-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 2c906d5
Showing
7 changed files
with
269 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
name: Azure Deployment | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
environment: development | ||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- name: Azure Login | ||
uses: azure/login@v1 | ||
with: | ||
creds: ${{ secrets.AZURE_CREDENTIALS }} | ||
|
||
- name: Deploy Azure Resources | ||
run: | | ||
az deployment group create \ | ||
--resource-group "${{ secrets.RESOURCE_GROUP_NAME }}" \ | ||
--location "${{ secrets.LOCATION }}" \ | ||
--template-file ./bicep/main.bicep \ | ||
# --verbose | ||
# --debug |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# Ignore .json files | ||
*.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
param location string = 'eastus' | ||
param hubVnetName string = 'hubVnet' | ||
param spokeVnetDetails array = [ | ||
{ | ||
name: 'spokeVnet1' | ||
addressPrefix: '10.1.0.0/16' | ||
subnetPrefix1: '10.1.1.0/24' | ||
subnetPrefix2: '10.1.2.0/24' | ||
} | ||
{ | ||
name: 'spokeVnet2' | ||
addressPrefix: '10.2.0.0/16' | ||
subnetPrefix1: '10.2.1.0/24' | ||
subnetPrefix2: '10.2.2.0/24' | ||
} | ||
{ | ||
name: 'spokeVnet3' | ||
addressPrefix: '10.3.0.0/16' | ||
subnetPrefix1: '10.3.1.0/24' | ||
subnetPrefix2: '10.3.2.0/24' | ||
} | ||
] | ||
|
||
module network './network.bicep' = { | ||
name: 'networkDeployment' | ||
params: { | ||
location: location | ||
hubVnetName: hubVnetName | ||
spokeVnetDetails: spokeVnetDetails | ||
} | ||
} | ||
|
||
// Outputs can be added as needed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
param location string | ||
param hubVnetName string | ||
param spokeVnetDetails array | ||
|
||
// Generic NSG applicable to all subnets | ||
resource genericNsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = { | ||
name: '${hubVnetName}-nsg' | ||
location: location | ||
properties: { | ||
securityRules: [ | ||
{ | ||
name: 'AllowHTTP' | ||
properties: { | ||
priority: 100 | ||
direction: 'Inbound' | ||
access: 'Allow' | ||
protocol: 'Tcp' | ||
sourcePortRange: '*' | ||
destinationPortRange: '80' | ||
sourceAddressPrefix: '*' | ||
destinationAddressPrefix: '*' | ||
} | ||
} | ||
{ | ||
name: 'AllowHTTPS' | ||
properties: { | ||
priority: 110 | ||
direction: 'Inbound' | ||
access: 'Allow' | ||
protocol: 'Tcp' | ||
sourcePortRange: '*' | ||
destinationPortRange: '443' | ||
sourceAddressPrefix: '*' | ||
destinationAddressPrefix: '*' | ||
} | ||
} | ||
{ | ||
name: 'AllowSSH' | ||
properties: { | ||
priority: 120 | ||
direction: 'Inbound' | ||
access: 'Allow' | ||
protocol: 'Tcp' | ||
sourcePortRange: '*' | ||
destinationPortRange: '22' | ||
sourceAddressPrefix: '*' | ||
destinationAddressPrefix: '*' | ||
} | ||
} | ||
// Additional rules can be added here | ||
] | ||
} | ||
} | ||
|
||
// Hub Virtual Network | ||
resource hubVnet 'Microsoft.Network/virtualNetworks@2021-02-01' = { | ||
name: hubVnetName | ||
location: location | ||
properties: { | ||
addressSpace: { | ||
addressPrefixes: ['10.0.0.0/16'] | ||
} | ||
subnets: [ | ||
{ | ||
name: 'Subnet1' | ||
properties: { | ||
addressPrefix: '10.0.1.0/24' | ||
networkSecurityGroup: { | ||
id: genericNsg.id | ||
} | ||
} | ||
} | ||
{ | ||
name: 'Subnet2' | ||
properties: { | ||
addressPrefix: '10.0.2.0/24' | ||
networkSecurityGroup: { | ||
id: genericNsg.id | ||
} | ||
} | ||
} | ||
] | ||
} | ||
} | ||
|
||
// Spoke Virtual Networks | ||
resource spokeVnets 'Microsoft.Network/virtualNetworks@2021-02-01' = [for (spokeVnetDetail, i) in spokeVnetDetails: { | ||
name: spokeVnetDetail.name | ||
location: location | ||
properties: { | ||
addressSpace: { | ||
addressPrefixes: [spokeVnetDetail.addressPrefix] | ||
} | ||
subnets: [ | ||
{ | ||
name: 'Subnet1' | ||
properties: { | ||
addressPrefix: spokeVnetDetail.subnetPrefix1 | ||
networkSecurityGroup: { | ||
id: genericNsg.id | ||
} | ||
} | ||
} | ||
{ | ||
name: 'Subnet2' | ||
properties: { | ||
addressPrefix: spokeVnetDetail.subnetPrefix2 | ||
networkSecurityGroup: { | ||
id: genericNsg.id | ||
} | ||
} | ||
} | ||
] | ||
} | ||
}] | ||
|
||
// VNet Peering from each Spoke to the Hub | ||
resource vnetPeerings 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-02-01' = [for (spokeVnetDetail, i) in spokeVnetDetails: { | ||
name: '${spokeVnetDetail.name}/peerTo${hubVnetName}' | ||
properties: { | ||
allowVirtualNetworkAccess: true | ||
allowForwardedTraffic: false | ||
remoteVirtualNetwork: { | ||
id: hubVnet.id | ||
} | ||
} | ||
dependsOn: [ | ||
spokeVnets[i] | ||
] | ||
}] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Virtual Network Peering Deployment | ||
|
||
[![Azure Deployment](https://github.com/kennethcarnes/az-700/actions/workflows/deploy.yml/badge.svg)](https://github.com/kennethcarnes/az-700/actions/workflows/deploy.yml) | ||
|
||
## Overview | ||
This project automates deployment for resources using Azure Bicep and GitHub Actions. | ||
- Virtual Networks: Two VNets (vnet1, vnet2) with subnet and NSG configurations. | ||
- Virtual Machines: Two VMs in separate subnets for network testing. | ||
- Modularity: compute.bicep for compute resources, network.bicep for networking. | ||
|
||
## Structure | ||
|
||
- `.github/workflows/deploy.yml`: CI/CD workflow for deploying resources. | ||
- `bicep/`: Bicep templates for Azure network resources and VM configuration. | ||
- `scripts/`: Scripts for setting up Azure and GitHub configurations. | ||
|
||
## Setup Instructions | ||
|
||
1. Run the `scripts/setupAzure.ps1` script to set up the Azure resource group and service principal. | ||
2. Add the Azure Credential JSON to Github Secrets. | ||
3. Run the `scripts/setupGithub.ps1` script to configure other GitHub Secrets. | ||
4. Push changes to trigger the GitHub Actions workflow for deployment. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# PowerShell script for initial Azure setup | ||
|
||
# Ensuring Azure CLI is installed | ||
if (-not (Get-Command "az" -ErrorAction SilentlyContinue)) { | ||
Write-Error "Azure CLI is not installed. Please install it from https://aka.ms/installazurecliwindows" | ||
exit | ||
} | ||
|
||
# Login to Azure | ||
Write-Host "Logging into Azure..." | ||
az login --output none | ||
|
||
# Input for Subscription ID, Resource Group name, and location | ||
$subscriptionId = Read-Host "Enter your Azure Subscription ID" | ||
$resourceGroupName = "devResourceGroup" | ||
$location = "eastus" | ||
|
||
# Set the Azure subscription | ||
az account set --subscription $subscriptionId | ||
|
||
# Create a resource group | ||
Write-Host "Creating Resource Group: $resourceGroupName in $location..." | ||
az group create --name $resourceGroupName --location $location --output none | ||
|
||
Write-Host "Resource group created successfully." | ||
|
||
# Create Azure Service Principal for GitHub Actions | ||
Write-Host "Creating Azure Service Principal for GitHub Actions..." | ||
az ad sp create-for-rbac --name "github-actions-sp" --role contributor --scopes /subscriptions/$subscriptionId/resourceGroups/$resourceGroupName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# PowerShell script to automate GitHub secrets and environment variables setup | ||
|
||
# Ensure GitHub CLI is installed | ||
if (-not (Get-Command "gh" -ErrorAction SilentlyContinue)) { | ||
Write-Error "GitHub CLI is not installed. Please install it from https://cli.github.com/" | ||
exit | ||
} | ||
|
||
# GitHub repository details | ||
$repositoryOwner = Read-Host "Enter the GitHub repository owner (username or organization)" | ||
$repositoryName = Read-Host "Enter the GitHub repository name" | ||
|
||
# Environment variable keys | ||
$envVarKeys = @( | ||
"RESOURCE_GROUP_NAME", | ||
"LOCATION" | ||
) | ||
# Prompt for each environment variable | ||
foreach ($key in $envVarKeys) { | ||
$value = Read-Host "Enter the value for $key" | ||
gh secret set $key --body $value --repo "$repositoryOwner/$repositoryName" | ||
} | ||
|
||
|
||
Write-Host "GitHub repository secrets and environment variables have been set." |