Merge pull request #1326 from dod-ccpo/cloudzero-k8s

Minimal config for cloudzero dev environment.
2020-01-21 10:42:02 -05:00 · 2020-01-21 10:42:02 -05:00 · 7a86a01da4
commit 7a86a01da4
parent fdd8e3dbba 2ab9790f3e
2 changed files with 29 additions and 7 deletions
--- a/deploy/overlays/cloudzero-dev/flex_vol.yml
+++ b/deploy/overlays/cloudzero-dev/flex_vol.yml
@ -9,13 +9,23 @@ spec:
        - name: nginx-secret
          flexVolume:
            options:
-              keyvaultname: "atat-vault-test"
-              keyvaultobjectnames: "dhparam4096;cert;cert"
+              keyvaultname: "cloudzero-dev-keyvault"
+              # keyvaultobjectnames: "dhparam4096;cert;cert"
+              keyvaultobjectnames: "foo"
+              keyvaultobjectaliases: "FOO"
+              keyvaultobjecttypes: "secret"
+              usevmmanagedidentity: "true"
+              usepodidentity: "false"
        - name: flask-secret
          flexVolume:
            options:
-              keyvaultname: "atat-vault-test"
-              keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
+              keyvaultname: "cloudzero-dev-keyvault"
+              # keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
+              keyvaultobjectnames: "master-PGPASSWORD"
+              keyvaultobjectaliases: "PGPASSWORD"
+              keyvaultobjecttypes: "secret"
+              usevmmanagedidentity: "true"
+              usepodidentity: "false"
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
@ -28,8 +38,10 @@ spec:
        - name: flask-secret
          flexVolume:
            options:
-              keyvaultname: "atat-vault-test"
+              keyvaultname: "cloudzero-dev-keyvault"
              keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
+              usevmmanagedidentity: "true"
+              usepodidentity: "false"
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
@ -42,8 +54,10 @@ spec:
        - name: flask-secret
          flexVolume:
            options:
-              keyvaultname: "atat-vault-test"
+              keyvaultname: "cloudzero-dev-keyvault"
              keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
+              usevmmanagedidentity: "true"
+              usepodidentity: "false"
 ---
 apiVersion: batch/v1beta1
 kind: CronJob
@ -58,5 +72,7 @@ spec:
            - name: flask-secret
              flexVolume:
                options:
-                  keyvaultname: "atat-vault-test"
+                  keyvaultname: "cloudzero-dev-keyvault"
                  keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
+                  usevmmanagedidentity: "true"
+                  usepodidentity: "false"
--- a/deploy/overlays/cloudzero-dev/ports.yml
+++ b/deploy/overlays/cloudzero-dev/ports.yml
@ -3,6 +3,9 @@ apiVersion: v1
 kind: Service
 metadata:
  name: atst-main
+  annotations:
+    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+    service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "cloudzero-dev-public"
 spec:
  loadBalancerIP: ""
  ports:
@ -17,6 +20,9 @@ apiVersion: v1
 kind: Service
 metadata:
  name: atst-auth
+  annotations:
+    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+    service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "cloudzero-dev-public"
 spec:
  loadBalancerIP: ""
  ports: