Azure / missionlz

Azure landing zone for SCCA-compliant organizations.
MIT License
246 stars 140 forks source link

Create example for an end-to-end deployment of MLZ #597

Closed brooke-hamilton closed 8 months ago

brooke-hamilton commented 2 years ago

Benefit/Result/Outcome

To show how to create a scripted, repeatable deployment with multiple workloads and customized settings.

Description

Create an example of an end-to-end scripted deployment that customizes MLZ in ways that we expect customers to deploy real-world workloads.

See #594 for more context.

Acceptance Criteria

glennmusa commented 2 years ago

I fully support documenting the parameters file approach.

It seems like we could point users to what it is, and in what order az deployment reads parameters, and provide a sample of how someone could reuse the same myMlz.parameters.json for deploying multiple templates.

You can use inline parameters and a local parameter file in the same deployment operation. For example, you can specify some values in the local parameter file and add other values inline during deployment. If you provide values for a parameter in both the local parameter file and inline, the inline value takes precedence.

^ from the link you provided

brooke-hamilton commented 2 years ago

I fully support documenting the parameters file approach.

It seems like we could point users to what it is, and in what order az deployment reads parameters, and provide a sample of how someone could reuse the same myMlz.parameters.json for deploying multiple templates.

You can use inline parameters and a local parameter file in the same deployment operation. For example, you can specify some values in the local parameter file and add other values inline during deployment. If you provide values for a parameter in both the local parameter file and inline, the inline value takes precedence.

^ from the link you provided

I added these acceptance criteria based on the comment:

sstjean commented 2 years ago

@brooke-hamilton I like the acceptance criteria. The custom IP ranges and naming are the two most common customizations I've seen.

What is your thinking on workloads? I think an App Service with an App Gateway/WAF in front of the Firewall would be a handy example and would show a fairly complex workload. Thoughts?

brooke-hamilton commented 2 years ago

@sstjean thanks for taking a look at the acceptance criteria. 👍

What is your thinking on workloads? I think an App Service with an App Gateway/WAF in front of the Firewall would be a handy example and would show a fairly complex workload. Thoughts?

@mikedzikowski is working on #293 to configure an App Service Environment that is hosting a web app in a tier 3 with traffic coming in through the firewall.

mikedzikowski commented 2 years ago

Still a bit of work to add, and updates needed on this...but here is my start: https://github.com/mikedzikowski/Tier3. @sstjean

mikedzikowski commented 2 years ago

@sstjean I'd like to go over what I have and get your thoughts if you have time.