azuredemoenvironment / ade Goto Github PK

The Firewall is expensive! Disable it after deploying, then provide a way to re-enable it.

Log Analytics Deployment Changes

• Change API version to 2020-08-01
• Remove "features" section of Properties and Search Version is already set

features: {
            searchVersion: 1
        }

Create Pre-Requisite Install Script for Windows

After making ADE public, migrate all scripts from current repo to ADE repo.

Deployments impacted:

• jumpbox
• developer
• vpn gateway (graphics for markdown file)
• vmss
• aks vote
• hello world primary
• hello world secondary
• sql todo
• cognitive services (graphics for markdown file)

Performed a recent in-portal update to Azure Monitor for Virtual Machines. The following extensions are now installed:

Windows

• AzureMonitorWindowsAgent (New)
• DependencyAgentWindows
• GuestHealthWindowsAgent (New)
• MMAExtension

Linux

• AzureMonitorLinuxAgent (New)
• DependencyAgentLinux
• GuestHealthLinuxAgent (New)
• OMSExtension

Research new extensions and implement in ARM Templates for the following deployments:

• jumpbox
• vmss
• ADE App VMs (Frontend, Backend, etc)

Create Pre-Requisite Install Script for Mac

To keep branch naming consistent, add workspace settings for GitHub issues.

When deploying ADE, prompt the user to deploy various modules of the ADE app (e.g. App Services, AKS, VMs), and customize the deployed Bicep template to only deploy those modules. Additionally creating "scenarios" the end user can pick from like dev/test/prod to demonstrate the flexibility of IaC as well as to reduce cost of running ADE.

Examples of Modules:

• AKS
• VPN/Firewall
• App Services
• Virtual Machines/VMSS

Examples of Scenarios:

• Dev Environment: drop App Services to a Basic tier SKU, etc…

Add Container Instances and Virtual Machines to -Deallocate Script

Update SPNs for REST API and GitHub Actions to Save Credentials to KeyVault

List of possible Private Link and VNET Integration Deployments

• https://github.com/jelledruyts/InspectorGadget
• https://github.com/azuregomez/SecureApp

Add Removal of Network Watcher Resource and Resource Group in Removal Script

If ADE was deployed and then removed, Azure KeyVault may be in a "soft delete" state. When deploying, check if an existing soft-deleted KeyVault is present, and if it is, restore it instead of trying to deploy a new instance.

Create NSG Flow Logs Deployment

• Add new storage account for NSG flow logs
• Create NSG Flow Logs for each NSG in the demo environment

Review dependsOn in each Deployment

Hello World isn't using the wildcard cert

1. Add certificate to Key Vault
2. Import certificate to App Service
3. Add Binding from cert to App Service

When running the docker rmi command in Remove-LocalDockerImages, it will fail and end the removal process. We should be able to remove Confirm-LastExitCode lines in that function, since if the removal fails it doesn't really matter.

Pre-install Active Directory with same domain name label to allow to demonstrate installing and configuring AD Connect

Allow the user to specify which region the user can deploy into. This could either be any region the user wants, or have suggested region-pairs. Or, have the user choose the primary region and we pick the secondary region as a supported pair.

Need appropriate resourceId for the funcation app deployment

./ade.ps1 -deallocate not Stopping AKS Cluster

Add Removal of Global Activity Log to Removal Script

Issue related to subscription level deployment vs. resource group.

The reallocate script for the firewall is currently commented out. Fix it.

Update Documentation

• Update azure_cognitive_services deployment graphics.
• Update HelloWorld deployments with new URL locations and Application Settings
• Update resources with incorrect naming convention

./README.md

Requirements

Note: For MSDN Subscriptions or other Subscriptions that have tighter Resource Limits, open a support ticket and request a quote increase for the following resources:

• Public IP Addresses (10 - 20)

Assumptions

Note: Deployment assumes default naming convention of Network Watcher Resource Group and Network Watcher Resources per region.

Minecraft can run via docker; replace Wordpress with Minecraft.

Review Region Service Availability for Resources

Pair Down Deployment Slots on App Services to 2 (Production and Staging)

Reference

• https://github.com/Azure/azure-quickstart-templates/tree/master/201-vmss-bottle-autoscale
• https://github.com/Mitaric/AzureDemoEnvironment/tree/master/cse

Add Visio Diagram

We need to come up with the initial design of a cohesive solution for ADE. This may be integrating something like Azure Stream, or Podcastr.

Receiving this error when running ade.ps1 -remove:

BadRequestError: The policy set definition 'Azure Demo Environment Initiative' cannot be deleted. It is referenced by the policy assignment '/subscriptions/{SUBSCRIPTION_ID}/providers/Microsoft.Authorization/policyAssignments/Azure Demo Environment Initiative'. Please delete all policy assignments referencing the policy.
An error occurred: An error occurred executing the previous command. Check its output for more details.

Make modifications to Application Insights JSON in the following deployments:

• Image Resizer
• Hello World Primary
• Hello World Secondary
• SQL ToDo

Adjust properties as shown below:

properties: {
        Application_Type: 'web'
        WorkspaceResourceId: logAnalyticsWorkspace.id
    }

Remove Public IP Prefix from Networking Deployment

• Add Diagnostics Settings to Application Insights Instance
• Use Workbook when creating instance

Add Logic to Answer '-y' when Prompted to Overwrite Existing Kubeconfig Settings

Create Pre-Requisite Install Script for Linux

Due to length of overall deployment, disable:

• azure_vpn_gateway
• azure_vnet_peering
• azure_virtual_machine_developer

Initializing AzureAppServiceHostNames Deployment

An error occurred: The variable '$rootDomainName' cannot be retrieved because it has not been set.

Convert Virtual Machines to Spot Instances

Issue:
If parameter name for alias is too long some resources won't be deployed.

{'additionalProperties': {}, 'code': 'InvalidTemplateDeployment', 'message': "The template deployment 'AzureAppServiceImageResizerDeployment' is not valid according to the validation procedure. The tracking id is '0c6a2423-55ad-44ec-8ce8-a096c43eeaf7'. See inner errors for details.", 'target': None, 'details': [{'additionalProperties': {}, 'code': 'PreflightValidationCheckFailed', 'message': 'Preflight validation failed. Please refer to the details for the specific errors.', 'target': None, 'details': [{'additionalProperties': {}, 'code': 'AccountNameInvalid', 'message': 'sakuhlmanlabseusasimgreszr is not a valid storage account name. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only.', 'target': 'sakuhlmanlabseusasimgreszr', 'details': None, 'additionalInfo': None}, {'additionalProperties': {}, 'code': 'AccountNameInvalid', 'message': 'sakuhlmanlabseusfaimgreszr is not a valid storage account name. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only.', 'target': 'sakuhlmanlabseusfaimgreszr', 'details': None, 'additionalInfo': None}, {'additionalProperties': {}, 'code': 'AccountNameInvalid', 'message': 'sakuhlmanlabseusbkpimgreszr is not a valid storage account name. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only.', 'target': 'sakuhlmanlabseusbkpimgreszr', 'details': None, 'additionalInfo': None}], 'additionalInfo': None}], 'additionalInfo': None}

Resolution:
Implement substring function for alias when its applied to SA name value.

Update AppService Diagnostic Settings Logs
Use Image Resizer as a reference point

Due to changes in Azure App Services and feature enhancements, there is a need to consider a change to App Service Plans and App Services.

• Immediate fix was to remove the AppServiceAntivirusScanAuditLogs Diagnostics Setting, as this setting can only be associated with Premium or higher App Service Plans.
• There is a future need to move to Premium App Service Plans to incorporate Private Endpoints for frontend access to App Services. Linux P1V2 plans are more cost effective than Windows P1V2 plans.
• Only SQLTODO cannot run on Linux App Service Plans. It will either need to be refactored, or moved to a Dev/Test plan.

$rootDomainName is being used without first getting it from $rootDomainName = $armParameters.rootDomainName

Add Removal of GitHub Actions SPN to Removal Script

https://docs.microsoft.com/en-us/azure/automation/how-to/region-mappings

When running the script, capture metrics on each step that occurs and report at the end for debugging and diagnostic purposes.

Update Linux VMs to Ubuntu 20.04

When running the ADE, Docker images are cleaned up automatically. This should be
an explicit option by the user instead of automatic, in case they already use
these images for other projects.

It is necessary to remove the DNS Zone creation deployment due to the need to manually update Name Servers with a registrar. The following tasks need to be completed.

• Remove DNS Zone creation from deployment and removal scripts.
• Make the creation of a DNS Zone a PRE-REQUISITE for Azure Demo Environment
• DNS Zone Resource Group name will need to be established as either a consistent name, or referenced in initial script command
• Update documentation to reflect changes