Introduce TEMPLATE_ID variable for FlexVolume

FlexVolume requires you specify the tenant id of the key vault instance, so this will need to be templated in for future enviroments
This commit is contained in:
tomdds 2019-11-25 14:40:10 -05:00
parent 949ffa294d
commit 9469d1ff1b
3 changed files with 3 additions and 1 deletions

View File

@ -14,6 +14,7 @@ The production configuration (azure.atat.code.mil, currently) is reflected in th
- AUTH_DOMAIN: The host domain for the authentication endpoint for the environment.
- KV_MI_ID: the fully qualified id (path) of the managed identity for the key vault (instructions on retrieving this are down in section on [Setting up FlexVol](#configuring-the-identity)). Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/RESOURCE_GROUP_NAME/providers/Microsoft.ManagedIdentity/userAssignedIdentities/MANAGED_IDENTITY_NAME
- KV_MI_CLIENT_ID: The client id of the managed identity for the key vault. This is a GUID.
- TENANT_ID: The id of the active directory tenant in which the cluster and it's associated users exist. This is a GUID.
We use envsubst to substitute values for these variables. There is a wrapper script (script/k8s_config) that will output the compiled configuration, using a combination of kustomize and envsubst.

View File

@ -149,7 +149,7 @@ spec:
keyvaultobjectnames: "dhparam4096"
keyvaultobjectaliases: "dhparam.pem"
keyvaultobjecttypes: secret
tenantid: "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
tenantid: $TENANT_ID
---
apiVersion: extensions/v1beta1
kind: Deployment

View File

@ -13,6 +13,7 @@ SETTINGS=(
AUTH_DOMAIN
KV_MI_ID
KV_MI_CLIENT_ID
TENANT_ID
)
# Loop all expected settings. Track ones that are missing and build