initial commit

.github/workflows/deploy.yml

@@ -0,0 +1,27 @@
+name: Azure Deployment 
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: development
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Azure Login
+        uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Deploy Azure Resources
+        run: | 
+          az deployment group create \
+          --resource-group "${{ secrets.RESOURCE_GROUP_NAME }}" \
+          --location "${{ secrets.LOCATION }}" \
+          --template-file ./bicep/main.bicep \
+          # --verbose
+          # --debug

.gitignore

@@ -0,0 +1,2 @@
+# Ignore .json files
+*.json

bicep/main.bicep

@@ -0,0 +1,33 @@
+param location string = 'eastus'
+param hubVnetName string = 'hubVnet'
+param spokeVnetDetails array = [
+  {
+    name: 'spokeVnet1'
+    addressPrefix: '10.1.0.0/16'
+    subnetPrefix1: '10.1.1.0/24'
+    subnetPrefix2: '10.1.2.0/24'
+  }
+  {
+    name: 'spokeVnet2'
+    addressPrefix: '10.2.0.0/16'
+    subnetPrefix1: '10.2.1.0/24'
+    subnetPrefix2: '10.2.2.0/24'
+  }
+  {
+    name: 'spokeVnet3'
+    addressPrefix: '10.3.0.0/16'
+    subnetPrefix1: '10.3.1.0/24'
+    subnetPrefix2: '10.3.2.0/24'
+  }
+]
+
+module network './network.bicep' = {
+  name: 'networkDeployment'
+  params: {
+    location: location
+    hubVnetName: hubVnetName
+    spokeVnetDetails: spokeVnetDetails
+  }
+}
+
+// Outputs can be added as needed

bicep/network.bicep

@@ -0,0 +1,131 @@
+param location string
+param hubVnetName string
+param spokeVnetDetails array
+
+// Generic NSG applicable to all subnets
+resource genericNsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = {
+  name: '${hubVnetName}-nsg'
+  location: location
+  properties: {
+    securityRules: [
+      {
+        name: 'AllowHTTP'
+        properties: {
+          priority: 100
+          direction: 'Inbound'
+          access: 'Allow'
+          protocol: 'Tcp'
+          sourcePortRange: '*'
+          destinationPortRange: '80'
+          sourceAddressPrefix: '*'
+          destinationAddressPrefix: '*'
+        }
+      }
+      {
+        name: 'AllowHTTPS'
+        properties: {
+          priority: 110
+          direction: 'Inbound'
+          access: 'Allow'
+          protocol: 'Tcp'
+          sourcePortRange: '*'
+          destinationPortRange: '443'
+          sourceAddressPrefix: '*'
+          destinationAddressPrefix: '*'
+        }
+      }
+      {
+        name: 'AllowSSH'
+        properties: {
+          priority: 120
+          direction: 'Inbound'
+          access: 'Allow'
+          protocol: 'Tcp'
+          sourcePortRange: '*'
+          destinationPortRange: '22'
+          sourceAddressPrefix: '*'
+          destinationAddressPrefix: '*'
+        }
+      }
+      // Additional rules can be added here
+    ]
+  }
+}
+
+// Hub Virtual Network
+resource hubVnet 'Microsoft.Network/virtualNetworks@2021-02-01' = {
+  name: hubVnetName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: ['10.0.0.0/16']
+    }
+    subnets: [
+      {
+        name: 'Subnet1'
+        properties: {
+          addressPrefix: '10.0.1.0/24'
+          networkSecurityGroup: {
+            id: genericNsg.id
+          }
+        }
+      }
+      {
+        name: 'Subnet2'
+        properties: {
+          addressPrefix: '10.0.2.0/24'
+          networkSecurityGroup: {
+            id: genericNsg.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+// Spoke Virtual Networks
+resource spokeVnets 'Microsoft.Network/virtualNetworks@2021-02-01' = [for (spokeVnetDetail, i) in spokeVnetDetails: {
+  name: spokeVnetDetail.name
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [spokeVnetDetail.addressPrefix]
+    }
+    subnets: [
+      {
+        name: 'Subnet1'
+        properties: {
+          addressPrefix: spokeVnetDetail.subnetPrefix1
+          networkSecurityGroup: {
+            id: genericNsg.id
+          }
+        }
+      }
+      {
+        name: 'Subnet2'
+        properties: {
+          addressPrefix: spokeVnetDetail.subnetPrefix2
+          networkSecurityGroup: {
+            id: genericNsg.id
+          }
+        }
+      }
+    ]
+  }
+}]
+
+// VNet Peering from each Spoke to the Hub
+resource vnetPeerings 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-02-01' = [for (spokeVnetDetail, i) in spokeVnetDetails: {
+  name: '${spokeVnetDetail.name}/peerTo${hubVnetName}'
+  properties: {
+    allowVirtualNetworkAccess: true
+    allowForwardedTraffic: false
+    remoteVirtualNetwork: {
+      id: hubVnet.id
+    }
+  }
+  dependsOn: [
+    spokeVnets[i]
+  ]
+}]
+

readme.md

@@ -0,0 +1,22 @@
+# Virtual Network Peering Deployment
+
+[![Azure Deployment](https://github.com/kennethcarnes/az-700/actions/workflows/deploy.yml/badge.svg)](https://github.com/kennethcarnes/az-700/actions/workflows/deploy.yml)
+
+## Overview
+This project automates deployment for resources using Azure Bicep and GitHub Actions.
+- Virtual Networks: Two VNets (vnet1, vnet2) with subnet and NSG configurations.
+- Virtual Machines: Two VMs in separate subnets for network testing.
+- Modularity: compute.bicep for compute resources, network.bicep for networking.
+
+## Structure
+
+- `.github/workflows/deploy.yml`: CI/CD workflow for deploying resources.
+- `bicep/`: Bicep templates for Azure network resources and VM configuration.
+- `scripts/`: Scripts for setting up Azure and GitHub configurations.
+
+## Setup Instructions
+
+1. Run the `scripts/setupAzure.ps1` script to set up the Azure resource group and service principal.
+2. Add the Azure Credential JSON to Github Secrets.
+3. Run the `scripts/setupGithub.ps1` script to configure other GitHub Secrets.
+4. Push changes to trigger the GitHub Actions workflow for deployment.

scripts/setupAzure.ps1

@@ -0,0 +1,29 @@
+# PowerShell script for initial Azure setup
+
+# Ensuring Azure CLI is installed
+if (-not (Get-Command "az" -ErrorAction SilentlyContinue)) {
+    Write-Error "Azure CLI is not installed. Please install it from https://aka.ms/installazurecliwindows"
+    exit
+}
+
+# Login to Azure
+Write-Host "Logging into Azure..."
+az login --output none
+
+# Input for Subscription ID, Resource Group name, and location
+$subscriptionId = Read-Host "Enter your Azure Subscription ID"
+$resourceGroupName = "devResourceGroup"
+$location = "eastus"
+
+# Set the Azure subscription
+az account set --subscription $subscriptionId
+
+# Create a resource group
+Write-Host "Creating Resource Group: $resourceGroupName in $location..."
+az group create --name $resourceGroupName --location $location --output none
+
+Write-Host "Resource group created successfully."
+
+# Create Azure Service Principal for GitHub Actions
+Write-Host "Creating Azure Service Principal for GitHub Actions..."
+az ad sp create-for-rbac --name "github-actions-sp" --role contributor --scopes /subscriptions/$subscriptionId/resourceGroups/$resourceGroupName

scripts/setupGithub.ps1

@@ -0,0 +1,25 @@
+# PowerShell script to automate GitHub secrets and environment variables setup
+
+# Ensure GitHub CLI is installed
+if (-not (Get-Command "gh" -ErrorAction SilentlyContinue)) {
+    Write-Error "GitHub CLI is not installed. Please install it from https://cli.github.com/"
+    exit
+}
+
+# GitHub repository details
+$repositoryOwner = Read-Host "Enter the GitHub repository owner (username or organization)"
+$repositoryName = Read-Host "Enter the GitHub repository name"
+
+# Environment variable keys
+$envVarKeys = @(
+    "RESOURCE_GROUP_NAME",
+    "LOCATION"
+)
+# Prompt for each environment variable
+foreach ($key in $envVarKeys) {
+    $value = Read-Host "Enter the value for $key"
+    gh secret set $key --body $value --repo "$repositoryOwner/$repositoryName"
+}
+
+
+Write-Host "GitHub repository secrets and environment variables have been set."