My issue is related to Azure ARM
I want to populate the parameters allowed list with values, taken from the current resource group.
To be clear - I want to place a virtual machine to virtual network subnet, but I don't want to enter vNet name manually. I already have find a way to get resourcegroup id, resource group name, subscription id but it seems what there is no way to get a list of objects from here - only if I know resource name, please tell me - it is possible at all?
No, this is not possible at all with ARM Templates. What you can do - you can use powershell script that would pull those values and the user will pick one of those values before the deployment (using Out-GridView, for example).
Related
We have a requirement to force certain tags to our azure resources. Some tags which we need to enforce from subscription level say(eg: st1=st1, st2=st2..), But some are needed to be resourcegroup level(rt1-rt1, rt2=rt2..) and others are to specific resource type (like, aks, appservice, storage account).
By going through the MS doc I found that this can be achieved using azure policy. So the plan is to create azure policy with allowed tags and tag values which need to be enforced on
i) in subscription level
2) resource group level
3) Resource type wise
4) and for other remaining app specific tags to the resources use "az tag update" command.
We need to use automated solution to achieve all these with Azurepipleine and shell commands or scripts as we have only linux machines.
so for the 4th point i got some working pipeline solution to add the app specific tags to the resource level.
But for the requirements 1 to 3, will there any arm or script already available , so that we can integrate them with our azurepipelines.
Any automated solution or suggestion you already tried on this?
update on 12/12
As this docs for Use Tags to organize your azure resources sharing to us, you could use rest api or sdk to add the tags for your resource.
And for the loop for giving the resources with the tags from the resource groups. You could look into this potential workaround for reference. Bash Script
Is it possible and if yes how, to list available (previously created) VMs, so that I can select my "target" from dropdown during the deployment process from my ARM template.
no, this is not possible, you have to use other means (powershell\cli\rest api\sdk) to find that information and pass it to the template.
if your VM list never changes - you can hardcode it as allowedValues for the parameter. that will achieve what you want, but you'll have to update those everytime you create\delete\move vm.
I have one resource group that I set up with the portal and another that I tried to configure the same way using Terraform.
Each group contains
Application Gateway with Web App Firewall
Virtual networks and subnets
VMs and associated storage
Public IPs, NSGs, NIC etc
Is there a way for me to compare the two sets of configurations?
For you, I assume you want to create the same resources with the same configurations in another group through Terraform. On my side, there are not many things you need to care about. Just according to the configuration of the resources to create the terraform script.
each resource region
the public IP and the NIC allocation method
NSG rules
vnet and the subnet address prefix
application gateway properties and the rules
The above points are that I think you need to care about. And the properties of the resources in Terraform also need to according to. I think there is no other way to compare two sets of configurations. If you really want, you can compare the template of each group when you create them. The group template shows below:
No, i dont think there is a reasonable straight forward way of doing this, you can create a powershell script that would get resources in each resource group and then try and compare properties, but its hard to give some sort of estimation how accurate it would be, there is a Compare-Object cmdlet in powershell, which might help you with that.
When I create an AKS cluster using Azure portal I can see that new resource groups are created. It seems that I have no control over how they are named, especially the one with with "MC_" prefix. I also don't see an option to change its name when using ARM template.
In addition, if I create a cluster in customer's subscription, where I only have access to 1 resource group, I don't even see the newly created RG and can't manage it.
Is there a way to force deployment of all AKS components into a single resource group?
No, there is no way to force it at this point in time. As for the access, you should request access to that RG. No real workarounds.
Secondary resource group name can be inferred, I think, its something like:
MC_original-resource-group-name_aks-resource-name_location
it also creates OMS resource group (if you enable OMS) and Network Watcher (this can be disabled, btw, but its a provider setting). you have no control over that as well.
there is a not implemented yet nodeResourceGroup property: https://learn.microsoft.com/en-us/rest/api/aks/managedclusters/createorupdate#examples
EDIT: this is actually working right now, so the nodeResourceGroup property can be used. But it would still be a new resource group, so you would still need to request access to that group and using this property is not possible with the portal (so ARM Templates\pulumi\terraform)
I am working on Azure Kubernetes service. I am creating AKS through portal successfully. But, I need to do it through the ARM Templates.
How to create AKS with help of ARM Templates?
For this, I followed link
But, here am receiving an issue like:
Code : InvalidTemplate
Message : Deployment template validation failed: 'The template
resource
'AKSsubnet/Microsoft.Authorization/36985XXX-XXXX-XXXX-XXXX-5fb6b7ebXXXX'
for type
'Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments'
at line '53' and column '9' has incorrect segment lengths. A
nested resource type must have identical number of segments as its resource name. A root resource type must have segment length
one greater than its resource name. Please see https://aka.ms/arm-template/#resources for usage details.'.
How to create AKS with help of ARM Templates?
One of the most direct methods, navigate to creating AKS page in the portal, fill the attributes, click Download a template for automation, then you will get the template.
You could test the template in the Custom deployment, it will work fine.
Old thread but here is why the AKS Advanced Networking ARM Template is not working for you.
One of the steps in the deployment assigns the SP as a contributor to the newly created AKS subnets so that the SP can work its advanced networking magic.
In order to assign a role in a RG one needs to have Owner permissions on that RG.
I suspect you have provided the incorrectly formatted string in the "name" field of the resource. It should follow the pattern like this- "{resource-name}/Microsoft.Authorization/{role-assign-GUID}"
More on this here- https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template#resource