Skip to content

feat(VSECPC-12285): Azure | ARM Templates enhancements - mgmt readme #528

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
chkp-natanelm wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat(VSECPC-12285): Azure | ARM Templates enhancements - mgmt readme #528

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
29af9f0
feat(VSECPC-12285): Azure | ARM Templates enhancements
chkp-noamerez Dec 23, 2025
73b78fe
feat(VSECPC-12285): Azure | ARM Templates enhancements - mgmt readme
chkp-noamerez Dec 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 73 additions & 3 deletions azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1361,6 +1361,35 @@
},
"visible": "[steps('network').NSG]"
},
{
"name": "storageAccountDeployMode",
"type": "Microsoft.Common.DropDown",
"label": "Storage Account Deployment Mode",
"toolTip": "Select your preferred Storage Account deployment mode, New to a new Storage Account, Existing to an existing Storage Account, Managed to managed Storage Account, None to deploy without a Storage Account",
"defaultValue": "New",
"constraints": {
"allowedValues": [
{
"label": "New",
"value": "New"
},
{
"label": "Existing",
"value": "Existing"
},
{
"label": "Managed",
"value": "Managed"
},
{
"label": "None",
"value": "None"
}
],
"required": true
},
"visible": true
},
{
"name": "addStorageAccountIpRules",
"type": "Microsoft.Common.OptionsGroup",
Expand All @@ -1378,9 +1407,48 @@
"value": true
}
],
"required": true
"required": "[equals(steps('network').storageAccountDeployMode, 'New')]"
},
"visible": true
"visible": "[equals(steps('network').storageAccountDeployMode, 'New')]"
},
{
"name": "existingStorageAccount",
"type": "Microsoft.Solutions.ResourceSelector",
"label": "Storage Account",
"defaultValue": "null",
"toolTip": "Choose an existing Storage Account",
"resourceType": "Microsoft.Storage/storageAccounts",
"constraints": {
"required": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
},
"visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
},
{
"name": "infoExistingStorageAccount",
"type": "Microsoft.Common.InfoBox",
"visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]",
"options": {
"icon": "Info",
"text": "The Storage Account must allow network access from the Serial Console feature, for more information - <a href='https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/serial-console-linux?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef' target='_blank'>Serial Console Security</a>."
}
},
{
"name": "infoManagedStorageAccount",
"type": "Microsoft.Common.InfoBox",
"visible": "[equals(steps('network').storageAccountDeployMode, 'Managed')]",
"options": {
"icon": "Info",
"text": "Azure will use a managed Storage Account for the deployment, no additional configuration is required."
}
},
{
"name": "warningNoneStorageAccount",
"type": "Microsoft.Common.InfoBox",
"visible": "[equals(steps('network').storageAccountDeployMode, 'None')]",
"options": {
"icon": "Warning",
"text": "Please note that deploying without a Storage Account will not allow you to use the Serial Console feature. For more information - <a href='https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/serial-console-linux?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef' target='_blank'>Azure Serial Console</a>."
}
}
]
},
Expand Down Expand Up @@ -1454,9 +1522,11 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
"storageAccountDeployMode": "[steps('network').storageAccountDeployMode]",
"addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
"existingStorageAccountId": "[steps('network').existingStorageAccount]",
"SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]"
}
}
}
}
32 changes: 25 additions & 7 deletions azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -399,19 +399,39 @@
"type": "string",
"defaultValue": "[concat(parameters('vmName'),'-nsg')]"
},
"storageAccountDeployMode": {
"type": "string",
"defaultValue": "New",
"metadata": {
"description": "Choose the Storage Account mode: 'New' creates a new account, 'Existing' uses one already available, 'Managed' provisions a managed account, and 'None' skips account creation."
},
"allowedValues": [
"New",
"Existing",
"Managed",
"None"
]
},
"addStorageAccountIpRules": {
"type": "bool",
"metadata": {
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": false
},
"storageAccountAdditionalIps": {
"type": "array",
"metadata": {
"description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings."
"description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": []
},
"existingStorageAccountId": {
"type": "string",
"metadata": {
"description": "The ID of the existing Storage Account. Only relevant when 'Storage Account Deploy Mode' is set to 'Existing'."
},
"defaultValue": ""
}
},
"variables": {
Expand Down Expand Up @@ -1568,6 +1588,7 @@
}
},
{
"condition": "[equals(parameters('storageAccountDeployMode'), 'New')]",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2021-06-01",
Expand All @@ -1585,7 +1606,7 @@
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage",
"kind": "StorageV2",
"tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
},
{
Expand Down Expand Up @@ -1676,10 +1697,7 @@
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": "true",
"storageUri": "[reference(variables('storageAccountId'), '2023-01-01').primaryEndpoints.blob]"
}
"bootDiagnostics": "[if(equals(parameters('storageAccountDeployMode'), 'None'), createObject('enabled', false()), if(equals(parameters('storageAccountDeployMode'), 'Managed'), createObject('enabled', true()), createObject('enabled', true(), 'storageUri', if(equals(parameters('storageAccountDeployMode'), 'New'), reference(variables('storageAccountId'), '2023-01-01').primaryEndpoints.blob, reference(parameters('existingStorageAccountId'), '2023-05-01').primaryEndpoints.blob))))]"
}
},
"overprovision": false
Expand Down
80 changes: 75 additions & 5 deletions azure/templates/marketplace-ha/createUiDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -935,7 +935,7 @@
"label": "Availability options",
"defaultValue": "Availability Set",
"toolTip": "Use replicated Cluster VMs in Availability Set or Availability Zones. Note that the load balancers and their IP addresses will be zone redundant in any case.",
"visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth ', concat(' ', location(), ' '))]",
"visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth', concat(' ', location(), ' '))]",
"constraints": {
"allowedValues": [
{
Expand Down Expand Up @@ -1110,7 +1110,7 @@
"name": "floatingIP",
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy the Load Balancers with floating IP",
"defaultValue": "No",
"defaultValue": "Yes",
"toolTip": "Deploy the Load Balancers with floating IP.",
"constraints": {
"allowedValues": [
Expand Down Expand Up @@ -1486,6 +1486,35 @@
},
"visible": "[steps('network').NSG]"
},
{
"name": "storageAccountDeployMode",
"type": "Microsoft.Common.DropDown",
"label": "Storage Account Deployment Mode",
"toolTip": "Select your preferred Storage Account deployment mode, New to a new Storage Account, Existing to an existing Storage Account, Managed to managed Storage Account, None to deploy without a Storage Account",
"defaultValue": "New",
"constraints": {
"allowedValues": [
{
"label": "New",
"value": "New"
},
{
"label": "Existing",
"value": "Existing"
},
{
"label": "Managed",
"value": "Managed"
},
{
"label": "None",
"value": "None"
}
],
"required": true
},
"visible": true
},
{
"name": "addStorageAccountIpRules",
"type": "Microsoft.Common.OptionsGroup",
Expand All @@ -1503,9 +1532,48 @@
"value": true
}
],
"required": true
"required": "[equals(steps('network').storageAccountDeployMode, 'New')]"
},
"visible": true
"visible": "[equals(steps('network').storageAccountDeployMode, 'New')]"
},
{
"name": "existingStorageAccount",
"type": "Microsoft.Solutions.ResourceSelector",
"label": "Storage Account",
"defaultValue": "null",
"toolTip": "Choose an existing Storage Account",
"resourceType": "Microsoft.Storage/storageAccounts",
"constraints": {
"required": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
},
"visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
},
{
"name": "infoExistingStorageAccount",
"type": "Microsoft.Common.InfoBox",
"visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]",
"options": {
"icon": "Info",
"text": "The Storage Account must allow network access from the Serial Console feature, for more information - <a href='https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/serial-console-linux?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef' target='_blank'>Serial Console Security</a>."
}
},
{
"name": "infoManagedStorageAccount",
"type": "Microsoft.Common.InfoBox",
"visible": "[equals(steps('network').storageAccountDeployMode, 'Managed')]",
"options": {
"icon": "Info",
"text": "Azure will use a managed Storage Account for the deployment, no additional configuration is required."
}
},
{
"name": "warningNoneStorageAccount",
"type": "Microsoft.Common.InfoBox",
"visible": "[equals(steps('network').storageAccountDeployMode, 'None')]",
"options": {
"icon": "Warning",
"text": "Please note that deploying without a Storage Account will not allow you to use the Serial Console feature. For more information - <a href='https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/serial-console-linux?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef' target='_blank'>Azure Serial Console</a>."
}
}
]
},
Expand Down Expand Up @@ -1579,7 +1647,9 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
"addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
"storageAccountDeployMode": "[steps('network').storageAccountDeployMode]",
"addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
"existingStorageAccountId": "[steps('network').existingStorageAccount]",
"VipsNumber": "[int(steps('network').Vips_Number)]",
"VipNames": "[concat(steps('network').VIP_Names.VIP2_Name, ',', steps('network').VIP_Names.VIP3_Name, ',', steps('network').VIP_Names.VIP4_Name, ',', steps('network').VIP_Names.VIP5_Name, ',', steps('network').VIP_Names.VIP6_Name, ',', steps('network').VIP_Names.VIP7_Name, ',', steps('network').VIP_Names.VIP8_Name, ',', steps('network').VIP_Names.VIP9_Name, ',', steps('network').VIP_Names.VIP10_Name)]",
"SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]",
Expand Down
Loading