Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for creating custom static routes #726

Merged
merged 4 commits into from
Dec 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 34 additions & 13 deletions workload/bicep/deploy-baseline.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,10 @@ param deploymentEnvironment string = 'Dev'
param diskEncryptionKeyExpirationInDays int = 60

@sys.description('Required. Location where to deploy compute services.')
param avdSessionHostLocation string
param avdSessionHostLocation string

@sys.description('Required. Location where to deploy AVD management plane.')
param avdManagementPlaneLocation string
param avdManagementPlaneLocation string

@sys.description('AVD workload subscription ID, multiple subscriptions scenario. (Default: "")')
param avdWorkloadSubsId string = ''
Expand Down Expand Up @@ -107,7 +107,7 @@ param hostPoolPublicNetworkAccess string = 'Enabled'
])
@sys.description('Default to Enabled. Enables or Disables public network access on the workspace.')
param workspacePublicNetworkAccess string = 'Enabled'

@allowed([
'Automatic'
'Direct'
Expand Down Expand Up @@ -511,6 +511,9 @@ param enableKvPurgeProtection bool = true
@sys.description('Deploys anti malware extension on session hosts. (Default: true)')
param deployAntiMalwareExt bool = true

@sys.description('Additional customer-provided static routes to be added to the route tables.')
param customStaticRoutes array = []

// =========== //
// Variable declaration //
// =========== //
Expand Down Expand Up @@ -1093,7 +1096,9 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre
createVnet: createAvdVnet
deployAsg: (avdDeploySessionHosts || createAvdFslogixDeployment || varCreateMsixDeployment) ? true : false
existingAvdSubnetResourceId: existingVnetAvdSubnetResourceId
createPrivateDnsZones: (deployPrivateEndpointKeyvaultStorage || deployAvdPrivateLinkService) ? createPrivateDnsZones : false
createPrivateDnsZones: (deployPrivateEndpointKeyvaultStorage || deployAvdPrivateLinkService)
? createPrivateDnsZones
: false
applicationSecurityGroupName: varApplicationSecurityGroupName
computeObjectsRgName: varComputeObjectsRgName
networkObjectsRgName: varNetworkObjectsRgName
Expand Down Expand Up @@ -1125,6 +1130,7 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre
? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId
: alaExistingWorkspaceResourceId)
: ''
customStaticRoutes: customStaticRoutes
}
dependsOn: [
baselineNetworkResourceGroup
Expand Down Expand Up @@ -1152,7 +1158,9 @@ module managementPLane './modules/avdManagementPlane/deploy.bicep' = {
preferredAppGroupType: (hostPoolPreferredAppGroupType == 'RemoteApp') ? 'RailApplications' : 'Desktop'
deployScalingPlan: varDeployScalingPlan
scalingPlanExclusionTag: varScalingPlanExclusionTag
scalingPlanSchedules: (avdHostPoolType == 'Pooled') ? varPooledScalingPlanSchedules : varPersonalScalingPlanSchedules
scalingPlanSchedules: (avdHostPoolType == 'Pooled')
? varPooledScalingPlanSchedules
: varPersonalScalingPlanSchedules
scalingPlanName: varScalingPlanName
hostPoolMaxSessions: hostPoolMaxSessions
personalAssignType: avdPersonalAssignType
Expand All @@ -1172,9 +1180,19 @@ module managementPLane './modules/avdManagementPlane/deploy.bicep' = {
deployAvdPrivateLinkService: deployAvdPrivateLinkService
hostPoolPublicNetworkAccess: hostPoolPublicNetworkAccess
workspacePublicNetworkAccess: workspacePublicNetworkAccess
privateEndpointSubnetResourceId: createAvdVnet ? '${networking.outputs.virtualNetworkResourceId}/subnets/${varVnetPrivateEndpointSubnetName}' : existingVnetPrivateEndpointSubnetResourceId
avdVnetPrivateDnsZoneDiscoveryResourceId: deployAvdPrivateLinkService ? (createPrivateDnsZones ? networking.outputs.avdDnsDiscoveryZoneResourceId : avdVnetPrivateDnsZoneDiscoveryResourceId) : ''
avdVnetPrivateDnsZoneConnectionResourceId: deployAvdPrivateLinkService ? (createPrivateDnsZones ? networking.outputs.avdDnsConnectionZoneResourceId : avdVnetPrivateDnsZoneConnectionResourceId) : ''
privateEndpointSubnetResourceId: createAvdVnet
? '${networking.outputs.virtualNetworkResourceId}/subnets/${varVnetPrivateEndpointSubnetName}'
: existingVnetPrivateEndpointSubnetResourceId
avdVnetPrivateDnsZoneDiscoveryResourceId: deployAvdPrivateLinkService
? (createPrivateDnsZones
? networking.outputs.avdDnsDiscoveryZoneResourceId
: avdVnetPrivateDnsZoneDiscoveryResourceId)
: ''
avdVnetPrivateDnsZoneConnectionResourceId: deployAvdPrivateLinkService
? (createPrivateDnsZones
? networking.outputs.avdDnsConnectionZoneResourceId
: avdVnetPrivateDnsZoneConnectionResourceId)
: ''
privateEndpointConnectionName: varPrivateEndPointConnectionName
privateEndpointDiscoveryName: varPrivateEndPointDiscoveryName
privateEndpointWorkspaceName: varPrivateEndPointWorkspaceName
Expand Down Expand Up @@ -1267,20 +1285,23 @@ module wrklKeyVault '../../avm/1.0.0/res/key-vault/vault/main.bicep' = {
ipRules: []
}
: {}
privateEndpoints: deployPrivateEndpointKeyvaultStorage? [
privateEndpoints: deployPrivateEndpointKeyvaultStorage
? [
{
name: varWrklKvPrivateEndpointName
subnetResourceId: createAvdVnet
? '${networking.outputs.virtualNetworkResourceId}/subnets/${varVnetPrivateEndpointSubnetName}'
: existingVnetPrivateEndpointSubnetResourceId
customNetworkInterfaceName: 'nic-01-${varWrklKvPrivateEndpointName}'
service: 'vault'
privateDnsZoneGroupName: createPrivateDnsZones ? split(networking.outputs.keyVaultDnsZoneResourceId, '/')[8] : split(avdVnetPrivateDnsZoneKeyvaultId, '/')[8]
privateDnsZoneGroupName: createPrivateDnsZones
? split(networking.outputs.keyVaultDnsZoneResourceId, '/')[8]
: split(avdVnetPrivateDnsZoneKeyvaultId, '/')[8]
privateDnsZoneResourceIds: [
createPrivateDnsZones ? networking.outputs.keyVaultDnsZoneResourceId : avdVnetPrivateDnsZoneKeyvaultId
createPrivateDnsZones ? networking.outputs.keyVaultDnsZoneResourceId : avdVnetPrivateDnsZoneKeyvaultId
]
}
]
]
: []
secrets: (avdIdentityServiceProvider != 'EntraID')
? [
Expand Down Expand Up @@ -1483,7 +1504,7 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (va
}

// VMSS Flex
module vmScaleSetFlex './modules/avdSessionHosts/.bicep/vmScaleSet.bicep' = if (avdDeploySessionHosts && deployVmssFlex) {
module vmScaleSetFlex './modules/avdSessionHosts/.bicep/vmScaleSet.bicep' = if (avdDeploySessionHosts && deployVmssFlex) {
name: 'AVD-VMSS-Flex-${time}'
scope: resourceGroup('${avdWorkloadSubsId}', '${varComputeObjectsRgName}')
params: {
Expand Down
8 changes: 7 additions & 1 deletion workload/bicep/modules/networking/deploy.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,9 @@ param alaWorkspaceResourceId string
@sys.description('Do not modify, used to set unique value for resource deployment')
param time string = utcNow()

@sys.description('Additional customer-provided static routes to be added to the route tables.')
param customStaticRoutes array = []

// =========== //
// Variable declaration //
// =========== //
Expand Down Expand Up @@ -153,7 +156,7 @@ var varWindowsActivationKMSPrefixesNsg = (varAzureCloudName == 'AzureCloud')
]
: []
// https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/custom-routes-enable-kms-activation#solution
var varStaticRoutes = (varAzureCloudName == 'AzureCloud')
var varDefaultStaticRoutes = (varAzureCloudName == 'AzureCloud')
? [
{
name: 'AVDServiceTraffic'
Expand Down Expand Up @@ -283,6 +286,9 @@ var varStaticRoutes = (varAzureCloudName == 'AzureCloud')
}
]
: []

var varStaticRoutes = union(varDefaultStaticRoutes, customStaticRoutes)

var privateDnsZoneNames = {
AutomationAgentService: 'privatelink.agentsvc.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name]}'
Automation: 'privatelink.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name]}'
Expand Down
Loading