareExt bool = true

@sys.description('Additional customer-provided static routes to be added to the route tables.')
param customStaticRoutes array = []

// =========== //
// Variable declaration //
// =========== //
Expand Down Expand Up @@ -1093,7 +1096,9 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre
createVnet: createAvdVnet
deployAsg: (avdDeploySessionHosts || createAvdFslogixDeployment || varCreateMsixDeployment) ? true : false
existingAvdSubnetResourceId: existingVnetAvdSubnetResourceId
createPrivateDnsZones: (deployPrivateEndpointKeyvaultStorage || deployAvdPrivateLinkService) ? createPrivateDnsZones : false
createPrivateDnsZones: (deployPrivateEndpointKeyvaultStorage || deployAvdPrivateLinkService)
? createPrivateDnsZones
: false
applicationSecurityGroupName: varApplicationSecurityGroupName
computeObjectsRgName: varComputeObjectsRgName
networkObjectsRgName: varNetworkObjectsRgName
Expand Down Expand Up @@ -1125,6 +1130,7 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre
? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId
: alaExistingWorkspaceResourceId)
: ''
customStaticRoutes: customStaticRoutes
}
dependsOn: [
baselineNetworkResourceGroup
Expand Down Expand Up @@ -1152,7 +1158,9 @@ module managementPLane './modules/avdManagementPlane/deploy.bicep' = {
preferredAppGroupType: (hostPoolPreferredAppGroupType == 'RemoteApp') ? 'RailApplications' : 'Desktop'
deployScalingPlan: varDeployScalingPlan
scalingPlanExclusionTag: varScalingPlanExclusionTag
scalingPlanSchedules: (avdHostPoolType == 'Pooled') ? varPooledScalingPlanSchedules : varPersonalScalingPlanSchedules
scalingPlanSchedules: (avdHostPoolType == 'Pooled')
? varPooledScalingPlanSchedules
: varPersonalScalingPlanSchedules
scalingPlanName: varScalingPlanName
hostPoolMaxSessions: hostPoolMaxSessions
personalAssignType: avdPersonalAssignType
Expand All @@ -1172,9 +1180,19 @@ module managementPLane './modules/avdManagementPlane/deploy.bicep' = {
deployAvdPrivateLinkService: deployAvdPrivateLinkService
hostPoolPublicNetworkAccess: hostPoolPublicNetworkAccess
workspacePublicNetworkAccess: workspacePublicNetworkAccess
privateEndpointSubnetResourceId: createAvdVnet ? '${networking.outputs.virtualNetworkResourceId}/subnets/${varVnetPrivateEndpointSubnetName}' : existingVnetPrivateEndpointSubnetResourceId
avdVnetPrivateDnsZoneDiscoveryResourceId: deployAvdPrivateLinkService ? (createPrivateDnsZones ? networking.outputs.avdDnsDiscoveryZoneResourceId : avdVnetPrivateDnsZoneDiscoveryResourceId) : ''
avdVnetPrivateDnsZoneConnectionResourceId: deployAvdPrivateLinkService ? (createPrivateDnsZones ? networking.outputs.avdDnsConnectionZoneResourceId : avdVnetPrivateDnsZoneConnectionResourceId) : ''
privateEndpointSubnetResourceId: createAvdVnet
? '${networking.outputs.virtualNetworkResourceId}/subnets/${varVnetPrivateEndpointSubnetName}'
: existingVnetPrivateEndpointSubnetResourceId
avdVnetPrivateDnsZoneDiscoveryResourceId: deployAvdPrivateLinkService
? (createPrivateDnsZones
? networking.outputs.avdDnsDiscoveryZoneResourceId
: avdVnetPrivateDnsZoneDiscoveryResourceId)
: ''
avdVnetPrivateDnsZoneConnectionResourceId: deployAvdPrivateLinkService
? (createPrivateDnsZones
? networking.outputs.avdDnsConnectionZoneResourceId
: avdVnetPrivateDnsZoneConnectionResourceId)
: ''
privateEndpointConnectionName: varPrivateEndPointConnectionName
privateEndpointDiscoveryName: varPrivateEndPointDiscoveryName
privateEndpointWorkspaceName: varPrivateEndPointWorkspaceName
Expand Down Expand Up @@ -1267,20 +1285,23 @@ module wrklKeyVault '../../avm/1.0.0/res/key-vault/vault/main.bicep' = {
ipRules: []
}
: {}
privateEndpoints: deployPrivateEndpointKeyvaultStorage? [
privateEndpoints: deployPrivateEndpointKeyvaultStorage
? [
{
name: varWrklKvPrivateEndpointName
subnetResourceId: createAvdVnet
? '${networking.outputs.virtualNetworkResourceId}/subnets/${varVnetPrivateEndpointSubnetName}'
: existingVnetPrivateEndpointSubnetResourceId
customNetworkInterfaceName: 'nic-01-${varWrklKvPrivateEndpointName}'
service: 'vault'
privateDnsZoneGroupName: createPrivateDnsZones ? split(networking.outputs.keyVaultDnsZoneResourceId, '/')[8] : split(avdVnetPrivateDnsZoneKeyvaultId, '/')[8]
privateDnsZoneGroupName: createPrivateDnsZones
? split(networking.outputs.keyVaultDnsZoneResourceId, '/')[8]
: split(avdVnetPrivateDnsZoneKeyvaultId, '/')[8]
privateDnsZoneResourceIds: [
createPrivateDnsZones ? networking.outputs.keyVaultDnsZoneResourceId : avdVnetPrivateDnsZoneKeyvaultId
createPrivateDnsZones ? networking.outputs.keyVaultDnsZoneResourceId : avdVnetPrivateDnsZoneKeyvaultId
]
}
]
]
: []
secrets: (avdIdentityServiceProvider != 'EntraID')
? [
Expand Down Expand Up @@ -1483,7 +1504,7 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (va
}

// VMSS Flex
module vmScaleSetFlex './modules/avdSessionHosts/.bicep/vmScaleSet.bicep' = if (avdDeploySessionHosts && deployVmssFlex) {
module vmScaleSetFlex './modules/avdSessionHosts/.bicep/vmScaleSet.bicep' = if (avdDeploySessionHosts && deployVmssFlex) {
name: 'AVD-VMSS-Flex-${time}'
scope: resourceGroup('${avdWorkloadSubsId}', '${varComputeObjectsRgName}')
params: {
Expand Down
8 changes: 7 additions & 1 deletion workload/bicep/modules/networking/deploy.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,9 @@ param alaWorkspaceResourceId string
@sys.description('Do not modify, used to set unique value for resource deployment')
param time string = utcNow()

@sys.description('Additional customer-provided static routes to be added to the route tables.')
param customStaticRoutes array = []

// =========== //
// Variable declaration //
// =========== //
Expand Down Expand Up @@ -153,7 +156,7 @@ var varWindowsActivationKMSPrefixesNsg = (varAzureCloudName == 'AzureCloud')
]
: []
// https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/custom-routes-enable-kms-activation#solution
var varStaticRoutes = (varAzureCloudName == 'AzureCloud')
var varDefaultStaticRoutes = (varAzureCloudName == 'AzureCloud')
? [
{
name: 'AVDServiceTraffic'
Expand Down Expand Up @@ -283,6 +286,9 @@ var varStaticRoutes = (varAzureCloudName == 'AzureCloud')
}
]
: []

var varStaticRoutes = union(varDefaultStaticRoutes, customStaticRoutes)

var privateDnsZoneNames = {
AutomationAgentService: 'privatelink.agentsvc.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name]}'
Automation: 'privatelink.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name]}'
Expand Down

0 comments on commit 69403f3

Please sign in to comment.