Introduce TEMPLATE_ID variable for FlexVolume
FlexVolume requires you specify the tenant id of the key vault instance, so this will need to be templated in for future enviroments
This commit is contained in:
parent
949ffa294d
commit
9469d1ff1b
@ -14,6 +14,7 @@ The production configuration (azure.atat.code.mil, currently) is reflected in th
|
||||
- AUTH_DOMAIN: The host domain for the authentication endpoint for the environment.
|
||||
- KV_MI_ID: the fully qualified id (path) of the managed identity for the key vault (instructions on retrieving this are down in section on [Setting up FlexVol](#configuring-the-identity)). Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/RESOURCE_GROUP_NAME/providers/Microsoft.ManagedIdentity/userAssignedIdentities/MANAGED_IDENTITY_NAME
|
||||
- KV_MI_CLIENT_ID: The client id of the managed identity for the key vault. This is a GUID.
|
||||
- TENANT_ID: The id of the active directory tenant in which the cluster and it's associated users exist. This is a GUID.
|
||||
|
||||
We use envsubst to substitute values for these variables. There is a wrapper script (script/k8s_config) that will output the compiled configuration, using a combination of kustomize and envsubst.
|
||||
|
||||
|
@ -149,7 +149,7 @@ spec:
|
||||
keyvaultobjectnames: "dhparam4096"
|
||||
keyvaultobjectaliases: "dhparam.pem"
|
||||
keyvaultobjecttypes: secret
|
||||
tenantid: "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
|
||||
tenantid: $TENANT_ID
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
|
@ -13,6 +13,7 @@ SETTINGS=(
|
||||
AUTH_DOMAIN
|
||||
KV_MI_ID
|
||||
KV_MI_CLIENT_ID
|
||||
TENANT_ID
|
||||
)
|
||||
|
||||
# Loop all expected settings. Track ones that are missing and build
|
||||
|
Loading…
x
Reference in New Issue
Block a user