Revise subnet configuration for Machine Learning archetype (Azure#254)

16Rookie16 · Apr 20, 2022 · 72fe50d · 72fe50d
1 parent 7083377
commit 72fe50d
Show file tree

Hide file tree

Showing 30 changed files with 7 additions and 678 deletions.
diff --git a/...dingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json b/...dingZones/DevTest/8c6e48a4-4c73-4a1f-9f95-9447804f2c98_machinelearning_canadacentral.json
@@ -143,26 +143,6 @@
           "10.6.0.0/16"
         ],
         "subnets": {
-          "oz": {
-            "comments": "App Management Zone (OZ)",
-            "name": "oz",
-            "addressPrefix": "10.6.1.0/25"
-          },
-          "paz": {
-            "comments": "Presentation Zone (PAZ)",
-            "name": "paz",
-            "addressPrefix": "10.6.2.0/25"
-          },
-          "rz": {
-            "comments": "Application Zone (RZ)",
-            "name": "rz",
-            "addressPrefix": "10.6.3.0/25"
-          },
-          "hrz": {
-            "comments": "Data Zone (HRZ)",
-            "name": "hrz",
-            "addressPrefix": "10.6.4.0/25"
-          },
           "sqlmi": {
             "comments": "SQL Managed Instances Delegated Subnet",
             "name": "sqlmi",

diff --git a/...dingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json b/...dingZones/DevTest/ec6c5689-db04-4f1e-b76d-834a51dd0e27_machinelearning_canadacentral.json
@@ -147,26 +147,6 @@
           "10.1.0.0/16"
         ],
         "subnets": {
-          "oz": {
-            "comments": "App Management Zone (OZ)",
-            "name": "oz",
-            "addressPrefix": "10.1.1.0/25"
-          },
-          "paz": {
-            "comments": "Presentation Zone (PAZ)",
-            "name": "paz",
-            "addressPrefix": "10.1.2.0/25"
-          },
-          "rz": {
-            "comments": "Application Zone (RZ)",
-            "name": "rz",
-            "addressPrefix": "10.1.3.0/25"
-          },
-          "hrz": {
-            "comments": "Data Zone (HRZ)",
-            "name": "hrz",
-            "addressPrefix": "10.1.4.0/25"
-          },
           "sqlmi": {
             "comments": "SQL Managed Instances Delegated Subnet",
             "name": "sqlmi",

diff --git a/...dingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json b/...dingZones/DevTest/f08c3057-1713-4a6f-b7e6-0df355b60c30_machinelearning_canadacentral.json
@@ -147,26 +147,6 @@
           "10.3.0.0/16"
         ],
         "subnets": {
-          "oz": {
-            "comments": "App Management Zone (OZ)",
-            "name": "oz",
-            "addressPrefix": "10.3.1.0/25"
-          },
-          "paz": {
-            "comments": "Presentation Zone (PAZ)",
-            "name": "paz",
-            "addressPrefix": "10.3.2.0/25"
-          },
-          "rz": {
-            "comments": "Application Zone (RZ)",
-            "name": "rz",
-            "addressPrefix": "10.3.3.0/25"
-          },
-          "hrz": {
-            "comments": "Data Zone (HRZ)",
-            "name": "hrz",
-            "addressPrefix": "10.3.4.0/25"
-          },
           "sqlmi": {
             "comments": "SQL Managed Instances Delegated Subnet",
             "name": "sqlmi",

diff --git a/...dingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json b/...dingZones/DevTest/f459218a-e8bb-49c9-b768-ee6828a144aa_machinelearning_canadacentral.json
@@ -148,26 +148,6 @@
           "10.4.0.0/16"
         ],
         "subnets": {
-          "oz": {
-            "comments": "App Management Zone (OZ)",
-            "name": "oz",
-            "addressPrefix": "10.4.1.0/25"
-          },
-          "paz": {
-            "comments": "Presentation Zone (PAZ)",
-            "name": "paz",
-            "addressPrefix": "10.4.2.0/25"
-          },
-          "rz": {
-            "comments": "Application Zone (RZ)",
-            "name": "rz",
-            "addressPrefix": "10.4.3.0/25"
-          },
-          "hrz": {
-            "comments": "Data Zone (HRZ)",
-            "name": "hrz",
-            "addressPrefix": "10.4.4.0/25"
-          },
           "sqlmi": {
             "comments": "SQL Managed Instances Delegated Subnet",
             "name": "sqlmi",

diff --git a/docs/archetypes/machinelearning.md b/docs/archetypes/machinelearning.md
@@ -464,26 +464,6 @@ This example configures:
           "10.4.0.0/16"
         ],
         "subnets": {
-          "oz": {
-            "comments": "App Management Zone (OZ)",
-            "name": "oz",
-            "addressPrefix": "10.4.1.0/25"
-          },
-          "paz": {
-            "comments": "Presentation Zone (PAZ)",
-            "name": "paz",
-            "addressPrefix": "10.4.2.0/25"
-          },
-          "rz": {
-            "comments": "Application Zone (RZ)",
-            "name": "rz",
-            "addressPrefix": "10.4.3.0/25"
-          },
-          "hrz": {
-            "comments": "Data Zone (HRZ)",
-            "name": "hrz",
-            "addressPrefix": "10.4.4.0/25"
-          },
           "sqlmi": {
             "comments": "SQL Managed Instances Delegated Subnet",
             "name": "sqlmi",

diff --git a/landingzones/lz-machinelearning/lz.bicep b/landingzones/lz-machinelearning/lz.bicep
@@ -73,7 +73,7 @@ param aml object
 @description('Hub Network configuration that includes virtualNetworkId, rfc1918IPRange, rfc6598IPRange, egressVirtualApplianceIp, privateDnsManagedByHub flag, privateDnsManagedByHubSubscriptionId and privateDnsManagedByHubResourceGroupName.')
 param hubNetwork object
 
-@description('Network configuration.  Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (oz, paz, rz, hrz, privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService) ')
+@description('Network configuration.  Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService) ')
 param network object
 
 var sqldbPassword = sqldb.enabled && !sqldb.aadAuthenticationOnly  ? '${uniqueString(rgStorage.id)}*${toUpper(uniqueString(sqldb.sqlAuthenticationUsername))}' : ''

diff --git a/landingzones/lz-machinelearning/main.bicep b/landingzones/lz-machinelearning/main.bicep
@@ -89,7 +89,7 @@ param aml object
 param hubNetwork object
 
 // Example (JSON)
-@description('Network configuration.  Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (oz, paz, rz, hrz, privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService) ')
+@description('Network configuration.  Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService) ')
 param network object
 
 // Telemetry - Azure customer usage attribution

diff --git a/landingzones/lz-machinelearning/networking.bicep b/landingzones/lz-machinelearning/networking.bicep
@@ -53,26 +53,6 @@ param hubNetwork object
 //       "10.2.0.0/16"
 //     ],
 //     "subnets": {
-//       "oz": {
-//         "comments": "App Management Zone (OZ)",
-//         "name": "oz",
-//         "addressPrefix": "10.2.1.0/25"
-//       },
-//       "paz": {
-//         "comments": "Presentation Zone (PAZ)",
-//         "name": "paz",
-//         "addressPrefix": "10.2.2.0/25"
-//       },
-//       "rz": {
-//         "comments": "Application Zone (RZ)",
-//         "name": "rz",
-//         "addressPrefix": "10.2.3.0/25"
-//       },
-//       "hrz": {
-//         "comments": "Data Zone (HRZ)",
-//         "name": "hrz",
-//         "addressPrefix": "10.2.4.0/25"
-//       },
 //       "privateEndpoints": {
 //         "comments": "Private Endpoints Subnet",
 //         "name": "privateendpoints",
@@ -120,26 +100,6 @@ param hubNetwork object
 //     '10.2.0.0/16'
 //   ]
 //   subnets: {
-//     oz: {
-//       comments: 'App Management Zone (OZ)'
-//       name: 'oz'
-//       addressPrefix: '10.2.1.0/25'
-//     }
-//     paz: {
-//       comments: 'Presentation Zone (PAZ)'
-//       name: 'paz'
-//       addressPrefix: '10.2.2.0/25'
-//     }
-//     rz: {
-//       comments: 'Application Zone (RZ)'
-//       name: 'rz'
-//       addressPrefix: '10.2.3.0/25'
-//     }
-//     hrz: {
-//       comments: 'Data Zone (HRZ)'
-//       name: 'hrz'
-//       addressPrefix: '10.2.4.0/25'
-//     }
 //     privateEndpoints: {
 //       comments: 'Private Endpoints Subnet'
 //       name: 'privateendpoints'
@@ -172,7 +132,7 @@ param hubNetwork object
 //     }
 //   }
 // }
-@description('Network configuration.  Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (oz, paz, rz, hrz, privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService) ')
+@description('Network configuration.  Includes peerToHubVirtualNetwork flag, useRemoteGateway flag, name, dnsServers, addressPrefixes and subnets (privateEndpoints, sqlmi, databricksPublic, databricksPrivate, aks, appService) ')
 param network object
 
 var hubVnetIdSplit = split(hubNetwork.virtualNetworkId, '/')
@@ -181,7 +141,7 @@ var usingCustomDNSServers = length(network.dnsServers) > 0
 var routesToHub = [
   // Force Routes to Hub IPs (RFC1918 range) via FW despite knowing that route via peering
   {
-    name: 'PrdSpokesUdrHubRFC1918FWRoute'
+    name: 'SpokeUdrHubRFC1918FWRoute'
     properties: {
       addressPrefix: hubNetwork.rfc1918IPRange
       nextHopType: 'VirtualAppliance'
@@ -190,7 +150,7 @@ var routesToHub = [
   }
   // Force Routes to Hub IPs (CGNAT range) via FW despite knowing that route via peering
   {
-    name: 'PrdSpokesUdrHubRFC6598FWRoute'
+    name: 'SpokeUdrHubRFC6598FWRoute'
     properties: {
       addressPrefix: hubNetwork.rfc6598IPRange
       nextHopType: 'VirtualAppliance'
@@ -208,38 +168,6 @@ var routesToHub = [
 ]
 
 // Network Security Groups
-resource nsgOZ 'Microsoft.Network/networkSecurityGroups@2021-02-01' = {
-  name: '${network.subnets.oz.name}Nsg'
-  location: location
-  properties: {
-    securityRules: []
-  }
-}
-
-resource nsgPAZ 'Microsoft.Network/networkSecurityGroups@2021-02-01' = {
-  name: '${network.subnets.paz.name}Nsg'
-  location: location
-  properties: {
-    securityRules: []
-  }
-}
-
-resource nsgRZ 'Microsoft.Network/networkSecurityGroups@2021-02-01' = {
-  name: '${network.subnets.rz.name}Nsg'
-  location: location
-  properties: {
-    securityRules: []
-  }
-}
-
-resource nsgHRZ 'Microsoft.Network/networkSecurityGroups@2021-02-01' = {
-  name: '${network.subnets.hrz.name}Nsg'
-  location: location
-  properties: {
-    securityRules: []
-  }
-}
-
 module nsgDatabricks '../../azresources/network/nsg/nsg-databricks.bicep' = {
   name: 'deploy-nsg-databricks'
   params: {
@@ -265,40 +193,7 @@ module nsgAppService '../../azresources/network/nsg/nsg-empty.bicep' = {
   }
 }
 
-
 // Route Tables
-resource udrOZ 'Microsoft.Network/routeTables@2021-02-01' = {
-  name: '${network.subnets.oz.name}Udr'
-  location: location
-  properties: {
-    routes: network.peerToHubVirtualNetwork ? routesToHub : null
-  }
-}
-
-resource udrPAZ 'Microsoft.Network/routeTables@2021-02-01' = {
-  name: '${network.subnets.paz.name}Udr'
-  location: location
-  properties: {
-    routes: network.peerToHubVirtualNetwork ? routesToHub : null
-  }
-}
-
-resource udrRZ 'Microsoft.Network/routeTables@2021-02-01' = {
-  name: '${network.subnets.rz.name}Udr'
-  location: location
-  properties: {
-    routes: network.peerToHubVirtualNetwork ? routesToHub : null
-  }
-}
-
-resource udrHRZ 'Microsoft.Network/routeTables@2021-02-01' = {
-  name: '${network.subnets.hrz.name}Udr'
-  location: location
-  properties: {
-    routes: network.peerToHubVirtualNetwork ? routesToHub : null
-  }
-}
-
 resource udrAKS 'Microsoft.Network/routeTables@2021-02-01' = {
   name: '${network.subnets.aks.name}Udr'
   location: location
@@ -351,54 +246,6 @@ resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = {
       addressPrefixes: network.addressPrefixes
     }
     subnets: [
-      {
-        name: network.subnets.oz.name
-        properties: {
-          addressPrefix: network.subnets.oz.addressPrefix
-          routeTable: {
-            id: udrOZ.id
-          }
-          networkSecurityGroup: {
-            id: nsgOZ.id
-          }
-        }
-      }
-      {
-        name: network.subnets.paz.name
-        properties: {
-          addressPrefix: network.subnets.paz.addressPrefix
-          routeTable: {
-            id: udrPAZ.id
-          }
-          networkSecurityGroup: {
-            id: nsgPAZ.id
-          }
-        }
-      }
-      {
-        name: network.subnets.rz.name
-        properties: {
-          addressPrefix: network.subnets.rz.addressPrefix
-          routeTable: {
-            id: udrRZ.id
-          }
-          networkSecurityGroup: {
-            id: nsgRZ.id
-          }
-        }
-      }
-      {
-        name: network.subnets.hrz.name
-        properties: {
-          addressPrefix: network.subnets.hrz.addressPrefix
-          routeTable: {
-            id: udrHRZ.id
-          }
-          networkSecurityGroup: {
-            id: nsgHRZ.id
-          }
-        }
-      }
       {
         name: network.subnets.privateEndpoints.name
         properties: {
@@ -701,10 +548,6 @@ module privatezone_aks '../../azresources/network/private-dns-zone.bicep' = {
 
 output vnetId string = vnet.id
 
-output ozSubnetId string = '${vnet.id}/subnets/${network.subnets.oz.name}'
-output pazSubnetId string = '${vnet.id}/subnets/${network.subnets.paz.name}'
-output rzSubnetId string = '${vnet.id}/subnets/${network.subnets.rz.name}'
-output hrzId string = '${vnet.id}/subnets/${network.subnets.hrz.name}'
 output privateEndpointSubnetId string = '${vnet.id}/subnets/${network.subnets.privateEndpoints.name}'
 output sqlMiSubnetId string = '${vnet.id}/subnets/${network.subnets.sqlmi.name}'
 output aksSubnetId string = '${vnet.id}/subnets/${network.subnets.aks.name}'